Split Security into AuthN/AuthZ

AuthenticationType -> Scheme
Move Active/Passive into AutomaticAuthenticationHandler
Security -> Authorization/Authentication assemblies
401-403 logic
Switch from ClaimsIdentity to ClaimsPrincipal

Author: HaoK

samples/CookieSample/Startup.cs

@@ -1,7 +1,7 @@
 using System.Security.Claims;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.Cookies;
+using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.Framework.DependencyInjection;
 
 namespace CookieSample
@@ -23,8 +23,7 @@ public void Configure(IApplicationBuilder app)
             {
                 if (context.User == null || !context.User.Identity.IsAuthenticated)
                 {
-                    context.Response.SignIn(new ClaimsIdentity(new[] { new Claim("name", "bob") }, CookieAuthenticationDefaults.AuthenticationType));                    
-
+                    context.Response.SignIn(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim("name", "bob") })));
                     context.Response.ContentType = "text/plain";
                     await context.Response.WriteAsync("Hello First timer");
                     return;

samples/CookieSample/project.json

@@ -1,6 +1,6 @@
 {
     "dependencies": {
-        "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
         "Microsoft.AspNet.Server.IIS": "1.0.0-*",
         "Kestrel": "1.0.0-*"

samples/CookieSessionSample/MemoryCacheSessionStore.cs

@@ -1,7 +1,7 @@
 using System;
 using System.Threading.Tasks;
-using Microsoft.AspNet.Security;
-using Microsoft.AspNet.Security.Cookies.Infrastructure;
+using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.Authentication.Cookies.Infrastructure;
 using Microsoft.Framework.Cache.Memory;
 
 namespace CookieSessionSample

samples/CookieSessionSample/Startup.cs

@@ -2,7 +2,7 @@
 using System.Security.Claims;
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Security.Cookies;
+using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.Framework.DependencyInjection;
 
 namespace CookieSessionSample
@@ -32,8 +32,7 @@ public void Configure(IApplicationBuilder app)
                     {
                         claims.Add(new Claim(ClaimTypes.Role, "SomeRandomGroup" + i, ClaimValueTypes.String, "IssuedByBob", "OriginalIssuerJoe"));
                     }
-                    context.Response.SignIn(new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationType));                    
-
+                    context.Response.SignIn(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(new ClaimsIdentity(claims)));
                     context.Response.ContentType = "text/plain";
                     await context.Response.WriteAsync("Hello First timer");
                     return;

samples/CookieSessionSample/project.json

@@ -1,6 +1,6 @@
 {
     "dependencies": {
-        "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
         "Microsoft.Framework.Cache.Memory": "1.0.0-*",
         "Kestrel": "1.0.0-*",

samples/OpenIdConnectSample/Startup.cs

@@ -1,9 +1,9 @@
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security;
-using Microsoft.AspNet.Security.Cookies;
-using Microsoft.AspNet.Security.OpenIdConnect;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.Authentication.Cookies;
+using Microsoft.AspNet.Authentication.OpenIdConnect;
 using Microsoft.Framework.DependencyInjection;
 
 namespace OpenIdConnectSample
@@ -17,7 +17,7 @@ public void Configure(IApplicationBuilder app)
                 services.AddDataProtection();
                 services.Configure<ExternalAuthenticationOptions>(options =>
                 {
-                    options.SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType;
+                    options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 });
 
             });
@@ -37,7 +37,7 @@ public void Configure(IApplicationBuilder app)
             {
                 if (context.User == null || !context.User.Identity.IsAuthenticated)
                 {
-                    context.Response.Challenge(new AuthenticationProperties { RedirectUri = "/" }, OpenIdConnectAuthenticationDefaults.AuthenticationType);
+                    context.Response.Challenge(new AuthenticationProperties { RedirectUri = "/" }, OpenIdConnectAuthenticationDefaults.AuthenticationScheme);
 
                     context.Response.ContentType = "text/plain";
                     await context.Response.WriteAsync("Hello First timer");

samples/OpenIdConnectSample/project.json

@@ -1,9 +1,9 @@
 {
     "dependencies": {
         "Kestrel": "1.0.0-*",
-        "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
         "Microsoft.AspNet.Server.IIS": "1.0.0-*",
-        "Microsoft.AspNet.Security.OpenIdConnect": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*"
     },
     "frameworks": {

samples/SocialSample/Startup.cs

@@ -4,12 +4,12 @@
 using Microsoft.AspNet.Builder;
 using Microsoft.AspNet.DataProtection;
 using Microsoft.AspNet.Http;
-using Microsoft.AspNet.Http.Security;
-using Microsoft.AspNet.Security;
-using Microsoft.AspNet.Security.Cookies;
-using Microsoft.AspNet.Security.Google;
-using Microsoft.AspNet.Security.MicrosoftAccount;
-using Microsoft.AspNet.Security.OAuth;
+using Microsoft.AspNet.Http.Authentication;
+using Microsoft.AspNet.Authentication;
+using Microsoft.AspNet.Authentication.Cookies;
+using Microsoft.AspNet.Authentication.Google;
+using Microsoft.AspNet.Authentication.MicrosoftAccount;
+using Microsoft.AspNet.Authentication.OAuth;
 using Microsoft.Framework.DependencyInjection;
 using Newtonsoft.Json.Linq;
 
@@ -26,7 +26,7 @@ public void Configure(IApplicationBuilder app)
                 services.AddDataProtection();
                 services.Configure<ExternalAuthenticationOptions>(options =>
                 {
-                    options.SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType;
+                    options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 });
             });
 
@@ -121,6 +121,7 @@ k web
                 options.AuthorizationEndpoint = "https://github.com/login/oauth/authorize";
                 options.TokenEndpoint = "https://github.com/login/oauth/access_token";
                 options.UserInformationEndpoint = "https://api.github.com/user";
+                options.ClaimsIssuer = "OAuth2-Github";
                 // Retrieving user information is unique to each provider.
                 options.Notifications = new OAuthAuthenticationNotifications()
                 {
@@ -136,33 +137,33 @@ k web
                         JObject user = JObject.Parse(text);
 
                         var identity = new ClaimsIdentity(
-                            context.Options.AuthenticationType,
+                            context.Options.AuthenticationScheme,
                             ClaimsIdentity.DefaultNameClaimType,
                             ClaimsIdentity.DefaultRoleClaimType);
 
                         JToken value;
                         var id = user.TryGetValue("id", out value) ? value.ToString() : null;
                         if (!string.IsNullOrEmpty(id))
                         {
-                            identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, id, ClaimValueTypes.String, context.Options.AuthenticationType));
+                            identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, id, ClaimValueTypes.String, context.Options.ClaimsIssuer));
                         }
                         var userName = user.TryGetValue("login", out value) ? value.ToString() : null;
                         if (!string.IsNullOrEmpty(userName))
                         {
-                            identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, userName, ClaimValueTypes.String, context.Options.AuthenticationType));
+                            identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, userName, ClaimValueTypes.String, context.Options.ClaimsIssuer));
                         }
                         var name = user.TryGetValue("name", out value) ? value.ToString() : null;
                         if (!string.IsNullOrEmpty(name))
                         {
-                            identity.AddClaim(new Claim("urn:github:name", name, ClaimValueTypes.String, context.Options.AuthenticationType));
+                            identity.AddClaim(new Claim("urn:github:name", name, ClaimValueTypes.String, context.Options.ClaimsIssuer));
                         }
                         var link = user.TryGetValue("url", out value) ? value.ToString() : null;
                         if (!string.IsNullOrEmpty(link))
                         {
-                            identity.AddClaim(new Claim("urn:github:url", link, ClaimValueTypes.String, context.Options.AuthenticationType));
+                            identity.AddClaim(new Claim("urn:github:url", link, ClaimValueTypes.String, context.Options.ClaimsIssuer));
                         }
 
-                        context.Identity = identity;
+                        context.Principal = new ClaimsPrincipal(identity);
                     },
                 };
             });
@@ -172,7 +173,7 @@ k web
             {
                 signoutApp.Run(async context =>
                 {
-                    string authType = context.Request.Query["authtype"];
+                    string authType = context.Request.Query["authscheme"];
                     if (!string.IsNullOrEmpty(authType))
                     {
                         // By default the client will be redirect back to the URL that issued the challenge (/login?authtype=foo),
@@ -183,10 +184,10 @@ k web
 
                     context.Response.ContentType = "text/html";
                     await context.Response.WriteAsync("<html><body>");
-                    await context.Response.WriteAsync("Choose an authentication type: <br>");
-                    foreach (var type in context.GetAuthenticationTypes())
+                    await context.Response.WriteAsync("Choose an authentication scheme: <br>");
+                    foreach (var type in context.GetAuthenticationSchemes())
                     {
-                        await context.Response.WriteAsync("<a href=\"?authtype=" + type.AuthenticationType + "\">" + (type.Caption ?? "(suppressed)") + "</a><br>");
+                        await context.Response.WriteAsync("<a href=\"?authscheme=" + type.AuthenticationScheme + "\">" + (type.Caption ?? "(suppressed)") + "</a><br>");
                     }
                     await context.Response.WriteAsync("</body></html>");
                 });
@@ -197,7 +198,7 @@ k web
             {
                 signoutApp.Run(async context =>
                 {
-                    context.Response.SignOut(CookieAuthenticationDefaults.AuthenticationType);
+                    context.Response.SignOut(CookieAuthenticationDefaults.AuthenticationScheme);
                     context.Response.ContentType = "text/html";
                     await context.Response.WriteAsync("<html><body>");
                     await context.Response.WriteAsync("You have been logged out. Goodbye " + context.User.Identity.Name + "<br>");

samples/SocialSample/project.json

@@ -1,11 +1,11 @@
 {
     "dependencies": {
         "Microsoft.AspNet.Diagnostics": "1.0.0-*",
-        "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
-        "Microsoft.AspNet.Security.Facebook": "1.0.0-*",
-        "Microsoft.AspNet.Security.Google": "1.0.0-*",
-        "Microsoft.AspNet.Security.MicrosoftAccount": "1.0.0-*",
-        "Microsoft.AspNet.Security.Twitter": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.Cookies": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.Facebook": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.Google": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.MicrosoftAccount": "1.0.0-*",
+        "Microsoft.AspNet.Authentication.Twitter": "1.0.0-*",
         "Microsoft.AspNet.Server.IIS": "1.0.0-*",
         "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
         "Kestrel": "1.0.0-*"

src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationDefaults.cs renamed to src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationDefaults.cs

@@ -1,21 +1,20 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNet.Http;
 
-namespace Microsoft.AspNet.Security.Cookies
+namespace Microsoft.AspNet.Authentication.Cookies
 {
     /// <summary>
     /// Default values related to cookie-based authentication middleware
     /// </summary>
     public static class CookieAuthenticationDefaults
     {
         /// <summary>
-        /// The default value used for CookieAuthenticationOptions.AuthenticationType
+        /// The default value used for CookieAuthenticationOptions.AuthenticationScheme
         /// </summary>
-        public const string AuthenticationType = "Cookies";
+        public const string AuthenticationScheme = "Cookies";
 
         /// <summary>
         /// The prefix used to provide a default CookieAuthenticationOptions.CookieName

src/Microsoft.AspNet.Security.Cookies/CookieAuthenticationExtensions.cs renamed to src/Microsoft.AspNet.Authentication.Cookies/CookieAuthenticationExtensions.cs

@@ -1,10 +1,10 @@
 // Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using Microsoft.AspNet.Security.Cookies;
+using System;
+using Microsoft.AspNet.Authentication.Cookies;
 using Microsoft.Framework.DependencyInjection;
 using Microsoft.Framework.OptionsModel;
-using System;
 
 namespace Microsoft.AspNet.Builder
 {