diff --git a/src/Security/Authentication/Cookies/src/PostConfigureCookieAuthenticationOptions.cs b/src/Security/Authentication/Cookies/src/PostConfigureCookieAuthenticationOptions.cs index 588109880005..4892287fb790 100644 --- a/src/Security/Authentication/Cookies/src/PostConfigureCookieAuthenticationOptions.cs +++ b/src/Security/Authentication/Cookies/src/PostConfigureCookieAuthenticationOptions.cs @@ -30,7 +30,7 @@ public void PostConfigure(string name, CookieAuthenticationOptions options) if (string.IsNullOrEmpty(options.Cookie.Name)) { - options.Cookie.Name = CookieAuthenticationDefaults.CookiePrefix + name; + options.Cookie.Name = CookieAuthenticationDefaults.CookiePrefix + Uri.EscapeDataString(name); } if (options.TicketDataFormat == null) { diff --git a/src/Security/Authentication/Core/src/RemoteAuthenticationHandler.cs b/src/Security/Authentication/Core/src/RemoteAuthenticationHandler.cs index ed5e379d6617..7d56d3d5800a 100644 --- a/src/Security/Authentication/Core/src/RemoteAuthenticationHandler.cs +++ b/src/Security/Authentication/Core/src/RemoteAuthenticationHandler.cs @@ -200,7 +200,7 @@ protected virtual void GenerateCorrelationId(AuthenticationProperties properties properties.Items[CorrelationProperty] = correlationId; - var cookieName = Options.CorrelationCookie.Name + Scheme.Name + "." + correlationId; + var cookieName = Options.CorrelationCookie.Name + correlationId; Response.Cookies.Append(cookieName, CorrelationMarker, cookieOptions); } @@ -220,7 +220,7 @@ protected virtual bool ValidateCorrelationId(AuthenticationProperties properties properties.Items.Remove(CorrelationProperty); - var cookieName = Options.CorrelationCookie.Name + Scheme.Name + "." + correlationId; + var cookieName = Options.CorrelationCookie.Name + correlationId; var correlationCookie = Request.Cookies[cookieName]; if (string.IsNullOrEmpty(correlationCookie)) diff --git a/src/Security/Authentication/test/CookieTests.cs b/src/Security/Authentication/test/CookieTests.cs index 56bea6c65a05..41d70c1be658 100644 --- a/src/Security/Authentication/test/CookieTests.cs +++ b/src/Security/Authentication/test/CookieTests.cs @@ -151,6 +151,38 @@ public async Task SignInCausesDefaultCookieToBeCreated() Assert.Equal("no-cache", transaction.Response.Headers.Pragma.ToString()); } + [Fact] + public async Task CustomAuthSchemeEncodesCookieName() + { + var schemeName = "With spaces and 界"; + using var host = await CreateHostWithServices(s => s.AddAuthentication(schemeName).AddCookie(schemeName, o => + { + o.LoginPath = new PathString("/login"); + }), context => + { + var user = new ClaimsIdentity(new GenericIdentity("Alice", "Cookies")); + user.AddClaim(new Claim("marker", "true")); + return context.SignInAsync(schemeName, + new ClaimsPrincipal(user), + new AuthenticationProperties()); + }); + + using var server = host.GetTestServer(); + var transaction = await SendAsync(server, "http://example.com/testpath"); + + var setCookie = transaction.SetCookie; + Assert.StartsWith(".AspNetCore.With%20spaces%20and%20%E7%95%8C=", setCookie); + Assert.Contains("; path=/", setCookie); + Assert.Contains("; httponly", setCookie); + Assert.Contains("; samesite=", setCookie); + Assert.DoesNotContain("; expires=", setCookie); + Assert.DoesNotContain("; domain=", setCookie); + Assert.DoesNotContain("; secure", setCookie); + Assert.True(transaction.Response.Headers.CacheControl.NoCache); + Assert.True(transaction.Response.Headers.CacheControl.NoStore); + Assert.Equal("no-cache", transaction.Response.Headers.Pragma.ToString()); + } + [Fact] public void SettingCookieExpirationOptionThrows() { diff --git a/src/Security/Authentication/test/FacebookTests.cs b/src/Security/Authentication/test/FacebookTests.cs index 2d1a849aa3de..6ca835dff182 100644 --- a/src/Security/Authentication/test/FacebookTests.cs +++ b/src/Security/Authentication/test/FacebookTests.cs @@ -363,7 +363,7 @@ public async Task CustomUserInfoEndpointHasValidGraphQuery() using var server = host.GetTestServer(); var transaction = await server.SendAsync( "https://example.com/signin-facebook?code=TestCode&state=" + UrlEncoder.Default.Encode(state), - $".AspNetCore.Correlation.Facebook.{correlationValue}=N"); + $".AspNetCore.Correlation.{correlationValue}=N"); Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode); Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First()); Assert.Equal(1, finalUserInfoEndpoint.Count(c => c == '?')); diff --git a/src/Security/Authentication/test/GoogleTests.cs b/src/Security/Authentication/test/GoogleTests.cs index c53181047b75..c10a3c1583d3 100644 --- a/src/Security/Authentication/test/GoogleTests.cs +++ b/src/Security/Authentication/test/GoogleTests.cs @@ -133,7 +133,7 @@ public async Task ChallengeWillSetCorrelationCookie() }); using var server = host.GetTestServer(); var transaction = await server.SendAsync("https://example.com/challenge"); - Assert.Contains(transaction.SetCookie, cookie => cookie.StartsWith(".AspNetCore.Correlation.Google.")); + Assert.Contains(transaction.SetCookie, cookie => cookie.StartsWith(".AspNetCore.Correlation.")); } [Fact] @@ -392,7 +392,7 @@ public async Task ReplyPathWithAccessDeniedErrorFails(bool redirect) }); using var server = host.GetTestServer(); var sendTask = server.SendAsync("https://example.com/signin-google?error=access_denied&error_description=SoBad&error_uri=foobar&state=protected_state", - ".AspNetCore.Correlation.Google.correlationId=N"); + ".AspNetCore.Correlation.correlationId=N"); if (redirect) { var transaction = await sendTask; @@ -431,7 +431,7 @@ public async Task ReplyPathWithAccessDeniedError_AllowsCustomizingPath() }); using var server = host.GetTestServer(); var transaction = await server.SendAsync("https://example.com/signin-google?error=access_denied&error_description=SoBad&error_uri=foobar&state=protected_state", - ".AspNetCore.Correlation.Google.correlationId=N"); + ".AspNetCore.Correlation.correlationId=N"); Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode); Assert.Equal("https://example.com/custom-denied-page?rurl=http%3A%2F%2Fwww.google.com%2F", transaction.Response.Headers.GetValues("Location").First()); } @@ -474,7 +474,7 @@ public async Task ReplyPathWithAccessDeniedErrorAndNoAccessDeniedPath_FallsBackT }); using var server = host.GetTestServer(); var transaction = await server.SendAsync("https://example.com/signin-google?error=access_denied&error_description=whyitfailed&error_uri=https://example.com/fail&state=protected_state", - ".AspNetCore.Correlation.Google.correlationId=N"); + ".AspNetCore.Correlation.correlationId=N"); Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode); Assert.StartsWith("/error?FailureMessage=", transaction.Response.Headers.GetValues("Location").First()); Assert.True(accessDeniedCalled); @@ -510,7 +510,7 @@ public async Task ReplyPathWithErrorFails(bool redirect) }); using var server = host.GetTestServer(); var sendTask = server.SendAsync("https://example.com/signin-google?error=itfailed&error_description=whyitfailed&error_uri=https://example.com/fail&state=protected_state", - ".AspNetCore.Correlation.Google.correlationId=N"); + ".AspNetCore.Correlation.correlationId=N"); if (redirect) { var transaction = await sendTask; @@ -552,11 +552,11 @@ public async Task ReplyPathWillAuthenticateValidAuthorizeCodeAndState(string cla using var server = host.GetTestServer(); var transaction = await server.SendAsync( "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state), - $".AspNetCore.Correlation.Google.{correlationValue}=N"); + $".AspNetCore.Correlation.{correlationValue}=N"); Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode); Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First()); Assert.Equal(2, transaction.SetCookie.Count); - Assert.Contains($".AspNetCore.Correlation.Google.{correlationValue}", transaction.SetCookie[0]); + Assert.Contains($".AspNetCore.Correlation.{correlationValue}", transaction.SetCookie[0]); Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]); var authCookie = transaction.AuthenticationCookieValue; @@ -619,7 +619,7 @@ public async Task ReplyPathWillThrowIfCodeIsInvalid(bool redirect) using var server = host.GetTestServer(); var sendTask = server.SendAsync( "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state), - $".AspNetCore.Correlation.Google.{correlationValue}=N"); + $".AspNetCore.Correlation.{correlationValue}=N"); if (redirect) { var transaction = await sendTask; @@ -671,7 +671,7 @@ public async Task ReplyPathWillRejectIfAccessTokenIsMissing(bool redirect) using var server = host.GetTestServer(); var sendTask = server.SendAsync( "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state), - $".AspNetCore.Correlation.Google.{correlationValue}=N"); + $".AspNetCore.Correlation.{correlationValue}=N"); if (redirect) { var transaction = await sendTask; @@ -715,11 +715,11 @@ public async Task AuthenticatedEventCanGetRefreshToken() using var server = host.GetTestServer(); var transaction = await server.SendAsync( "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state), - $".AspNetCore.Correlation.Google.{correlationValue}=N"); + $".AspNetCore.Correlation.{correlationValue}=N"); Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode); Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First()); Assert.Equal(2, transaction.SetCookie.Count); - Assert.Contains($".AspNetCore.Correlation.Google.{correlationValue}", transaction.SetCookie[0]); + Assert.Contains($".AspNetCore.Correlation.{correlationValue}", transaction.SetCookie[0]); Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]); var authCookie = transaction.AuthenticationCookieValue; @@ -755,11 +755,11 @@ public async Task NullRedirectUriWillRedirectToSlash() using var server = host.GetTestServer(); var transaction = await server.SendAsync( "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state), - $".AspNetCore.Correlation.Google.{correlationValue}=N"); + $".AspNetCore.Correlation.{correlationValue}=N"); Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode); Assert.Equal("/", transaction.Response.Headers.GetValues("Location").First()); Assert.Equal(2, transaction.SetCookie.Count); - Assert.Contains($".AspNetCore.Correlation.Google.{correlationValue}", transaction.SetCookie[0]); + Assert.Contains($".AspNetCore.Correlation.{correlationValue}", transaction.SetCookie[0]); Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]); } @@ -802,7 +802,7 @@ public async Task ValidateAuthenticatedContext() using var server = host.GetTestServer(); var transaction = await server.SendAsync( "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state), - $".AspNetCore.Correlation.Google.{correlationValue}=N"); + $".AspNetCore.Correlation.{correlationValue}=N"); Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode); Assert.Equal("/foo", transaction.Response.Headers.GetValues("Location").First()); @@ -876,11 +876,11 @@ public async Task AuthenticateAutomaticWhenAlreadySignedInSucceeds() using var server = host.GetTestServer(); var transaction = await server.SendAsync( "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state), - $".AspNetCore.Correlation.Google.{correlationValue}=N"); + $".AspNetCore.Correlation.{correlationValue}=N"); Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode); Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First()); Assert.Equal(2, transaction.SetCookie.Count); - Assert.Contains($".AspNetCore.Correlation.Google.{correlationValue}", transaction.SetCookie[0]); // Delete + Assert.Contains($".AspNetCore.Correlation.{correlationValue}", transaction.SetCookie[0]); // Delete Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]); var authCookie = transaction.AuthenticationCookieValue; @@ -920,11 +920,11 @@ public async Task AuthenticateGoogleWhenAlreadySignedInSucceeds() using var server = host.GetTestServer(); var transaction = await server.SendAsync( "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state), - $".AspNetCore.Correlation.Google.{correlationValue}=N"); + $".AspNetCore.Correlation.{correlationValue}=N"); Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode); Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First()); Assert.Equal(2, transaction.SetCookie.Count); - Assert.Contains($".AspNetCore.Correlation.Google.{correlationValue}", transaction.SetCookie[0]); // Delete + Assert.Contains($".AspNetCore.Correlation.{correlationValue}", transaction.SetCookie[0]); // Delete Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]); var authCookie = transaction.AuthenticationCookieValue; @@ -964,11 +964,11 @@ public async Task AuthenticateFacebookWhenAlreadySignedWithGoogleReturnsNull() using var server = host.GetTestServer(); var transaction = await server.SendAsync( "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state), - $".AspNetCore.Correlation.Google.{correlationValue}=N"); + $".AspNetCore.Correlation.{correlationValue}=N"); Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode); Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First()); Assert.Equal(2, transaction.SetCookie.Count); - Assert.Contains($".AspNetCore.Correlation.Google.{correlationValue}", transaction.SetCookie[0]); // Delete + Assert.Contains($".AspNetCore.Correlation.{correlationValue}", transaction.SetCookie[0]); // Delete Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]); var authCookie = transaction.AuthenticationCookieValue; @@ -1001,11 +1001,11 @@ public async Task ChallengeFacebookWhenAlreadySignedWithGoogleSucceeds() using var server = host.GetTestServer(); var transaction = await server.SendAsync( "https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state), - $".AspNetCore.Correlation.Google.{correlationValue}=N"); + $".AspNetCore.Correlation.{correlationValue}=N"); Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode); Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First()); Assert.Equal(2, transaction.SetCookie.Count); - Assert.Contains($".AspNetCore.Correlation.Google.{correlationValue}", transaction.SetCookie[0]); // Delete + Assert.Contains($".AspNetCore.Correlation.{correlationValue}", transaction.SetCookie[0]); // Delete Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]); var authCookie = transaction.AuthenticationCookieValue; diff --git a/src/Security/Authentication/test/MicrosoftAccountTests.cs b/src/Security/Authentication/test/MicrosoftAccountTests.cs index 8797357b461a..3cafef86de5e 100644 --- a/src/Security/Authentication/test/MicrosoftAccountTests.cs +++ b/src/Security/Authentication/test/MicrosoftAccountTests.cs @@ -242,11 +242,11 @@ public async Task AuthenticatedEventCanGetRefreshToken() using var server = host.GetTestServer(); var transaction = await server.SendAsync( "https://example.com/signin-microsoft?code=TestCode&state=" + UrlEncoder.Default.Encode(state), - $".AspNetCore.Correlation.Microsoft.{correlationValue}=N"); + $".AspNetCore.Correlation.{correlationValue}=N"); Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode); Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First()); Assert.Equal(2, transaction.SetCookie.Count); - Assert.Contains($".AspNetCore.Correlation.Microsoft.{correlationValue}", transaction.SetCookie[0]); + Assert.Contains($".AspNetCore.Correlation.{correlationValue}", transaction.SetCookie[0]); Assert.Contains(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]); var authCookie = transaction.AuthenticationCookieValue; @@ -351,7 +351,7 @@ public async Task PkceSentToTokenEndpoint() Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode); Assert.Equal("/me", transaction.Response.Headers.GetValues("Location").First()); Assert.Equal(2, transaction.SetCookie.Count); - Assert.StartsWith(".AspNetCore.Correlation.Microsoft.", transaction.SetCookie[0]); + Assert.StartsWith(".AspNetCore.Correlation.", transaction.SetCookie[0]); Assert.StartsWith(".AspNetCore." + TestExtensions.CookieAuthenticationScheme, transaction.SetCookie[1]); } diff --git a/src/Security/Authentication/test/OAuthTests.cs b/src/Security/Authentication/test/OAuthTests.cs index 5b3ab2eef952..c52fd671f29f 100644 --- a/src/Security/Authentication/test/OAuthTests.cs +++ b/src/Security/Authentication/test/OAuthTests.cs @@ -283,7 +283,7 @@ public async Task HandleRequestAsync_RedirectsToAccessDeniedPathWhenExplicitlySe using var server = host.GetTestServer(); var transaction = await server.SendAsync("https://www.example.com/oauth-callback?error=access_denied&state=protected_state", - ".AspNetCore.Correlation.Weblie.correlationId=N"); + ".AspNetCore.Correlation.correlationId=N"); Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode); Assert.Equal("https://www.example.com/access-denied?ReturnUrl=http%3A%2F%2Ftesthost%2Fredirect", transaction.Response.Headers.Location.ToString()); @@ -318,7 +318,7 @@ public async Task HandleRequestAsync_InvokesAccessDeniedEvent() using var server = host.GetTestServer(); var transaction = await server.SendAsync("https://www.example.com/oauth-callback?error=access_denied&state=protected_state", - ".AspNetCore.Correlation.Weblie.correlationId=N"); + ".AspNetCore.Correlation.correlationId=N"); Assert.Equal(HttpStatusCode.NotAcceptable, transaction.Response.StatusCode); Assert.Null(transaction.Response.Headers.Location); @@ -354,7 +354,7 @@ public async Task HandleRequestAsync_InvokesRemoteFailureEventWhenAccessDeniedPa using var server = host.GetTestServer(); var transaction = await server.SendAsync("https://www.example.com/oauth-callback?error=access_denied&state=protected_state", - ".AspNetCore.Correlation.Weblie.correlationId=N"); + ".AspNetCore.Correlation.correlationId=N"); Assert.Equal(HttpStatusCode.NotAcceptable, transaction.Response.StatusCode); Assert.Null(transaction.Response.Headers.Location); @@ -390,7 +390,7 @@ public async Task RemoteAuthenticationFailed_OAuthError_IncludesProperties() using var server = host.GetTestServer(); var transaction = await server.SendAsync("https://www.example.com/oauth-callback?error=custom_error&state=protected_state", - ".AspNetCore.Correlation.Weblie.correlationId=N"); + ".AspNetCore.Correlation.correlationId=N"); Assert.Equal(HttpStatusCode.NotAcceptable, transaction.Response.StatusCode); Assert.Null(transaction.Response.Headers.Location); diff --git a/src/Security/Authentication/test/OpenIdConnect/OpenIdConnectAuthenticateTests.cs b/src/Security/Authentication/test/OpenIdConnect/OpenIdConnectAuthenticateTests.cs index 8502b0670a65..29003637c4ea 100644 --- a/src/Security/Authentication/test/OpenIdConnect/OpenIdConnectAuthenticateTests.cs +++ b/src/Security/Authentication/test/OpenIdConnect/OpenIdConnectAuthenticateTests.cs @@ -100,7 +100,7 @@ public async Task ErrorResponseWithDetails() var transaction = await server.SendAsync( "https://example.com/signin-oidc?error=itfailed&error_description=whyitfailed&error_uri=https://example.com/fail&state=protected_state", - ".AspNetCore.Correlation.OpenIdConnect.correlationId=N"); + ".AspNetCore.Correlation.correlationId=N"); Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode); Assert.StartsWith("/error?FailureMessage=", transaction.Response.Headers.GetValues("Location").First()); } diff --git a/src/Security/Authentication/test/OpenIdConnect/OpenIdConnectEventTests.cs b/src/Security/Authentication/test/OpenIdConnect/OpenIdConnectEventTests.cs index 691bd9f7301a..97b25e1d96a0 100644 --- a/src/Security/Authentication/test/OpenIdConnect/OpenIdConnectEventTests.cs +++ b/src/Security/Authentication/test/OpenIdConnect/OpenIdConnectEventTests.cs @@ -1309,7 +1309,7 @@ private TestServer CreateServer(OpenIdConnectEvents events, RequestDelegate appC private Task PostAsync(TestServer server, string path, string form) { var client = server.CreateClient(); - var cookie = ".AspNetCore.Correlation." + OpenIdConnectDefaults.AuthenticationScheme + ".correlationId=N"; + var cookie = ".AspNetCore.Correlation.correlationId=N"; client.DefaultRequestHeaders.Add("Cookie", cookie); return client.PostAsync("signin-oidc", new StringContent(form, Encoding.ASCII, "application/x-www-form-urlencoded")); diff --git a/src/Security/Security.slnf b/src/Security/Security.slnf index d4e826e25f71..7b6afc73191a 100644 --- a/src/Security/Security.slnf +++ b/src/Security/Security.slnf @@ -1,15 +1,35 @@ -{ +{ "solution": { "path": "..\\..\\AspNetCore.sln", - "projects" : [ - "src\\Security\\CookiePolicy\\src\\Microsoft.AspNetCore.CookiePolicy.csproj", - "src\\Security\\CookiePolicy\\test\\Microsoft.AspNetCore.CookiePolicy.Test.csproj", - "src\\Security\\CookiePolicy\\samples\\CookiePolicySample\\CookiePolicySample.csproj", - "src\\Security\\Authorization\\Core\\src\\Microsoft.AspNetCore.Authorization.csproj", - "src\\Security\\Authorization\\Policy\\src\\Microsoft.AspNetCore.Authorization.Policy.csproj", - "src\\Security\\Authorization\\test\\Microsoft.AspNetCore.Authorization.Test.csproj", - "src\\Security\\Authentication\\test\\Microsoft.AspNetCore.Authentication.Test.csproj", - "src\\Security\\Authentication\\samples\\SocialSample\\SocialSample.csproj", + "projects": [ + "src\\DataProtection\\Abstractions\\src\\Microsoft.AspNetCore.DataProtection.Abstractions.csproj", + "src\\DataProtection\\Cryptography.Internal\\src\\Microsoft.AspNetCore.Cryptography.Internal.csproj", + "src\\DataProtection\\DataProtection\\src\\Microsoft.AspNetCore.DataProtection.csproj", + "src\\DefaultBuilder\\src\\Microsoft.AspNetCore.csproj", + "src\\Hosting\\Abstractions\\src\\Microsoft.AspNetCore.Hosting.Abstractions.csproj", + "src\\Hosting\\Hosting\\src\\Microsoft.AspNetCore.Hosting.csproj", + "src\\Hosting\\Server.Abstractions\\src\\Microsoft.AspNetCore.Hosting.Server.Abstractions.csproj", + "src\\Hosting\\TestHost\\src\\Microsoft.AspNetCore.TestHost.csproj", + "src\\Http\\Authentication.Abstractions\\src\\Microsoft.AspNetCore.Authentication.Abstractions.csproj", + "src\\Http\\Authentication.Core\\src\\Microsoft.AspNetCore.Authentication.Core.csproj", + "src\\Http\\Headers\\src\\Microsoft.Net.Http.Headers.csproj", + "src\\Http\\Http.Abstractions\\src\\Microsoft.AspNetCore.Http.Abstractions.csproj", + "src\\Http\\Http.Extensions\\src\\Microsoft.AspNetCore.Http.Extensions.csproj", + "src\\Http\\Http.Features\\src\\Microsoft.AspNetCore.Http.Features.csproj", + "src\\Http\\Http\\src\\Microsoft.AspNetCore.Http.csproj", + "src\\Http\\Metadata\\src\\Microsoft.AspNetCore.Metadata.csproj", + "src\\Http\\Routing.Abstractions\\src\\Microsoft.AspNetCore.Routing.Abstractions.csproj", + "src\\Http\\Routing\\src\\Microsoft.AspNetCore.Routing.csproj", + "src\\Http\\WebUtilities\\src\\Microsoft.AspNetCore.WebUtilities.csproj", + "src\\Middleware\\Diagnostics.Abstractions\\src\\Microsoft.AspNetCore.Diagnostics.Abstractions.csproj", + "src\\Middleware\\Diagnostics\\src\\Microsoft.AspNetCore.Diagnostics.csproj", + "src\\Middleware\\HostFiltering\\src\\Microsoft.AspNetCore.HostFiltering.csproj", + "src\\Middleware\\HttpOverrides\\src\\Microsoft.AspNetCore.HttpOverrides.csproj", + "src\\Middleware\\StaticFiles\\src\\Microsoft.AspNetCore.StaticFiles.csproj", + "src\\ObjectPool\\src\\Microsoft.Extensions.ObjectPool.csproj", + "src\\Security\\Authentication\\Certificate\\samples\\Certificate.Optional.Sample\\Certificate.Optional.Sample.csproj", + "src\\Security\\Authentication\\Certificate\\samples\\Certificate.Sample\\Certificate.Sample.csproj", + "src\\Security\\Authentication\\Certificate\\src\\Microsoft.AspNetCore.Authentication.Certificate.csproj", "src\\Security\\Authentication\\Cookies\\samples\\CookieSample\\CookieSample.csproj", "src\\Security\\Authentication\\Cookies\\samples\\CookieSessionSample\\CookieSessionSample.csproj", "src\\Security\\Authentication\\Cookies\\src\\Microsoft.AspNetCore.Authentication.Cookies.csproj", @@ -19,6 +39,10 @@ "src\\Security\\Authentication\\JwtBearer\\samples\\JwtBearerSample\\JwtBearerSample.csproj", "src\\Security\\Authentication\\JwtBearer\\src\\Microsoft.AspNetCore.Authentication.JwtBearer.csproj", "src\\Security\\Authentication\\MicrosoftAccount\\src\\Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj", + "src\\Security\\Authentication\\Negotiate\\Samples\\NegotiateAuthSample\\NegotiateAuthSample.csproj", + "src\\Security\\Authentication\\Negotiate\\src\\Microsoft.AspNetCore.Authentication.Negotiate.csproj", + "src\\Security\\Authentication\\Negotiate\\test\\Negotiate.FunctionalTest\\Microsoft.AspNetCore.Authentication.Negotiate.FunctionalTest.csproj", + "src\\Security\\Authentication\\Negotiate\\test\\Negotiate.Test\\Microsoft.AspNetCore.Authentication.Negotiate.Test.csproj", "src\\Security\\Authentication\\OAuth\\src\\Microsoft.AspNetCore.Authentication.OAuth.csproj", "src\\Security\\Authentication\\OpenIdConnect\\samples\\OpenIdConnect.AzureAdSample\\OpenIdConnect.AzureAdSample.csproj", "src\\Security\\Authentication\\OpenIdConnect\\samples\\OpenIdConnectSample\\OpenIdConnectSample.csproj", @@ -26,47 +50,23 @@ "src\\Security\\Authentication\\Twitter\\src\\Microsoft.AspNetCore.Authentication.Twitter.csproj", "src\\Security\\Authentication\\WsFederation\\samples\\WsFedSample\\WsFedSample.csproj", "src\\Security\\Authentication\\WsFederation\\src\\Microsoft.AspNetCore.Authentication.WsFederation.csproj", - "src\\Hosting\\Hosting\\src\\Microsoft.AspNetCore.Hosting.csproj", - "src\\Hosting\\TestHost\\src\\Microsoft.AspNetCore.TestHost.csproj", - "src\\Http\\Http\\src\\Microsoft.AspNetCore.Http.csproj", - "src\\Middleware\\Diagnostics\\src\\Microsoft.AspNetCore.Diagnostics.csproj", - "src\\Middleware\\StaticFiles\\src\\Microsoft.AspNetCore.StaticFiles.csproj", - "src\\Servers\\Kestrel\\Kestrel\\src\\Microsoft.AspNetCore.Server.Kestrel.csproj", + "src\\Security\\Authentication\\samples\\SocialSample\\SocialSample.csproj", + "src\\Security\\Authentication\\test\\Microsoft.AspNetCore.Authentication.Test.csproj", + "src\\Security\\Authorization\\Core\\src\\Microsoft.AspNetCore.Authorization.csproj", + "src\\Security\\Authorization\\Policy\\src\\Microsoft.AspNetCore.Authorization.Policy.csproj", + "src\\Security\\Authorization\\test\\Microsoft.AspNetCore.Authorization.Test.csproj", + "src\\Security\\CookiePolicy\\samples\\CookiePolicySample\\CookiePolicySample.csproj", + "src\\Security\\CookiePolicy\\src\\Microsoft.AspNetCore.CookiePolicy.csproj", + "src\\Security\\CookiePolicy\\test\\Microsoft.AspNetCore.CookiePolicy.Test.csproj", "src\\Security\\benchmarks\\Microsoft.AspNetCore.Security.Performance\\Microsoft.AspNetCore.Security.Performance.csproj", - "src\\DataProtection\\Abstractions\\src\\Microsoft.AspNetCore.DataProtection.Abstractions.csproj", - "src\\DataProtection\\DataProtection\\src\\Microsoft.AspNetCore.DataProtection.csproj", - "src\\DataProtection\\Cryptography.Internal\\src\\Microsoft.AspNetCore.Cryptography.Internal.csproj", - "src\\Hosting\\Abstractions\\src\\Microsoft.AspNetCore.Hosting.Abstractions.csproj", - "src\\Hosting\\Server.Abstractions\\src\\Microsoft.AspNetCore.Hosting.Server.Abstractions.csproj", - "src\\Http\\Authentication.Core\\src\\Microsoft.AspNetCore.Authentication.Core.csproj", - "src\\Http\\Authentication.Abstractions\\src\\Microsoft.AspNetCore.Authentication.Abstractions.csproj", - "src\\Http\\Http.Abstractions\\src\\Microsoft.AspNetCore.Http.Abstractions.csproj", - "src\\Http\\Http.Extensions\\src\\Microsoft.AspNetCore.Http.Extensions.csproj", - "src\\Http\\Http.Features\\src\\Microsoft.AspNetCore.Http.Features.csproj", - "src\\Http\\Headers\\src\\Microsoft.Net.Http.Headers.csproj", - "src\\Servers\\Kestrel\\Core\\src\\Microsoft.AspNetCore.Server.Kestrel.Core.csproj", - "src\\Servers\\Kestrel\\Transport.Sockets\\src\\Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.csproj", "src\\Servers\\Connections.Abstractions\\src\\Microsoft.AspNetCore.Connections.Abstractions.csproj", - "src\\Middleware\\HttpOverrides\\src\\Microsoft.AspNetCore.HttpOverrides.csproj", - "src\\Http\\WebUtilities\\src\\Microsoft.AspNetCore.WebUtilities.csproj", - "src\\Middleware\\Diagnostics.Abstractions\\src\\Microsoft.AspNetCore.Diagnostics.Abstractions.csproj", - "src\\Http\\Routing\\src\\Microsoft.AspNetCore.Routing.csproj", - "src\\Http\\Routing.Abstractions\\src\\Microsoft.AspNetCore.Routing.Abstractions.csproj", + "src\\Servers\\HttpSys\\src\\Microsoft.AspNetCore.Server.HttpSys.csproj", "src\\Servers\\IIS\\IISIntegration\\src\\Microsoft.AspNetCore.Server.IISIntegration.csproj", - "src\\Security\\Authentication\\Negotiate\\Samples\\NegotiateAuthSample\\NegotiateAuthSample.csproj", - "src\\Security\\Authentication\\Negotiate\\src\\Microsoft.AspNetCore.Authentication.Negotiate.csproj", - "src\\Security\\Authentication\\Negotiate\\test\\Negotiate.Test\\Microsoft.AspNetCore.Authentication.Negotiate.Test.csproj", - "src\\Security\\Authentication\\Negotiate\\test\\Negotiate.FunctionalTest\\Microsoft.AspNetCore.Authentication.Negotiate.FunctionalTest.csproj", - "src\\Security\\Authentication\\Negotiate\\test\\testassets\\Negotiate.Client\\Negotiate.Client.csproj", - "src\\Security\\Authentication\\Negotiate\\test\\testassets\\Negotiate.Server\\Negotiate.Server.csproj", - "src\\Security\\Authentication\\Certificate\\src\\Microsoft.AspNetCore.Authentication.Certificate.csproj", - "src\\Security\\Authentication\\Certificate\\samples\\Certificate.Sample\\Certificate.Sample.csproj", - "src\\Http\\Metadata\\src\\Microsoft.AspNetCore.Metadata.csproj", - "src\\DefaultBuilder\\src\\Microsoft.AspNetCore.csproj", - "src\\Middleware\\HostFiltering\\src\\Microsoft.AspNetCore.HostFiltering.csproj", "src\\Servers\\IIS\\IIS\\src\\Microsoft.AspNetCore.Server.IIS.csproj", - "src\\Servers\\HttpSys\\src\\Microsoft.AspNetCore.Server.HttpSys.csproj", - "src\\Security\\Authentication\\Certificate\\samples\\Certificate.Optional.Sample\\Certificate.Optional.Sample.csproj" + "src\\Servers\\Kestrel\\Core\\src\\Microsoft.AspNetCore.Server.Kestrel.Core.csproj", + "src\\Servers\\Kestrel\\Kestrel\\src\\Microsoft.AspNetCore.Server.Kestrel.csproj", + "src\\Servers\\Kestrel\\Transport.Sockets\\src\\Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.csproj", + "src\\WebEncoders\\src\\Microsoft.Extensions.WebEncoders.csproj" ] } -} +} \ No newline at end of file