diff --git a/src/Microsoft.AspNet.Authentication/SecurityHelper.cs b/src/Microsoft.AspNet.Authentication/SecurityHelper.cs
deleted file mode 100644
index 312775af19..0000000000
--- a/src/Microsoft.AspNet.Authentication/SecurityHelper.cs
+++ /dev/null
@@ -1,36 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Linq;
-using System.Security.Claims;
-using Microsoft.AspNet.Http;
-using Microsoft.Framework.Internal;
-
-namespace Microsoft.AspNet.Authentication
-{
-    /// <summary>
-    /// Helper code used when implementing authentication middleware
-    /// </summary>
-    public static class SecurityHelper
-    {
-        /// <summary>
-        /// Add all ClaimsIdenities from an additional ClaimPrincipal to the ClaimsPrincipal
-        /// Merges a new claims principal, placing all new identities first, and eliminating
-        /// any empty unauthenticated identities from context.User
-        /// </summary>
-        /// <param name="identity"></param>
-        public static ClaimsPrincipal MergeUserPrincipal([NotNull] ClaimsPrincipal existingPrincipal, [NotNull] ClaimsPrincipal additionalPrincipal)
-        {
-            var newPrincipal = new ClaimsPrincipal();
-            // New principal identities go first
-            newPrincipal.AddIdentities(additionalPrincipal.Identities);
-
-            // Then add any existing non empty or authenticated identities
-            if (existingPrincipal != null)
-            {
-                newPrincipal.AddIdentities(existingPrincipal.Identities.Where(i => i.IsAuthenticated || i.Claims.Count() > 0));
-            }
-            return newPrincipal;
-        }
-    }
-}
diff --git a/src/Microsoft.AspNet.Authentication/project.json b/src/Microsoft.AspNet.Authentication/project.json
index e3321ca9f6..ae75a83ec9 100644
--- a/src/Microsoft.AspNet.Authentication/project.json
+++ b/src/Microsoft.AspNet.Authentication/project.json
@@ -11,6 +11,7 @@
         "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
         "Microsoft.Framework.Logging.Abstractions": "1.0.0-*",
         "Microsoft.Framework.NotNullAttribute.Sources": { "type": "build", "version": "1.0.0-*" },
+        "Microsoft.Framework.SecurityHelper.Sources": { "type": "build", "version": "1.0.0-*" },
         "Microsoft.Framework.OptionsModel": "1.0.0-*",
         "Microsoft.Framework.WebEncoders": "1.0.0-*"
     },
diff --git a/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs b/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
deleted file mode 100644
index 94794e1c84..0000000000
--- a/test/Microsoft.AspNet.Authentication.Test/SecurityHelperTests.cs
+++ /dev/null
@@ -1,107 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Linq;
-using System.Security.Claims;
-using System.Security.Principal;
-using Microsoft.AspNet.Http.Internal;
-using Shouldly;
-using Xunit;
-
-namespace Microsoft.AspNet.Authentication
-{
-    public class SecurityHelperTests
-    {
-        [Fact]
-        public void AddingToAnonymousIdentityDoesNotKeepAnonymousIdentity()
-        {
-            var context = new DefaultHttpContext();
-            context.User.ShouldNotBe(null);
-            context.User.Identity.IsAuthenticated.ShouldBe(false);
-
-            context.User = SecurityHelper.MergeUserPrincipal(context.User, new GenericPrincipal(new GenericIdentity("Test1", "Alpha"), new string[0]));
-
-            context.User.ShouldNotBe(null);
-            context.User.Identity.AuthenticationType.ShouldBe("Alpha");
-            context.User.Identity.Name.ShouldBe("Test1");
-
-            context.User.ShouldBeTypeOf<ClaimsPrincipal>();
-            context.User.Identity.ShouldBeTypeOf<ClaimsIdentity>();
-
-            ((ClaimsPrincipal)context.User).Identities.Count().ShouldBe(1);
-        }
-
-        [Fact]
-        public void AddingExistingIdentityChangesDefaultButPreservesPrior()
-        {
-            var context = new DefaultHttpContext();
-            context.User = new GenericPrincipal(new GenericIdentity("Test1", "Alpha"), null);
-
-            context.User.Identity.AuthenticationType.ShouldBe("Alpha");
-            context.User.Identity.Name.ShouldBe("Test1");
-
-            context.User = SecurityHelper.MergeUserPrincipal(context.User, new GenericPrincipal(new GenericIdentity("Test2", "Beta"), new string[0]));
-
-            context.User.Identity.AuthenticationType.ShouldBe("Beta");
-            context.User.Identity.Name.ShouldBe("Test2");
-
-            context.User = SecurityHelper.MergeUserPrincipal(context.User, new GenericPrincipal(new GenericIdentity("Test3", "Gamma"), new string[0]));
-
-            context.User.Identity.AuthenticationType.ShouldBe("Gamma");
-            context.User.Identity.Name.ShouldBe("Test3");
-
-            var principal = context.User;
-            principal.Identities.Count().ShouldBe(3);
-            principal.Identities.Skip(0).First().Name.ShouldBe("Test3");
-            principal.Identities.Skip(1).First().Name.ShouldBe("Test2");
-            principal.Identities.Skip(2).First().Name.ShouldBe("Test1");
-        }
-
-        [Fact]
-        public void AddingPreservesNewIdentitiesAndDropsEmpty()
-        {
-            var context = new DefaultHttpContext();
-            var existingPrincipal = new ClaimsPrincipal(new ClaimsIdentity());
-            var identityNoAuthTypeWithClaim = new ClaimsIdentity();
-            identityNoAuthTypeWithClaim.AddClaim(new Claim("identityNoAuthTypeWithClaim", "yes"));
-            existingPrincipal.AddIdentity(identityNoAuthTypeWithClaim);
-            var identityEmptyWithAuthType = new ClaimsIdentity("empty");
-            existingPrincipal.AddIdentity(identityEmptyWithAuthType);
-            context.User = existingPrincipal;
-
-            context.User.Identity.IsAuthenticated.ShouldBe(false);
-
-            var newPrincipal = new ClaimsPrincipal();
-            var newEmptyIdentity = new ClaimsIdentity();
-            var identityTwo = new ClaimsIdentity("yep");
-            newPrincipal.AddIdentity(newEmptyIdentity);
-            newPrincipal.AddIdentity(identityTwo);
-
-            context.User = SecurityHelper.MergeUserPrincipal(context.User, newPrincipal);
-
-            // Preserve newPrincipal order
-            context.User.Identity.IsAuthenticated.ShouldBe(false);
-            context.User.Identity.Name.ShouldBe(null);
-
-            var principal = context.User;
-            principal.Identities.Count().ShouldBe(4);
-            principal.Identities.Skip(0).First().ShouldBe(newEmptyIdentity);
-            principal.Identities.Skip(1).First().ShouldBe(identityTwo);
-            principal.Identities.Skip(2).First().ShouldBe(identityNoAuthTypeWithClaim);
-            principal.Identities.Skip(3).First().ShouldBe(identityEmptyWithAuthType);
-
-            // This merge should drop newEmptyIdentity since its empty
-            context.User = SecurityHelper.MergeUserPrincipal(context.User, new GenericPrincipal(new GenericIdentity("Test3", "Gamma"), new string[0]));
-
-            context.User.Identity.AuthenticationType.ShouldBe("Gamma");
-            context.User.Identity.Name.ShouldBe("Test3");
-
-            principal = context.User;
-            principal.Identities.Count().ShouldBe(4);
-            principal.Identities.Skip(0).First().Name.ShouldBe("Test3");
-            principal.Identities.Skip(1).First().ShouldBe(identityTwo);
-            principal.Identities.Skip(2).First().ShouldBe(identityNoAuthTypeWithClaim);
-            principal.Identities.Skip(3).First().ShouldBe(identityEmptyWithAuthType);
-        }
-    }
-}