security to project ref (#4618)

Author: jkotalik

.gitmodules

@@ -1,8 +1,8 @@
 [submodule "modules/EntityFrameworkCore"]
-	path = modules/EntityFrameworkCore
-	url = https://github.com/aspnet/EntityFrameworkCore.git
-	branch = release/2.1
+       path = modules/EntityFrameworkCore
+       url = https://github.com/aspnet/EntityFrameworkCore.git
+       branch = release/2.1
 [submodule "modules/Scaffolding"]
-	path = modules/Scaffolding
-	url = https://github.com/aspnet/Scaffolding.git
-	branch = release/2.1
+       path = modules/Scaffolding
+       url = https://github.com/aspnet/Scaffolding.git
+       branch = release/2.1

build/artifacts.props

@@ -49,7 +49,6 @@
     <PackageArtifact Include="Microsoft.AspNetCore.Authorization" AllMetapackage="true" AppMetapackage="true" Category="ship" />
     <PackageArtifact Include="Microsoft.AspNetCore.AzureAppServices.HostingStartup" AllMetapackage="true" Category="ship" />
     <PackageArtifact Include="Microsoft.AspNetCore.AzureAppServicesIntegration" AllMetapackage="true" Category="ship" />
-    <PackageArtifact Include="Microsoft.AspNetCore.ChunkingCookieManager.Sources" Category="noship" />
     <PackageArtifact Include="Microsoft.AspNetCore.Connections.Abstractions" AllMetapackage="true" AppMetapackage="true" Category="ship" />
     <PackageArtifact Include="Microsoft.AspNetCore.CookiePolicy" AllMetapackage="true" AppMetapackage="true" Category="ship" />
     <PackageArtifact Include="Microsoft.AspNetCore.Cors" AllMetapackage="true" AppMetapackage="true" Category="ship" />

build/buildorder.props

@@ -10,7 +10,6 @@
     <RepositoryBuildOrder Include="Razor" Order="6" RootPath="$(RepositoryRoot)src\Razor\" />
     <RepositoryBuildOrder Include="EntityFrameworkCore" Order="8" />
     <RepositoryBuildOrder Include="ServerTests" Order="11" RootPath="$(RepositoryRoot)src\ServerTests\" />
-    <RepositoryBuildOrder Include="Security" Order="13" RootPath="$(RepositoryRoot)src\Security\" />
     <RepositoryBuildOrder Include="Mvc" Order="14" RootPath="$(RepositoryRoot)src\Mvc\" />
     <RepositoryBuildOrder Include="AADIntegration" Order="15" RootPath="$(RepositoryRoot)src\AADIntegration\" />
     <RepositoryBuildOrder Include="Identity" Order="15" RootPath="$(RepositoryRoot)src\Identity\"  />

build/repo.props

@@ -75,6 +75,7 @@
                       $(RepositoryRoot)src\Html\**\*.*proj;
                       $(RepositoryRoot)src\Servers\**\*.csproj;
                       $(RepositoryRoot)src\Servers\**\*.pkgproj;
+                      $(RepositoryRoot)src\Security\**\*.*proj;
                       $(RepositoryRoot)src\Shared\**\*.*proj;
                       $(RepositoryRoot)src\Tools\**\*.*proj;
                       $(RepositoryRoot)src\Middleware\**\*.*proj;

build/submodules.props

@@ -55,7 +55,6 @@
     <ShippedRepository Include="Mvc" RootPath="$(RepositoryRoot)src\Mvc\" />
     <ShippedRepository Include="MvcPrecompilation" RootPath="$(RepositoryRoot)src\MvcPrecompilation\"/>
     <ShippedRepository Include="Razor" RootPath="$(RepositoryRoot)src\Razor\" />
-    <ShippedRepository Include="Security" RootPath="$(RepositoryRoot)src\Security\" />
     <ShippedRepository Include="SignalR" RootPath="$(RepositoryRoot)src\SignalR\" />
   </ItemGroup>
 </Project>

eng/Baseline.Designer.props

@@ -57,6 +57,19 @@
     <BaselinePackageReference Include="Microsoft.AspNetCore.WebUtilities" Version="[2.1.1, )" />
     <BaselinePackageReference Include="Microsoft.Extensions.ObjectPool" Version="[2.1.1, )" />
   </ItemGroup>
+  <!-- Package: Microsoft.AspNetCore.Authentication-->
+  <PropertyGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authentication' ">
+    <BaselinePackageVersion>2.1.2</BaselinePackageVersion>
+  </PropertyGroup>
+  <ItemGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authentication' AND '$(TargetFramework)' == 'netstandard2.0' ">
+    <BaselinePackageReference Include="Microsoft.AspNetCore.Authentication.Core" Version="[2.1.1, )" />
+    <BaselinePackageReference Include="Microsoft.AspNetCore.DataProtection" Version="[2.1.1, )" />
+    <BaselinePackageReference Include="Microsoft.AspNetCore.Http" Version="[2.1.1, )" />
+    <BaselinePackageReference Include="Microsoft.AspNetCore.Http.Extensions" Version="[2.1.1, )" />
+    <BaselinePackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="[2.1.1, )" />
+    <BaselinePackageReference Include="Microsoft.Extensions.Options" Version="[2.1.1, )" />
+    <BaselinePackageReference Include="Microsoft.Extensions.WebEncoders" Version="[2.1.1, )" />
+  </ItemGroup>
   <!-- Package: Microsoft.AspNetCore.Authentication.Abstractions-->
   <PropertyGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authentication.Abstractions' ">
     <BaselinePackageVersion>2.1.1</BaselinePackageVersion>
@@ -66,6 +79,13 @@
     <BaselinePackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="[2.1.1, )" />
     <BaselinePackageReference Include="Microsoft.Extensions.Options" Version="[2.1.1, )" />
   </ItemGroup>
+  <!-- Package: Microsoft.AspNetCore.Authentication.Cookies-->
+  <PropertyGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authentication.Cookies' ">
+    <BaselinePackageVersion>2.1.2</BaselinePackageVersion>
+  </PropertyGroup>
+  <ItemGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authentication.Cookies' AND '$(TargetFramework)' == 'netstandard2.0' ">
+    <BaselinePackageReference Include="Microsoft.AspNetCore.Authentication" Version="[2.1.2, )" />
+  </ItemGroup>
   <!-- Package: Microsoft.AspNetCore.Authentication.Core-->
   <PropertyGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authentication.Core' ">
     <BaselinePackageVersion>2.1.1</BaselinePackageVersion>
@@ -75,6 +95,83 @@
     <BaselinePackageReference Include="Microsoft.AspNetCore.Http.Extensions" Version="[2.1.1, )" />
     <BaselinePackageReference Include="Microsoft.AspNetCore.Http" Version="[2.1.1, )" />
   </ItemGroup>
+  <!-- Package: Microsoft.AspNetCore.Authentication.Facebook-->
+  <PropertyGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authentication.Facebook' ">
+    <BaselinePackageVersion>2.1.2</BaselinePackageVersion>
+  </PropertyGroup>
+  <ItemGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authentication.Facebook' AND '$(TargetFramework)' == 'netstandard2.0' ">
+    <BaselinePackageReference Include="Microsoft.AspNetCore.Authentication.OAuth" Version="[2.1.2, )" />
+  </ItemGroup>
+  <!-- Package: Microsoft.AspNetCore.Authentication.Google-->
+  <PropertyGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authentication.Google' ">
+    <BaselinePackageVersion>2.1.2</BaselinePackageVersion>
+  </PropertyGroup>
+  <ItemGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authentication.Google' AND '$(TargetFramework)' == 'netstandard2.0' ">
+    <BaselinePackageReference Include="Microsoft.AspNetCore.Authentication.OAuth" Version="[2.1.2, )" />
+  </ItemGroup>
+  <!-- Package: Microsoft.AspNetCore.Authentication.JwtBearer-->
+  <PropertyGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authentication.JwtBearer' ">
+    <BaselinePackageVersion>2.1.2</BaselinePackageVersion>
+  </PropertyGroup>
+  <ItemGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authentication.JwtBearer' AND '$(TargetFramework)' == 'netstandard2.0' ">
+    <BaselinePackageReference Include="Microsoft.AspNetCore.Authentication" Version="[2.1.2, )" />
+    <BaselinePackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="[5.2.0, )" />
+  </ItemGroup>
+  <!-- Package: Microsoft.AspNetCore.Authentication.MicrosoftAccount-->
+  <PropertyGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authentication.MicrosoftAccount' ">
+    <BaselinePackageVersion>2.1.2</BaselinePackageVersion>
+  </PropertyGroup>
+  <ItemGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authentication.MicrosoftAccount' AND '$(TargetFramework)' == 'netstandard2.0' ">
+    <BaselinePackageReference Include="Microsoft.AspNetCore.Authentication.OAuth" Version="[2.1.2, )" />
+  </ItemGroup>
+  <!-- Package: Microsoft.AspNetCore.Authentication.OAuth-->
+  <PropertyGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authentication.OAuth' ">
+    <BaselinePackageVersion>2.1.2</BaselinePackageVersion>
+  </PropertyGroup>
+  <ItemGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authentication.OAuth' AND '$(TargetFramework)' == 'netstandard2.0' ">
+    <BaselinePackageReference Include="Microsoft.AspNetCore.Authentication" Version="[2.1.2, )" />
+    <BaselinePackageReference Include="Newtonsoft.Json" Version="[11.0.2, )" />
+  </ItemGroup>
+  <!-- Package: Microsoft.AspNetCore.Authentication.OpenIdConnect-->
+  <PropertyGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authentication.OpenIdConnect' ">
+    <BaselinePackageVersion>2.1.2</BaselinePackageVersion>
+  </PropertyGroup>
+  <ItemGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authentication.OpenIdConnect' AND '$(TargetFramework)' == 'netstandard2.0' ">
+    <BaselinePackageReference Include="Microsoft.AspNetCore.Authentication.OAuth" Version="[2.1.2, )" />
+    <BaselinePackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="[5.2.0, )" />
+  </ItemGroup>
+  <!-- Package: Microsoft.AspNetCore.Authentication.Twitter-->
+  <PropertyGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authentication.Twitter' ">
+    <BaselinePackageVersion>2.1.2</BaselinePackageVersion>
+  </PropertyGroup>
+  <ItemGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authentication.Twitter' AND '$(TargetFramework)' == 'netstandard2.0' ">
+    <BaselinePackageReference Include="Microsoft.AspNetCore.Authentication.OAuth" Version="[2.1.2, )" />
+  </ItemGroup>
+  <!-- Package: Microsoft.AspNetCore.Authentication.WsFederation-->
+  <PropertyGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authentication.WsFederation' ">
+    <BaselinePackageVersion>2.1.2</BaselinePackageVersion>
+  </PropertyGroup>
+  <ItemGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authentication.WsFederation' AND '$(TargetFramework)' == 'netstandard2.0' ">
+    <BaselinePackageReference Include="Microsoft.AspNetCore.Authentication" Version="[2.1.2, )" />
+    <BaselinePackageReference Include="Microsoft.IdentityModel.Protocols.WsFederation" Version="[5.2.0, )" />
+    <BaselinePackageReference Include="System.IdentityModel.Tokens.Jwt" Version="[5.2.0, )" />
+  </ItemGroup>
+  <!-- Package: Microsoft.AspNetCore.Authorization-->
+  <PropertyGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authorization' ">
+    <BaselinePackageVersion>2.1.2</BaselinePackageVersion>
+  </PropertyGroup>
+  <ItemGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authorization' AND '$(TargetFramework)' == 'netstandard2.0' ">
+    <BaselinePackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="[2.1.1, )" />
+    <BaselinePackageReference Include="Microsoft.Extensions.Options" Version="[2.1.1, )" />
+  </ItemGroup>
+  <!-- Package: Microsoft.AspNetCore.Authorization.Policy-->
+  <PropertyGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authorization.Policy' ">
+    <BaselinePackageVersion>2.1.2</BaselinePackageVersion>
+  </PropertyGroup>
+  <ItemGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Authorization.Policy' AND '$(TargetFramework)' == 'netstandard2.0' ">
+    <BaselinePackageReference Include="Microsoft.AspNetCore.Authorization" Version="[2.1.2, )" />
+    <BaselinePackageReference Include="Microsoft.AspNetCore.Authentication.Abstractions" Version="[2.1.1, )" />
+  </ItemGroup>
   <!-- Package: Microsoft.AspNetCore.Connections.Abstractions-->
   <PropertyGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Connections.Abstractions' ">
     <BaselinePackageVersion>2.1.3</BaselinePackageVersion>
@@ -83,6 +180,15 @@
     <BaselinePackageReference Include="Microsoft.AspNetCore.Http.Features" Version="[2.1.1, )" />
     <BaselinePackageReference Include="System.IO.Pipelines" Version="[4.5.0, )" />
   </ItemGroup>
+  <!-- Package: Microsoft.AspNetCore.CookiePolicy-->
+  <PropertyGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.CookiePolicy' ">
+    <BaselinePackageVersion>2.1.2</BaselinePackageVersion>
+  </PropertyGroup>
+  <ItemGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.CookiePolicy' AND '$(TargetFramework)' == 'netstandard2.0' ">
+    <BaselinePackageReference Include="Microsoft.AspNetCore.Http" Version="[2.1.1, )" />
+    <BaselinePackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="[2.1.1, )" />
+    <BaselinePackageReference Include="Microsoft.Extensions.Options" Version="[2.1.1, )" />
+  </ItemGroup>
   <!-- Package: Microsoft.AspNetCore.Cors-->
   <PropertyGroup Condition=" '$(PackageId)' == 'Microsoft.AspNetCore.Cors' ">
     <BaselinePackageVersion>2.1.1</BaselinePackageVersion>
@@ -591,4 +697,12 @@
     <BaselinePackageReference Include="Microsoft.Extensions.Primitives" Version="[2.1.1, )" />
     <BaselinePackageReference Include="System.Buffers" Version="[4.5.0, )" />
   </ItemGroup>
+  <!-- Package: Microsoft.Owin.Security.Interop-->
+  <PropertyGroup Condition=" '$(PackageId)' == 'Microsoft.Owin.Security.Interop' ">
+    <BaselinePackageVersion>2.1.2</BaselinePackageVersion>
+  </PropertyGroup>
+  <ItemGroup Condition=" '$(PackageId)' == 'Microsoft.Owin.Security.Interop' AND '$(TargetFramework)' == 'net461' ">
+    <BaselinePackageReference Include="Microsoft.AspNetCore.DataProtection.Extensions" Version="[2.1.1, )" />
+    <BaselinePackageReference Include="Microsoft.Owin.Security" Version="[3.0.1, )" />
+  </ItemGroup>
 </Project>

eng/Baseline.xml

@@ -11,9 +11,22 @@ build of ASP.NET Core 2.1.x. Update this list when preparing for a new patch.
   <Package Id="dotnet-watch" Version="2.1.1" />
   <Package Id="Microsoft.AspNetCore" Version="2.1.6" />
   <Package Id="Microsoft.AspNetCore.Antiforgery" Version="2.1.1" />
+  <Package Id="Microsoft.AspNetCore.Authentication" Version="2.1.2" />
   <Package Id="Microsoft.AspNetCore.Authentication.Abstractions" Version="2.1.1" />
+  <Package Id="Microsoft.AspNetCore.Authentication.Cookies" Version="2.1.2" />
   <Package Id="Microsoft.AspNetCore.Authentication.Core" Version="2.1.1" />
+  <Package Id="Microsoft.AspNetCore.Authentication.Facebook" Version="2.1.2" />
+  <Package Id="Microsoft.AspNetCore.Authentication.Google" Version="2.1.2" />
+  <Package Id="Microsoft.AspNetCore.Authentication.JwtBearer" Version="2.1.2" />
+  <Package Id="Microsoft.AspNetCore.Authentication.MicrosoftAccount" Version="2.1.2" />
+  <Package Id="Microsoft.AspNetCore.Authentication.OAuth" Version="2.1.2" />
+  <Package Id="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="2.1.2" />
+  <Package Id="Microsoft.AspNetCore.Authentication.Twitter" Version="2.1.2" />
+  <Package Id="Microsoft.AspNetCore.Authentication.WsFederation" Version="2.1.2" />
+  <Package Id="Microsoft.AspNetCore.Authorization" Version="2.1.2" />
+  <Package Id="Microsoft.AspNetCore.Authorization.Policy" Version="2.1.2" />
   <Package Id="Microsoft.AspNetCore.Connections.Abstractions" Version="2.1.3" />
+  <Package Id="Microsoft.AspNetCore.CookiePolicy" Version="2.1.2" />
   <Package Id="Microsoft.AspNetCore.Cors" Version="2.1.1" />
   <Package Id="Microsoft.AspNetCore.Cryptography.Internal" Version="2.1.1" />
   <Package Id="Microsoft.AspNetCore.Cryptography.KeyDerivation" Version="2.1.1" />
@@ -64,4 +77,5 @@ build of ASP.NET Core 2.1.x. Update this list when preparing for a new patch.
   <Package Id="Microsoft.AspNetCore.WebSockets" Version="2.1.1" />
   <Package Id="Microsoft.AspNetCore.WebUtilities" Version="2.1.1" />
   <Package Id="Microsoft.Net.Http.Headers" Version="2.1.1" />
+  <Package Id="Microsoft.Owin.Security.Interop" Version="2.1.2" />
 </Baseline>

eng/Dependencies.props

@@ -50,11 +50,15 @@ and are generated based on the last package release.
     <LatestPackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(MicrosoftExtensionsLoggingConsolePackageVersion)" />
     <LatestPackageReference Include="Microsoft.Extensions.Logging.Debug" Version="$(MicrosoftExtensionsLoggingDebugPackageVersion)" />
     <LatestPackageReference Include="Microsoft.Extensions.Logging.Testing" Version="$(MicrosoftExtensionsLoggingTestingPackageVersion)" />
+    <LatestPackageReference Include="Microsoft.Extensions.Logging.Debug" Version="$(MicrosoftExtensionsLoggingPackageVersion)" />
     <LatestPackageReference Include="Microsoft.Extensions.Logging" Version="$(MicrosoftExtensionsLoggingPackageVersion)" />
     <LatestPackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="$(MicrosoftExtensionsOptionsConfigurationExtensionsPackageVersion)" />
     <LatestPackageReference Include="Microsoft.Extensions.Options" Version="$(MicrosoftExtensionsOptionsPackageVersion)" />
     <LatestPackageReference Include="Microsoft.Extensions.TypeNameHelper.Sources" Version="$(MicrosoftExtensionsTypeNameHelperSourcesPackageVersion)" />
     <LatestPackageReference Include="Microsoft.Extensions.WebEncoders" Version="$(MicrosoftExtensionsWebEncodersPackageVersion)" />
+    <LatestPackageReference Include="Microsoft.IdentityModel.Clients.ActiveDirectory" Version="$(MicrosoftIdentityModelClientsActiveDirectoryPackageVersion)" />
+    <LatestPackageReference Include="Microsoft.Owin.Security.Cookies" Version="$(MicrosoftOwinSecurityCookiesPackageVersion)" />
+    <LatestPackageReference Include="Microsoft.Owin.Testing" Version="$(MicrosoftOwinTestingPackageVersion)" />
     <LatestPackageReference Include="Microsoft.NETCore.Windows.ApiSets" Version="$(MicrosoftNETCoreWindowsApiSetsPackageVersion)" />
     <LatestPackageReference Include="System.Buffers" Version="$(SystemBuffersPackageVersion)" />
     <LatestPackageReference Include="System.Data.SqlClient" Version="$(SystemDataSqlClientPackageVersion)" />
@@ -68,6 +72,7 @@ and are generated based on the last package release.
     <LatestPackageReference Include="System.Security.Cryptography.Cng" Version="$(SystemSecurityCryptographyCngPackageVersion)" />
     <LatestPackageReference Include="System.Security.Principal.Windows" Version="$(SystemSecurityPrincipalWindowsPackageVersion)" />
     <LatestPackageReference Include="System.Text.Encodings.Web" Version="$(SystemTextEncodingsWebPackageVersion)" />
+
   </ItemGroup>
 
   <ItemGroup Label="External dependencies">