Allow OWIN servers to register default ICookieManager instances

Author: kevinchalet

src/Microsoft.Owin.Host.SystemWeb/OwinAppContext.cs

@@ -59,6 +59,8 @@ internal void Initialize(Action<IAppBuilder> startup)
             builder.Properties[Constants.HostReferencedAssemblies] = new ReferencedAssembliesWrapper();
             builder.Properties[Constants.ServerCapabilitiesKey] = Capabilities;
             builder.Properties[Constants.SecurityDataProtectionProvider] = new MachineKeyDataProtectionProvider().ToOwinFunction();
+            builder.SetDefaultCookieManager(new SystemWebCookieManager());
+            builder.SetDefaultChunkingCookieManager(new SystemWebChunkingCookieManager());
             builder.SetLoggerFactory(new DiagnosticsLoggerFactory());
 
             Capabilities[Constants.SendFileVersionKey] = Constants.SendFileVersion;

src/Microsoft.Owin.Security.Cookies/CookieAuthenticationMiddleware.cs

@@ -27,6 +27,10 @@ public class CookieAuthenticationMiddleware : AuthenticationMiddleware<CookieAut
         public CookieAuthenticationMiddleware(OwinMiddleware next, IAppBuilder app, CookieAuthenticationOptions options)
             : base(next, options)
         {
+            if (Options.CookieManager == null)
+            {
+                Options.CookieManager = app.GetDefaultChunkingCookieManager() ?? new ChunkingCookieManager();
+            }
             if (Options.Provider == null)
             {
                 Options.Provider = new CookieAuthenticationProvider();
@@ -46,10 +50,6 @@ public CookieAuthenticationMiddleware(OwinMiddleware next, IAppBuilder app, Cook
 
                 Options.TicketDataFormat = new TicketDataFormat(dataProtector);
             }
-            if (Options.CookieManager == null)
-            {
-                Options.CookieManager = new ChunkingCookieManager();
-            }
         }
 
         /// <summary>

src/Microsoft.Owin.Security.Cookies/CookieAuthenticationOptions.cs

@@ -4,6 +4,7 @@
 using System;
 using System.Diagnostics.CodeAnalysis;
 using Microsoft.Owin.Infrastructure;
+using Owin;
 
 namespace Microsoft.Owin.Security.Cookies
 {
@@ -142,9 +143,11 @@ public string CookieName
 
         /// <summary>
         /// The component used to get cookies from the request or set them on the response.
-        ///
-        /// ChunkingCookieManager will be used by default.
         /// </summary>
+        /// <remarks>
+        /// The manager returned by <see cref="AppBuilderCookieExtensions.GetDefaultChunkingCookieManager(IAppBuilder)"/>
+        /// (or a default <see cref="ChunkingCookieManager"/> instance) is used by default if no value is explicitly set.
+        /// </remarks>
         public ICookieManager CookieManager { get; set; }
 
         /// <summary>

src/Microsoft.Owin.Security.Facebook/FacebookAuthenticationMiddleware.cs

@@ -5,6 +5,7 @@
 using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
+using Microsoft.Owin.Infrastructure;
 using Microsoft.Owin.Logging;
 using Microsoft.Owin.Security.DataHandler;
 using Microsoft.Owin.Security.DataProtection;
@@ -45,6 +46,10 @@ public FacebookAuthenticationMiddleware(
 
             _logger = app.CreateLogger<FacebookAuthenticationMiddleware>();
 
+            if (Options.CookieManager == null)
+            {
+                Options.CookieManager = app.GetDefaultCookieManager() ?? new CookieManager();
+            }
             if (Options.Provider == null)
             {
                 Options.Provider = new FacebookAuthenticationProvider();

src/Microsoft.Owin.Security.Facebook/FacebookAuthenticationOptions.cs

@@ -31,7 +31,6 @@ public FacebookAuthenticationOptions()
             BackchannelTimeout = TimeSpan.FromSeconds(60);
             SendAppSecretProof = true;
             _fields = new HashSet<string>();
-            CookieManager = new CookieManager();
 
             AuthorizationEndpoint = Constants.AuthorizationEndpoint;
             TokenEndpoint = Constants.TokenEndpoint;

src/Microsoft.Owin.Security.Google/GoogleOAuth2AuthenticationMiddleware.cs

@@ -5,6 +5,7 @@
 using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
+using Microsoft.Owin.Infrastructure;
 using Microsoft.Owin.Logging;
 using Microsoft.Owin.Security.DataHandler;
 using Microsoft.Owin.Security.DataProtection;
@@ -47,6 +48,10 @@ public GoogleOAuth2AuthenticationMiddleware(
 
             _logger = app.CreateLogger<GoogleOAuth2AuthenticationMiddleware>();
 
+            if (Options.CookieManager == null)
+            {
+                Options.CookieManager = app.GetDefaultCookieManager() ?? new CookieManager();
+            }
             if (Options.Provider == null)
             {
                 Options.Provider = new GoogleOAuth2AuthenticationProvider();

src/Microsoft.Owin.Security.Google/GoogleOAuth2AuthenticationOptions.cs

@@ -29,7 +29,6 @@ public GoogleOAuth2AuthenticationOptions()
             AuthenticationMode = AuthenticationMode.Passive;
             Scope = new List<string>();
             BackchannelTimeout = TimeSpan.FromSeconds(60);
-            CookieManager = new CookieManager();
 
             AuthorizationEndpoint = Constants.AuthorizationEndpoint;
             TokenEndpoint = Constants.TokenEndpoint;

src/Microsoft.Owin.Security.MicrosoftAccount/MicrosoftAccountAuthenticationMiddleware.cs

@@ -5,6 +5,7 @@
 using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Net.Http;
+using Microsoft.Owin.Infrastructure;
 using Microsoft.Owin.Logging;
 using Microsoft.Owin.Security.DataHandler;
 using Microsoft.Owin.Security.DataProtection;
@@ -45,6 +46,10 @@ public MicrosoftAccountAuthenticationMiddleware(
 
             _logger = app.CreateLogger<MicrosoftAccountAuthenticationMiddleware>();
 
+            if (Options.CookieManager == null)
+            {
+                Options.CookieManager = app.GetDefaultCookieManager() ?? new CookieManager();
+            }
             if (Options.Provider == null)
             {
                 Options.Provider = new MicrosoftAccountAuthenticationProvider();

src/Microsoft.Owin.Security.MicrosoftAccount/MicrosoftAccountAuthenticationOptions.cs

@@ -26,7 +26,6 @@ public MicrosoftAccountAuthenticationOptions() : base(Constants.DefaultAuthentic
             AuthenticationMode = AuthenticationMode.Passive;
             Scope = new List<string>();
             BackchannelTimeout = TimeSpan.FromSeconds(60);
-            CookieManager = new CookieManager();
 
             AuthorizationEndpoint = Constants.AuthorizationEndpoint;
             TokenEndpoint = Constants.TokenEndpoint;

src/Microsoft.Owin.Security.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs

@@ -6,6 +6,7 @@
 using System.Net.Http;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Microsoft.Owin.Infrastructure;
 using Microsoft.Owin.Logging;
 using Microsoft.Owin.Security.DataHandler;
 using Microsoft.Owin.Security.DataProtection;
@@ -38,6 +39,10 @@ public OpenIdConnectAuthenticationMiddleware(OwinMiddleware next, IAppBuilder ap
                 Options.TokenValidationParameters.AuthenticationType = app.GetDefaultSignInAsAuthenticationType();
             }
 
+            if (Options.CookieManager == null)
+            {
+                Options.CookieManager = app.GetDefaultCookieManager() ?? new CookieManager();
+            }
             if (Options.StateDataFormat == null)
             {
                 var dataProtector = app.CreateDataProtector(