Remove unnecessary NuGet dependencies from the ASP.NET 4.8 samples

Directory.Packages.props

@@ -40,11 +40,7 @@
     <PackageVersion Include="Microsoft.Owin.Host.SystemWeb"                              Version="4.2.2"   />
     <PackageVersion Include="Microsoft.Owin.Hosting"                                     Version="4.2.2"   />
     <PackageVersion Include="Microsoft.Owin.Security.Cookies"                            Version="4.2.2"   />
-    <PackageVersion Include="Microsoft.Owin.Security.Google"                             Version="4.2.2"   />
-    <PackageVersion Include="Microsoft.Owin.Security.MicrosoftAccount"                   Version="4.2.2"   />
     <PackageVersion Include="Microsoft.Owin.Security.OAuth"                              Version="4.2.2"   />
-    <PackageVersion Include="Microsoft.Owin.Security.OpenIdConnect"                      Version="4.2.2"   />
-    <PackageVersion Include="Microsoft.Owin.Security.Twitter"                            Version="4.2.2"   />
     <PackageVersion Include="Microsoft.Web.Infrastructure"                               Version="1.0.0"   />
     <PackageVersion Include="OpenIddict.EntityFramework"                                 Version="5.2.0"   />
     <PackageVersion Include="OpenIddict.Owin"                                            Version="5.2.0"   />

samples/Balosar/Balosar.Server/Controllers/AuthenticationController.cs

@@ -43,7 +43,7 @@ public async Task<ActionResult> LogInCallback()
         //     a few claims like the user identifier. The same approach is used to store the access/refresh tokens.
 
         // Important: if the remote server doesn't support OpenID Connect and doesn't expose a userinfo endpoint,
-        // result.Principal.Identity will represent an unauthenticated identity and won't contain any claim.
+        // result.Principal.Identity will represent an unauthenticated identity and won't contain any user claim.
         //
         // Such identities cannot be used as-is to build an authentication cookie in ASP.NET Core (as the
         // antiforgery stack requires at least a name claim to bind CSRF cookies to the user's identity) but

samples/Dantooine/Dantooine.WebAssembly.Server/Controllers/AuthenticationController.cs

@@ -95,7 +95,7 @@ public async Task<ActionResult> LogInCallback()
         //     a few claims like the user identifier. The same approach is used to store the access/refresh tokens.
 
         // Important: if the remote server doesn't support OpenID Connect and doesn't expose a userinfo endpoint,
-        // result.Principal.Identity will represent an unauthenticated identity and won't contain any claim.
+        // result.Principal.Identity will represent an unauthenticated identity and won't contain any user claim.
         //
         // Such identities cannot be used as-is to build an authentication cookie in ASP.NET Core (as the
         // antiforgery stack requires at least a name claim to bind CSRF cookies to the user's identity) but

samples/Fornax/Fornax.Server/Fornax.Server.csproj

@@ -32,10 +32,7 @@
     <PackageReference Include="Microsoft.Extensions.DependencyInjection" />
     <PackageReference Include="Microsoft.Owin.Host.SystemWeb" />
     <PackageReference Include="Microsoft.Owin.Security.Cookies" />
-    <PackageReference Include="Microsoft.Owin.Security.Google" />
-    <PackageReference Include="Microsoft.Owin.Security.MicrosoftAccount" />
     <PackageReference Include="Microsoft.Owin.Security.OAuth" />
-    <PackageReference Include="Microsoft.Owin.Security.Twitter" />
     <PackageReference Include="Microsoft.Web.Infrastructure" PrivateAssets="all" />
     <PackageReference Include="OpenIddict.EntityFramework" />
     <PackageReference Include="OpenIddict.Owin" />

samples/Fornax/Fornax.Server/Startup.cs

@@ -1,4 +1,9 @@
-using Microsoft.Owin;
+using System;
+using Fornax.Server.Models;
+using Microsoft.AspNet.Identity;
+using Microsoft.AspNet.Identity.Owin;
+using Microsoft.Owin;
+using Microsoft.Owin.Security.Cookies;
 using OpenIddict.Server.Owin;
 using OpenIddict.Validation.Owin;
 using Owin;
@@ -7,11 +12,31 @@
 
 namespace Fornax.Server
 {
-    public partial class Startup
+    public class Startup
     {
         public void Configuration(IAppBuilder app)
         {
-            ConfigureAuth(app);
+            // Register the Entity Framework context and the user/sign-in managers used by ASP.NET Identity.
+            app.CreatePerOwinContext(ApplicationDbContext.Create);
+            app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
+            app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
+
+            // Register the cookie middleware used by ASP.NET Identity.
+            app.UseCookieAuthentication(new CookieAuthenticationOptions
+            {
+                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
+                LoginPath = new PathString("/Account/Login"),
+                Provider = new CookieAuthenticationProvider
+                {
+                    OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
+                        validateInterval: TimeSpan.FromMinutes(30),
+                        regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
+                }
+            });
+
+            app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
+            app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
+            app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
 
             // Register the Autofac scope injector middleware.
             app.UseAutofacLifetimeScopeInjector(Global.Provider.ApplicationContainer);

samples/Mortis/Mortis.Client/Controllers/AuthenticationController.cs

@@ -97,7 +97,7 @@ public async Task<ActionResult> LogInCallback()
             //     a few claims like the user identifier. The same approach is used to store the access/refresh tokens.
 
             // Important: if the remote server doesn't support OpenID Connect and doesn't expose a userinfo endpoint,
-            // result.Principal.Identity will represent an unauthenticated identity and won't contain any claim.
+            // result.Principal.Identity will represent an unauthenticated identity and won't contain any user claim.
             //
             // Such identities cannot be used as-is to build an authentication cookie in ASP.NET (as the
             // antiforgery stack requires at least a name claim to bind CSRF cookies to the user's identity) but

samples/Mortis/Mortis.Client/Startup.cs

@@ -15,7 +15,7 @@
 
 namespace Mortis.Client
 {
-    public partial class Startup
+    public class Startup
     {
         public void Configuration(IAppBuilder app)
         {

samples/Mortis/Mortis.Server/Mortis.Server.csproj

@@ -29,10 +29,7 @@
     <PackageReference Include="Microsoft.Extensions.DependencyInjection" />
     <PackageReference Include="Microsoft.Owin.Host.SystemWeb" />
     <PackageReference Include="Microsoft.Owin.Security.Cookies" />
-    <PackageReference Include="Microsoft.Owin.Security.Google" />
-    <PackageReference Include="Microsoft.Owin.Security.MicrosoftAccount" />
     <PackageReference Include="Microsoft.Owin.Security.OAuth" />
-    <PackageReference Include="Microsoft.Owin.Security.Twitter" />
     <PackageReference Include="Microsoft.Web.Infrastructure" PrivateAssets="all" />
     <PackageReference Include="OpenIddict.EntityFramework" />
     <PackageReference Include="OpenIddict.Owin" />

samples/Mortis/Mortis.Server/Startup.cs

@@ -6,8 +6,11 @@
 using Autofac.Extensions.DependencyInjection;
 using Autofac.Integration.Mvc;
 using Autofac.Integration.WebApi;
+using Microsoft.AspNet.Identity;
+using Microsoft.AspNet.Identity.Owin;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Owin;
+using Microsoft.Owin.Security.Cookies;
 using Mortis.Server.Models;
 using OpenIddict.Abstractions;
 using OpenIddict.Server.Owin;
@@ -18,7 +21,7 @@
 [assembly: OwinStartup(typeof(Mortis.Server.Startup))]
 namespace Mortis.Server
 {
-    public partial class Startup
+    public class Startup
     {
         public void Configuration(IAppBuilder app)
         {
@@ -83,7 +86,27 @@ public void Configuration(IAppBuilder app)
 
             var container = builder.Build();
 
-            ConfigureAuth(app);
+            // Register the Entity Framework context and the user/sign-in managers used by ASP.NET Identity.
+            app.CreatePerOwinContext(ApplicationDbContext.Create);
+            app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
+            app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
+
+            // Register the cookie middleware used by ASP.NET Identity.
+            app.UseCookieAuthentication(new CookieAuthenticationOptions
+            {
+                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
+                LoginPath = new PathString("/Account/Login"),
+                Provider = new CookieAuthenticationProvider
+                {
+                    OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
+                        validateInterval: TimeSpan.FromMinutes(30),
+                        regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
+                }
+            });
+
+            app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
+            app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
+            app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
 
             // Register the Autofac scope injector middleware.
             app.UseAutofacLifetimeScopeInjector(container);

samples/Velusia/Velusia.Client/Controllers/AuthenticationController.cs

@@ -95,7 +95,7 @@ public async Task<ActionResult> LogInCallback()
         //     a few claims like the user identifier. The same approach is used to store the access/refresh tokens.
 
         // Important: if the remote server doesn't support OpenID Connect and doesn't expose a userinfo endpoint,
-        // result.Principal.Identity will represent an unauthenticated identity and won't contain any claim.
+        // result.Principal.Identity will represent an unauthenticated identity and won't contain any user claim.
         //
         // Such identities cannot be used as-is to build an authentication cookie in ASP.NET Core (as the
         // antiforgery stack requires at least a name claim to bind CSRF cookies to the user's identity) but

samples/Velusia/Velusia.Server/Controllers/AuthenticationController.cs

@@ -43,7 +43,7 @@ public async Task<ActionResult> LogInCallback()
         //     a few claims like the user identifier. The same approach is used to store the access/refresh tokens.
 
         // Important: if the remote server doesn't support OpenID Connect and doesn't expose a userinfo endpoint,
-        // result.Principal.Identity will represent an unauthenticated identity and won't contain any claim.
+        // result.Principal.Identity will represent an unauthenticated identity and won't contain any user claim.
         //
         // Such identities cannot be used as-is to build an authentication cookie in ASP.NET Core (as the
         // antiforgery stack requires at least a name claim to bind CSRF cookies to the user's identity) but