Enable trimming on remaining middleware and security projects (#41688)

eng/TrimmableProjects.props

@@ -14,6 +14,7 @@
     <TrimmableProject Include="Microsoft.AspNetCore.DataProtection.EntityFrameworkCore" />
     <TrimmableProject Include="Microsoft.AspNetCore.DataProtection.Extensions" />
     <TrimmableProject Include="Microsoft.AspNetCore.DataProtection.StackExchangeRedis" />
+    <TrimmableProject Include="Microsoft.AspNetCore.Antiforgery" />
     <TrimmableProject Include="Microsoft.AspNetCore.Hosting.Abstractions" />
     <TrimmableProject Include="Microsoft.AspNetCore.Hosting" />
     <TrimmableProject Include="Microsoft.AspNetCore.Hosting.Server.Abstractions" />
@@ -37,7 +38,21 @@
     <TrimmableProject Include="Microsoft.AspNetCore.Server.Kestrel" />
     <TrimmableProject Include="Microsoft.AspNetCore.Server.Kestrel.Transport.Quic" />
     <TrimmableProject Include="Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets" />
+    <TrimmableProject Include="Microsoft.AspNetCore.Authentication.Certificate" />
+    <TrimmableProject Include="Microsoft.AspNetCore.Authentication.Cookies" />
+    <TrimmableProject Include="Microsoft.AspNetCore.Authentication" />
+    <TrimmableProject Include="Microsoft.AspNetCore.Authentication.Facebook" />
+    <TrimmableProject Include="Microsoft.AspNetCore.Authentication.Google" />
+    <TrimmableProject Include="Microsoft.AspNetCore.Authentication.JwtBearer" />
+    <TrimmableProject Include="Microsoft.AspNetCore.Authentication.MicrosoftAccount" />
+    <TrimmableProject Include="Microsoft.AspNetCore.Authentication.Negotiate" />
+    <TrimmableProject Include="Microsoft.AspNetCore.Authentication.OAuth" />
+    <TrimmableProject Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" />
+    <TrimmableProject Include="Microsoft.AspNetCore.Authentication.Twitter" />
+    <TrimmableProject Include="Microsoft.AspNetCore.Authentication.WsFederation" />
     <TrimmableProject Include="Microsoft.AspNetCore.Authorization" />
+    <TrimmableProject Include="Microsoft.AspNetCore.Authorization.Policy" />
+    <TrimmableProject Include="Microsoft.AspNetCore.CookiePolicy" />
     <TrimmableProject Include="Microsoft.AspNetCore.Cors" />
     <TrimmableProject Include="Microsoft.AspNetCore.Diagnostics.Abstractions" />
     <TrimmableProject Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" />
@@ -56,6 +71,7 @@
     <TrimmableProject Include="Microsoft.AspNetCore.ResponseCaching" />
     <TrimmableProject Include="Microsoft.AspNetCore.ResponseCompression" />
     <TrimmableProject Include="Microsoft.AspNetCore.Rewrite" />
+    <TrimmableProject Include="Microsoft.AspNetCore.Session" />
     <TrimmableProject Include="Microsoft.AspNetCore.SpaProxy" />
     <TrimmableProject Include="Microsoft.AspNetCore.SpaServices.Extensions" />
     <TrimmableProject Include="Microsoft.AspNetCore.StaticFiles" />

src/Antiforgery/src/Microsoft.AspNetCore.Antiforgery.csproj

@@ -7,7 +7,7 @@
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;antiforgery</PackageTags>
     <IsPackable>false</IsPackable>
-    <Nullable>enable</Nullable>
+    <IsTrimmable>true</IsTrimmable>
   </PropertyGroup>
 
   <ItemGroup>

src/Middleware/Session/src/Microsoft.AspNetCore.Session.csproj

@@ -8,7 +8,7 @@
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;session;sessionstate</PackageTags>
     <IsPackable>false</IsPackable>
-    <Nullable>enable</Nullable>
+    <IsTrimmable>true</IsTrimmable>
   </PropertyGroup>
 
   <ItemGroup>

src/Security/Authentication/Certificate/src/Microsoft.AspNetCore.Authentication.Certificate.csproj

@@ -6,7 +6,7 @@
     <DefineConstants>$(DefineConstants);SECURITY</DefineConstants>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security;x509;certificate</PackageTags>
-    <Nullable>enable</Nullable>
+    <IsTrimmable>true</IsTrimmable>
   </PropertyGroup>
 
   <ItemGroup>

src/Security/Authentication/Cookies/src/Microsoft.AspNetCore.Authentication.Cookies.csproj

@@ -8,7 +8,7 @@
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
     <IsPackable>false</IsPackable>
-    <Nullable>enable</Nullable>
+    <IsTrimmable>true</IsTrimmable>
   </PropertyGroup>
 
   <ItemGroup>

src/Security/Authentication/Core/src/AuthenticationBuilder.cs

@@ -29,11 +29,12 @@ public class AuthenticationBuilder
         where TOptions : AuthenticationSchemeOptions, new()
         where THandler : class, IAuthenticationHandler
     {
+        var state = new AddSchemeHelperState(typeof(THandler));
         Services.Configure<AuthenticationOptions>(o =>
         {
             o.AddScheme(authenticationScheme, scheme =>
             {
-                scheme.HandlerType = typeof(THandler);
+                scheme.HandlerType = state.HandlerType;
                 scheme.DisplayName = displayName;
             });
         });
@@ -50,6 +51,18 @@ public class AuthenticationBuilder
         return this;
     }
 
+    // Workaround for linker bug: https://github.com/dotnet/linker/issues/1981
+    private readonly struct AddSchemeHelperState
+    {
+        public AddSchemeHelperState([DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicConstructors)] Type handlerType)
+        {
+            HandlerType = handlerType;
+        }
+
+        [DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicConstructors)]
+        public Type HandlerType { get; }
+    }
+
     /// <summary>
     /// Adds a <see cref="AuthenticationScheme"/> which can be used by <see cref="IAuthenticationService"/>.
     /// </summary>

src/Security/Authentication/Core/src/Microsoft.AspNetCore.Authentication.csproj

@@ -7,7 +7,7 @@
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
     <IsPackable>false</IsPackable>
-    <Nullable>enable</Nullable>
+    <IsTrimmable>true</IsTrimmable>
   </PropertyGroup>
 
   <ItemGroup>

src/Security/Authentication/Facebook/src/Microsoft.AspNetCore.Authentication.Facebook.csproj

@@ -5,7 +5,7 @@
     <TargetFramework>$(DefaultNetCoreTargetFramework)</TargetFramework>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
-    <Nullable>enable</Nullable>
+    <IsTrimmable>true</IsTrimmable>
   </PropertyGroup>
 
   <ItemGroup>

src/Security/Authentication/Google/src/Microsoft.AspNetCore.Authentication.Google.csproj

@@ -5,7 +5,7 @@
     <TargetFramework>$(DefaultNetCoreTargetFramework)</TargetFramework>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
-    <Nullable>enable</Nullable>
+    <IsTrimmable>true</IsTrimmable>
   </PropertyGroup>
 
   <ItemGroup>

src/Security/Authentication/JwtBearer/src/Microsoft.AspNetCore.Authentication.JwtBearer.csproj

@@ -5,7 +5,7 @@
     <TargetFramework>$(DefaultNetCoreTargetFramework)</TargetFramework>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
-    <Nullable>enable</Nullable>
+    <IsTrimmable>true</IsTrimmable>
   </PropertyGroup>
 
   <ItemGroup>

src/Security/Authentication/MicrosoftAccount/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj

@@ -5,7 +5,7 @@
     <TargetFramework>$(DefaultNetCoreTargetFramework)</TargetFramework>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
-    <Nullable>enable</Nullable>
+    <IsTrimmable>true</IsTrimmable>
   </PropertyGroup>
 
   <ItemGroup>

src/Security/Authentication/Negotiate/src/Internal/INegotiateStateFactory.cs

@@ -1,10 +1,13 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics.CodeAnalysis;
+
 namespace Microsoft.AspNetCore.Authentication.Negotiate;
 
 // For testing
 internal interface INegotiateStateFactory
 {
+    [RequiresUnreferencedCode("Negotiate authentication uses types that cannot be statically analyzed.")]
     INegotiateState CreateInstance();
 }

src/Security/Authentication/Negotiate/src/Internal/ReflectedNegotiateState.cs

@@ -3,6 +3,7 @@
 
 #pragma warning disable CA1810 // Initialize all static fields inline.
 
+using System.Diagnostics.CodeAnalysis;
 using System.Linq;
 using System.Net;
 using System.Reflection;
@@ -12,6 +13,7 @@ using System.Security.Principal;
 
 namespace Microsoft.AspNetCore.Authentication.Negotiate;
 
+[RequiresUnreferencedCode("Negotiate authentication uses types that cannot be statically analyzed.")]
 internal sealed class ReflectedNegotiateState : INegotiateState
 {
     // https://www.gnu.org/software/gss/reference/gss.pdf

src/Security/Authentication/Negotiate/src/Internal/ReflectedNegotiateStateFactory.cs

@@ -1,10 +1,13 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics.CodeAnalysis;
+
 namespace Microsoft.AspNetCore.Authentication.Negotiate;
 
 internal sealed class ReflectedNegotiateStateFactory : INegotiateStateFactory
 {
+    [RequiresUnreferencedCode("Negotiate authentication uses types that cannot be statically analyzed.")]
     public INegotiateState CreateInstance()
     {
         return new ReflectedNegotiateState();

src/Security/Authentication/Negotiate/src/Microsoft.AspNetCore.Authentication.Negotiate.csproj

@@ -5,7 +5,7 @@
     <TargetFramework>$(DefaultNetCoreTargetFramework)</TargetFramework>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
-    <Nullable>enable</Nullable>
+    <IsTrimmable>true</IsTrimmable>
   </PropertyGroup>
 
   <ItemGroup>

src/Security/Authentication/Negotiate/src/NegotiateExtensions.cs

@@ -1,6 +1,7 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Negotiate;
 using Microsoft.AspNetCore.Authentication.Negotiate.Internal;
@@ -24,6 +25,7 @@ public static class NegotiateExtensions
     /// </summary>
     /// <param name="builder">The <see cref="AuthenticationBuilder"/>.</param>
     /// <returns>The original builder.</returns>
+    [RequiresUnreferencedCode("Negotiate authentication uses types that cannot be statically analyzed.")]
     public static AuthenticationBuilder AddNegotiate(this AuthenticationBuilder builder)
         => builder.AddNegotiate(NegotiateDefaults.AuthenticationScheme, _ => { });
 
@@ -37,6 +39,7 @@ public static class NegotiateExtensions
     /// <param name="builder">The <see cref="AuthenticationBuilder"/>.</param>
     /// <param name="configureOptions">Allows for configuring the authentication handler.</param>
     /// <returns>The original builder.</returns>
+    [RequiresUnreferencedCode("Negotiate authentication uses types that cannot be statically analyzed.")]
     public static AuthenticationBuilder AddNegotiate(this AuthenticationBuilder builder, Action<NegotiateOptions> configureOptions)
         => builder.AddNegotiate(NegotiateDefaults.AuthenticationScheme, configureOptions);
 
@@ -51,6 +54,7 @@ public static class NegotiateExtensions
     /// <param name="authenticationScheme">The scheme name used to identify the authentication handler internally.</param>
     /// <param name="configureOptions">Allows for configuring the authentication handler.</param>
     /// <returns>The original builder.</returns>
+    [RequiresUnreferencedCode("Negotiate authentication uses types that cannot be statically analyzed.")]
     public static AuthenticationBuilder AddNegotiate(this AuthenticationBuilder builder, string authenticationScheme, Action<NegotiateOptions> configureOptions)
         => builder.AddNegotiate(authenticationScheme, displayName: null, configureOptions: configureOptions);
 
@@ -66,6 +70,7 @@ public static class NegotiateExtensions
     /// <param name="displayName">The name displayed to users when selecting an authentication handler. The default is null to prevent this from displaying.</param>
     /// <param name="configureOptions">Allows for configuring the authentication handler.</param>
     /// <returns>The original builder.</returns>
+    [RequiresUnreferencedCode("Negotiate authentication uses types that cannot be statically analyzed.")]
     public static AuthenticationBuilder AddNegotiate(this AuthenticationBuilder builder, string authenticationScheme, string? displayName, Action<NegotiateOptions> configureOptions)
     {
         builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<NegotiateOptions>, PostConfigureNegotiateOptions>());

src/Security/Authentication/Negotiate/src/NegotiateHandler.cs

@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System.Diagnostics;
+using System.Diagnostics.CodeAnalysis;
 using System.Linq;
 using System.Security.Claims;
 using System.Security.Principal;
@@ -18,6 +19,7 @@ namespace Microsoft.AspNetCore.Authentication.Negotiate;
 /// <summary>
 /// Authenticates requests using Negotiate, Kerberos, or NTLM.
 /// </summary>
+[RequiresUnreferencedCode("Negotiate authentication uses types that cannot be statically analyzed.")]
 public class NegotiateHandler : AuthenticationHandler<NegotiateOptions>, IAuthenticationRequestHandler
 {
     private const string AuthPersistenceKey = nameof(AuthPersistence);

src/Security/Authentication/OAuth/src/Microsoft.AspNetCore.Authentication.OAuth.csproj

@@ -7,7 +7,7 @@
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
     <IsPackable>false</IsPackable>
-    <Nullable>enable</Nullable>
+    <IsTrimmable>true</IsTrimmable>
   </PropertyGroup>
 
   <ItemGroup>

src/Security/Authentication/OpenIdConnect/src/Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj

@@ -5,7 +5,7 @@
     <TargetFramework>$(DefaultNetCoreTargetFramework)</TargetFramework>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
-    <Nullable>enable</Nullable>
+    <IsTrimmable>true</IsTrimmable>
   </PropertyGroup>
 
   <ItemGroup>

src/Security/Authentication/Twitter/src/Microsoft.AspNetCore.Authentication.Twitter.csproj

@@ -5,7 +5,7 @@
     <TargetFramework>$(DefaultNetCoreTargetFramework)</TargetFramework>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
-    <Nullable>enable</Nullable>
+    <IsTrimmable>true</IsTrimmable>
   </PropertyGroup>
 
   <ItemGroup>

src/Security/Authentication/Twitter/src/TwitterHandler.cs

@@ -8,6 +8,7 @@ using System.Security.Cryptography;
 using System.Text;
 using System.Text.Encodings.Web;
 using System.Text.Json;
+using System.Text.Json.Serialization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.WebUtilities;
 using Microsoft.Extensions.Logging;
@@ -19,13 +20,8 @@ namespace Microsoft.AspNetCore.Authentication.Twitter;
 /// <summary>
 /// Authentication handler for Twitter's OAuth based authentication.
 /// </summary>
-public class TwitterHandler : RemoteAuthenticationHandler<TwitterOptions>
+public partial class TwitterHandler : RemoteAuthenticationHandler<TwitterOptions>
 {
-    private static readonly JsonSerializerOptions ErrorSerializerOptions = new JsonSerializerOptions
-    {
-        PropertyNameCaseInsensitive = true
-    };
-
     private HttpClient Backchannel => Options.Backchannel;
 
     /// <summary>
@@ -361,7 +357,7 @@ public class TwitterHandler : RemoteAuthenticationHandler<TwitterOptions>
         {
             // Failure, attempt to parse Twitters error message
             var errorContentStream = await response.Content.ReadAsStreamAsync(Context.RequestAborted);
-            errorResponse = await JsonSerializer.DeserializeAsync<TwitterErrorResponse>(errorContentStream, ErrorSerializerOptions);
+            errorResponse = await JsonSerializer.DeserializeAsync(errorContentStream, TwitterJsonContext.DefaultWithOptions.TwitterErrorResponse);
         }
         catch
         {
@@ -390,4 +386,13 @@ public class TwitterHandler : RemoteAuthenticationHandler<TwitterOptions>
 
         throw new InvalidOperationException(errorMessageStringBuilder.ToString());
     }
+
+    [JsonSerializable(typeof(TwitterErrorResponse))]
+    internal sealed partial class TwitterJsonContext : JsonSerializerContext
+    {
+        public static readonly TwitterJsonContext DefaultWithOptions = new TwitterJsonContext(new JsonSerializerOptions
+        {
+            PropertyNameCaseInsensitive = true
+        });
+    }
 }

src/Security/Authentication/WsFederation/src/Microsoft.AspNetCore.Authentication.WsFederation.csproj

@@ -5,7 +5,7 @@
     <TargetFramework>$(DefaultNetCoreTargetFramework)</TargetFramework>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authentication;security</PackageTags>
-    <Nullable>enable</Nullable>
+    <IsTrimmable>true</IsTrimmable>
   </PropertyGroup>
 
   <ItemGroup>

src/Security/Authorization/Policy/src/Microsoft.AspNetCore.Authorization.Policy.csproj

@@ -7,7 +7,7 @@
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore;authorization</PackageTags>
     <IsPackable>false</IsPackable>
-    <Nullable>enable</Nullable>
+    <IsTrimmable>true</IsTrimmable>
   </PropertyGroup>
 
   <ItemGroup>

src/Security/CookiePolicy/src/Microsoft.AspNetCore.CookiePolicy.csproj

@@ -7,7 +7,7 @@
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <PackageTags>aspnetcore</PackageTags>
     <IsPackable>false</IsPackable>
-    <Nullable>enable</Nullable>
+    <IsTrimmable>true</IsTrimmable>
   </PropertyGroup>
 
   <ItemGroup>

src/Tools/Tools.slnf

@@ -63,7 +63,21 @@
       "src\\Middleware\\StaticFiles\\src\\Microsoft.AspNetCore.StaticFiles.csproj",
       "src\\Middleware\\WebSockets\\src\\Microsoft.AspNetCore.WebSockets.csproj",
       "src\\ObjectPool\\src\\Microsoft.Extensions.ObjectPool.csproj",
+      "src\\Security\\Authentication\\Certificate\\src\\Microsoft.AspNetCore.Authentication.Certificate.csproj",
+      "src\\Security\\Authentication\\Cookies\\src\\Microsoft.AspNetCore.Authentication.Cookies.csproj",
+      "src\\Security\\Authentication\\Core\\src\\Microsoft.AspNetCore.Authentication.csproj",
+      "src\\Security\\Authentication\\Facebook\\src\\Microsoft.AspNetCore.Authentication.Facebook.csproj",
+      "src\\Security\\Authentication\\Google\\src\\Microsoft.AspNetCore.Authentication.Google.csproj",
+      "src\\Security\\Authentication\\JwtBearer\\src\\Microsoft.AspNetCore.Authentication.JwtBearer.csproj",
+      "src\\Security\\Authentication\\MicrosoftAccount\\src\\Microsoft.AspNetCore.Authentication.MicrosoftAccount.csproj",
+      "src\\Security\\Authentication\\Negotiate\\src\\Microsoft.AspNetCore.Authentication.Negotiate.csproj",
+      "src\\Security\\Authentication\\OAuth\\src\\Microsoft.AspNetCore.Authentication.OAuth.csproj",
+      "src\\Security\\Authentication\\OpenIdConnect\\src\\Microsoft.AspNetCore.Authentication.OpenIdConnect.csproj",
+      "src\\Security\\Authentication\\Twitter\\src\\Microsoft.AspNetCore.Authentication.Twitter.csproj",
+      "src\\Security\\Authentication\\WsFederation\\src\\Microsoft.AspNetCore.Authentication.WsFederation.csproj",
       "src\\Security\\Authorization\\Core\\src\\Microsoft.AspNetCore.Authorization.csproj",
+      "src\\Security\\Authorization\\Policy\\src\\Microsoft.AspNetCore.Authorization.Policy.csproj",
+      "src\\Security\\CookiePolicy\\src\\Microsoft.AspNetCore.CookiePolicy.csproj",
       "src\\Servers\\Connections.Abstractions\\src\\Microsoft.AspNetCore.Connections.Abstractions.csproj",
       "src\\Servers\\HttpSys\\src\\Microsoft.AspNetCore.Server.HttpSys.csproj",
       "src\\Servers\\IIS\\IISIntegration\\src\\Microsoft.AspNetCore.Server.IISIntegration.csproj",