diff --git a/CORS.sln b/CORS.sln
index 62bed30..f3d81e9 100644
--- a/CORS.sln
+++ b/CORS.sln
@@ -1,7 +1,7 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 14
-VisualStudioVersion = 14.0.22529.0
+VisualStudioVersion = 14.0.22711.0
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{84FE6872-A610-4CEC-855F-A84CBF1F40FC}"
 EndProject
@@ -16,6 +16,16 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "test", "test", "{F32074C7-0
 EndProject
 Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Cors.Core.Test", "test\Microsoft.AspNet.Cors.Core.Test\Microsoft.AspNet.Cors.Core.Test.xproj", "{B4F83A06-EB8E-4186-84C4-C6DAF7EB03D4}"
 EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Cors", "src\Microsoft.AspNet.Cors\Microsoft.AspNet.Cors.xproj", "{41349FCD-D1C4-47A6-82D0-D16D00A8D59D}"
+EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "Microsoft.AspNet.Cors.Test", "test\Microsoft.AspNet.Cors.Test\Microsoft.AspNet.Cors.Test.xproj", "{F05BE96F-F869-4408-A480-96935B4835EE}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "samples", "samples", "{EEF80A8E-F334-4C66-9537-8D24D002149D}"
+EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "UseOptions", "samples\UseOptions\UseOptions.xproj", "{8DC90D0F-9660-42AD-BE08-4A7643A8F46E}"
+EndProject
+Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "UsePolicyBuilder", "samples\UsePolicyBuilder\UsePolicyBuilder.xproj", "{6916DB8A-0246-45F8-9C64-9B05556C1A5D}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -30,6 +40,22 @@ Global
 		{B4F83A06-EB8E-4186-84C4-C6DAF7EB03D4}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{B4F83A06-EB8E-4186-84C4-C6DAF7EB03D4}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{B4F83A06-EB8E-4186-84C4-C6DAF7EB03D4}.Release|Any CPU.Build.0 = Release|Any CPU
+		{41349FCD-D1C4-47A6-82D0-D16D00A8D59D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{41349FCD-D1C4-47A6-82D0-D16D00A8D59D}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{41349FCD-D1C4-47A6-82D0-D16D00A8D59D}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{41349FCD-D1C4-47A6-82D0-D16D00A8D59D}.Release|Any CPU.Build.0 = Release|Any CPU
+		{F05BE96F-F869-4408-A480-96935B4835EE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{F05BE96F-F869-4408-A480-96935B4835EE}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{F05BE96F-F869-4408-A480-96935B4835EE}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{F05BE96F-F869-4408-A480-96935B4835EE}.Release|Any CPU.Build.0 = Release|Any CPU
+		{8DC90D0F-9660-42AD-BE08-4A7643A8F46E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{8DC90D0F-9660-42AD-BE08-4A7643A8F46E}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{8DC90D0F-9660-42AD-BE08-4A7643A8F46E}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{8DC90D0F-9660-42AD-BE08-4A7643A8F46E}.Release|Any CPU.Build.0 = Release|Any CPU
+		{6916DB8A-0246-45F8-9C64-9B05556C1A5D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{6916DB8A-0246-45F8-9C64-9B05556C1A5D}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{6916DB8A-0246-45F8-9C64-9B05556C1A5D}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{6916DB8A-0246-45F8-9C64-9B05556C1A5D}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -37,5 +63,9 @@ Global
 	GlobalSection(NestedProjects) = preSolution
 		{C573AEE1-8D54-4A83-8D6B-61C85E8F713E} = {84FE6872-A610-4CEC-855F-A84CBF1F40FC}
 		{B4F83A06-EB8E-4186-84C4-C6DAF7EB03D4} = {F32074C7-087C-46CC-A913-422BFD2D6E0A}
+		{41349FCD-D1C4-47A6-82D0-D16D00A8D59D} = {84FE6872-A610-4CEC-855F-A84CBF1F40FC}
+		{F05BE96F-F869-4408-A480-96935B4835EE} = {F32074C7-087C-46CC-A913-422BFD2D6E0A}
+		{8DC90D0F-9660-42AD-BE08-4A7643A8F46E} = {EEF80A8E-F334-4C66-9537-8D24D002149D}
+		{6916DB8A-0246-45F8-9C64-9B05556C1A5D} = {EEF80A8E-F334-4C66-9537-8D24D002149D}
 	EndGlobalSection
 EndGlobal
diff --git a/samples/UseOptions/Project_Readme.html b/samples/UseOptions/Project_Readme.html
new file mode 100644
index 0000000..b693be4
--- /dev/null
+++ b/samples/UseOptions/Project_Readme.html
@@ -0,0 +1,204 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8" />
+    <title>Welcome to ASP.NET 5</title>
+    <style>
+        html {
+            background: #f1f1f1;
+            height: 100%;
+        }
+
+        body {
+            background: #fff;
+            color: #505050;
+            font: 14px 'Segoe UI', tahoma, arial, helvetica, sans-serif;
+            margin: 1%;
+            min-height: 95.5%;
+            border: 1px solid silver;
+            position: relative;
+        }
+
+        #header {
+            padding: 0;
+        }
+
+            #header h1 {
+                font-size: 44px;
+                font-weight: normal;
+                margin: 0;
+                padding: 10px 30px 10px 30px;
+            }
+
+            #header span {
+                margin: 0;
+                padding: 0 30px;
+                display: block;
+            }
+
+            #header p {
+                font-size: 20px;
+                color: #fff;
+                background: #007acc;
+                padding: 0 30px;
+                line-height: 50px;
+                margin-top: 25px;
+
+            }
+
+                #header p a {
+                    color: #fff;
+                    text-decoration: underline;
+                    font-weight: bold;
+                    padding-right: 35px;
+                    background: no-repeat right bottom url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAWCAMAAAAcqPc3AAAANlBMVEUAAAAAeswfitI9mthXp91us+KCvuaTx+mjz+2x1u+83PLH4vTR5/ba7Pjj8Pns9fv1+v3////wy3dWAAAAAXRSTlMAQObYZgAAAHxJREFUeNp9kVcSwCAIRMHUYoH7XzaxOxJ9P8oyQ1uIqNPwh3s2aLmIM2YtqrLcQIeQEylhuCeUOlhgve5yoBCfWmlnlgkN4H8ykbpaE7gR03AbUHiwoOxUH9Xp+ubd41p1HF3mBPrfC87BHeTdaB3ceeKL9HGpcvX9zu6+DdMWT9KQPvYAAAAASUVORK5CYII=);
+                }
+
+        #main {
+            padding: 5px 30px;
+            clear: both;
+        }
+
+        .section {
+            width: 21.7%;
+            float: left;
+            margin: 0 0 0 4%;
+        }
+
+            .section h2 {
+                font-size: 13px;
+                text-transform: uppercase;
+                margin: 0;
+                border-bottom: 1px solid silver;
+                padding-bottom: 12px;
+                margin-bottom: 8px;
+            }
+
+            .section.first {
+                margin-left: 0;
+            }
+
+                .section.first h2 {
+                    font-size: 24px;
+                    text-transform: none;
+                    margin-bottom: 25px;
+                    border: none;
+                }
+
+                .section.first li {
+                    border-top: 1px solid silver;
+                    padding: 8px 0;
+                }
+
+            .section.last {
+                margin-right: 0;
+            }
+
+        ul {
+            list-style: none;
+            padding: 0;
+            margin: 0;
+            line-height: 20px;
+        }
+
+        li {
+            padding: 4px 0;
+        }
+
+        a {
+            color: #267cb2;
+            text-decoration: none;
+        }
+
+            a:hover {
+                text-decoration: underline;
+            }
+
+        #footer {
+            clear: both;
+            padding-top: 50px;
+        }
+
+            #footer p {
+                position: absolute;
+                bottom: 10px;
+            }
+    </style>
+</head>
+<body>
+
+    <div id="header">
+        <h1>Welcome to ASP.NET 5 Preview</h1>
+        <span>
+            We've made some big updates in this release, so it’s <b>important</b> that you spend 
+            a few minutes to learn what’s new.
+            <br /><br />
+            ASP.NET 5 has been rearchitected to make it <b>lean</b> and <b>composable</b>. It's fully 
+            <b>open source</b> and available on <a href="http://go.microsoft.com/fwlink/?LinkID=517854">GitHub</a>.
+            <br />
+            Your new project automatically takes advantage of modern client-side utilities 
+            like <a href="http://go.microsoft.com/fwlink/?LinkId=518004">Bower</a> and <a href="http://go.microsoft.com/fwlink/?LinkId=518005">npm</a>
+            (to add client-side libraries) and <a href="http://go.microsoft.com/fwlink/?LinkId=518006">Grunt</a> and 
+            <a href="http://go.microsoft.com/fwlink/?LinkId=518007">Gulp</a> (for client-side build and automation tasks).
+
+            <br /><br />
+            We hope you enjoy the new capabilities in ASP.NET 5 and Visual Studio 2015.
+            <br />
+            The ASP.NET Team
+        </span>
+        <p>You've created a new ASP.NET 5 project. <a href="http://go.microsoft.com/fwlink/?LinkId=518016">Learn what's new</a></p>
+    </div>
+
+    <div id="main">
+        <div class="section first">
+            <h2>This application consists of:</h2>
+            <ul>
+                <li>Sample pages using ASP.NET MVC 6</li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkId=518006">Grunt</a> and <a href="http://go.microsoft.com/fwlink/?LinkId=518004">Bower</a> for managing client-side resources</li>
+                <li>Theming using <a href="http://go.microsoft.com/fwlink/?LinkID=398939">Bootstrap</a></li>
+            </ul>
+        </div>
+
+        <div class="section">
+            <h2>New concepts</h2>
+            <ul>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkId=518008">The 'wwwroot' explained</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkId=518012">Configuration in ASP.NET 5</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkId=518013">Dependency Injection</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkId=518014">Razor TagHelpers</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkID=517849">Manage client packages using Grunt</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkID=517850">Develop on different platforms</a></li>
+            </ul>
+        </div>
+
+        <div class="section">
+            <h2>Customize app</h2>
+            <ul>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkID=398600">Add Controllers and Views</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkID=398602">Add Data using EntityFramework</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkID=398603">Add Authentication using Identity</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkID=398606">Add real time support using SignalR</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkID=398604">Add Class library</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkId=518009">Add Web APIs with MVC 6</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkID=517848">Add client packages using Bower</a></li>
+            </ul>
+        </div>
+
+        <div class="section last">
+            <h2>Deploy</h2>
+            <ul>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkID=517851">Run your app locally</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkID=517852">Run your app on ASP.NET Core 5</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkID=517853">Run commands in your project.json</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkID=398609">Publish to Microsoft Azure Web Sites</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkId=518019">Publish to the file system</a></li>
+            </ul>
+        </div>
+
+        <div id="footer">
+            <p>We would love to hear your <a href="http://go.microsoft.com/fwlink/?LinkId=518015">feedback</a></p>
+        </div>
+    </div>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/samples/UseOptions/Startup.cs b/samples/UseOptions/Startup.cs
new file mode 100644
index 0000000..5c29d7f
--- /dev/null
+++ b/samples/UseOptions/Startup.cs
@@ -0,0 +1,23 @@
+using System;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Http;
+using Microsoft.Framework.DependencyInjection;
+
+namespace UseOptions
+{
+    public class Startup
+    {
+        public void ConfigureServices(IServiceCollection services)
+        {
+            services.AddCors();
+            services.ConfigureCors(
+                options =>
+                    options.AddPolicy("allowSingleOrigin", builder => builder.WithOrigins("http://example.com")));
+        }
+
+        public void Configure(IApplicationBuilder app)
+        {
+            app.UseCors("allowSingleOrigin");
+        }
+    }
+}
diff --git a/samples/UseOptions/UseOptions.xproj b/samples/UseOptions/UseOptions.xproj
new file mode 100644
index 0000000..0ad1f53
--- /dev/null
+++ b/samples/UseOptions/UseOptions.xproj
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>8dc90d0f-9660-42ad-be08-4a7643a8f46e</ProjectGuid>
+    <RootNamespace>UseOptions</RootNamespace>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+  </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+    <DevelopmentServerPort>5442</DevelopmentServerPort>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/samples/UseOptions/project.json b/samples/UseOptions/project.json
new file mode 100644
index 0000000..6bcdc93
--- /dev/null
+++ b/samples/UseOptions/project.json
@@ -0,0 +1,30 @@
+{
+    "webroot": "wwwroot",
+    "version": "1.0.0-*",
+    "dependencies": {
+        "Microsoft.AspNet.Cors": "1.0.0-*",
+        "Microsoft.AspNet.Diagnostics": "1.0.0-*",
+        "Microsoft.AspNet.Server.IIS": "1.0.0-*",
+        "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
+        "Microsoft.Framework.Logging.Console": "1.0.0-*"
+    },
+    "commands": {
+        "web": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.WebListener --server.urls http://localhost:5000"
+    },
+    "frameworks": {
+        "dnx451": {},
+        "dnxcore50": {}
+    },
+    "bundleExclude": [
+        "node_modules",
+        "bower_components",
+        "**.kproj",
+        "**.user",
+        "**.vspscc"
+    ],
+    "exclude": [
+        "wwwroot",
+        "node_modules",
+        "bower_components"
+    ]
+}
\ No newline at end of file
diff --git a/samples/UsePolicyBuilder/Project_Readme.html b/samples/UsePolicyBuilder/Project_Readme.html
new file mode 100644
index 0000000..b693be4
--- /dev/null
+++ b/samples/UsePolicyBuilder/Project_Readme.html
@@ -0,0 +1,204 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8" />
+    <title>Welcome to ASP.NET 5</title>
+    <style>
+        html {
+            background: #f1f1f1;
+            height: 100%;
+        }
+
+        body {
+            background: #fff;
+            color: #505050;
+            font: 14px 'Segoe UI', tahoma, arial, helvetica, sans-serif;
+            margin: 1%;
+            min-height: 95.5%;
+            border: 1px solid silver;
+            position: relative;
+        }
+
+        #header {
+            padding: 0;
+        }
+
+            #header h1 {
+                font-size: 44px;
+                font-weight: normal;
+                margin: 0;
+                padding: 10px 30px 10px 30px;
+            }
+
+            #header span {
+                margin: 0;
+                padding: 0 30px;
+                display: block;
+            }
+
+            #header p {
+                font-size: 20px;
+                color: #fff;
+                background: #007acc;
+                padding: 0 30px;
+                line-height: 50px;
+                margin-top: 25px;
+
+            }
+
+                #header p a {
+                    color: #fff;
+                    text-decoration: underline;
+                    font-weight: bold;
+                    padding-right: 35px;
+                    background: no-repeat right bottom url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAWCAMAAAAcqPc3AAAANlBMVEUAAAAAeswfitI9mthXp91us+KCvuaTx+mjz+2x1u+83PLH4vTR5/ba7Pjj8Pns9fv1+v3////wy3dWAAAAAXRSTlMAQObYZgAAAHxJREFUeNp9kVcSwCAIRMHUYoH7XzaxOxJ9P8oyQ1uIqNPwh3s2aLmIM2YtqrLcQIeQEylhuCeUOlhgve5yoBCfWmlnlgkN4H8ykbpaE7gR03AbUHiwoOxUH9Xp+ubd41p1HF3mBPrfC87BHeTdaB3ceeKL9HGpcvX9zu6+DdMWT9KQPvYAAAAASUVORK5CYII=);
+                }
+
+        #main {
+            padding: 5px 30px;
+            clear: both;
+        }
+
+        .section {
+            width: 21.7%;
+            float: left;
+            margin: 0 0 0 4%;
+        }
+
+            .section h2 {
+                font-size: 13px;
+                text-transform: uppercase;
+                margin: 0;
+                border-bottom: 1px solid silver;
+                padding-bottom: 12px;
+                margin-bottom: 8px;
+            }
+
+            .section.first {
+                margin-left: 0;
+            }
+
+                .section.first h2 {
+                    font-size: 24px;
+                    text-transform: none;
+                    margin-bottom: 25px;
+                    border: none;
+                }
+
+                .section.first li {
+                    border-top: 1px solid silver;
+                    padding: 8px 0;
+                }
+
+            .section.last {
+                margin-right: 0;
+            }
+
+        ul {
+            list-style: none;
+            padding: 0;
+            margin: 0;
+            line-height: 20px;
+        }
+
+        li {
+            padding: 4px 0;
+        }
+
+        a {
+            color: #267cb2;
+            text-decoration: none;
+        }
+
+            a:hover {
+                text-decoration: underline;
+            }
+
+        #footer {
+            clear: both;
+            padding-top: 50px;
+        }
+
+            #footer p {
+                position: absolute;
+                bottom: 10px;
+            }
+    </style>
+</head>
+<body>
+
+    <div id="header">
+        <h1>Welcome to ASP.NET 5 Preview</h1>
+        <span>
+            We've made some big updates in this release, so it’s <b>important</b> that you spend 
+            a few minutes to learn what’s new.
+            <br /><br />
+            ASP.NET 5 has been rearchitected to make it <b>lean</b> and <b>composable</b>. It's fully 
+            <b>open source</b> and available on <a href="http://go.microsoft.com/fwlink/?LinkID=517854">GitHub</a>.
+            <br />
+            Your new project automatically takes advantage of modern client-side utilities 
+            like <a href="http://go.microsoft.com/fwlink/?LinkId=518004">Bower</a> and <a href="http://go.microsoft.com/fwlink/?LinkId=518005">npm</a>
+            (to add client-side libraries) and <a href="http://go.microsoft.com/fwlink/?LinkId=518006">Grunt</a> and 
+            <a href="http://go.microsoft.com/fwlink/?LinkId=518007">Gulp</a> (for client-side build and automation tasks).
+
+            <br /><br />
+            We hope you enjoy the new capabilities in ASP.NET 5 and Visual Studio 2015.
+            <br />
+            The ASP.NET Team
+        </span>
+        <p>You've created a new ASP.NET 5 project. <a href="http://go.microsoft.com/fwlink/?LinkId=518016">Learn what's new</a></p>
+    </div>
+
+    <div id="main">
+        <div class="section first">
+            <h2>This application consists of:</h2>
+            <ul>
+                <li>Sample pages using ASP.NET MVC 6</li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkId=518006">Grunt</a> and <a href="http://go.microsoft.com/fwlink/?LinkId=518004">Bower</a> for managing client-side resources</li>
+                <li>Theming using <a href="http://go.microsoft.com/fwlink/?LinkID=398939">Bootstrap</a></li>
+            </ul>
+        </div>
+
+        <div class="section">
+            <h2>New concepts</h2>
+            <ul>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkId=518008">The 'wwwroot' explained</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkId=518012">Configuration in ASP.NET 5</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkId=518013">Dependency Injection</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkId=518014">Razor TagHelpers</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkID=517849">Manage client packages using Grunt</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkID=517850">Develop on different platforms</a></li>
+            </ul>
+        </div>
+
+        <div class="section">
+            <h2>Customize app</h2>
+            <ul>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkID=398600">Add Controllers and Views</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkID=398602">Add Data using EntityFramework</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkID=398603">Add Authentication using Identity</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkID=398606">Add real time support using SignalR</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkID=398604">Add Class library</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkId=518009">Add Web APIs with MVC 6</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkID=517848">Add client packages using Bower</a></li>
+            </ul>
+        </div>
+
+        <div class="section last">
+            <h2>Deploy</h2>
+            <ul>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkID=517851">Run your app locally</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkID=517852">Run your app on ASP.NET Core 5</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkID=517853">Run commands in your project.json</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkID=398609">Publish to Microsoft Azure Web Sites</a></li>
+                <li><a href="http://go.microsoft.com/fwlink/?LinkId=518019">Publish to the file system</a></li>
+            </ul>
+        </div>
+
+        <div id="footer">
+            <p>We would love to hear your <a href="http://go.microsoft.com/fwlink/?LinkId=518015">feedback</a></p>
+        </div>
+    </div>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/samples/UsePolicyBuilder/Startup.cs b/samples/UsePolicyBuilder/Startup.cs
new file mode 100644
index 0000000..de8233c
--- /dev/null
+++ b/samples/UsePolicyBuilder/Startup.cs
@@ -0,0 +1,21 @@
+using System;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Cors.Core;
+using Microsoft.AspNet.Http;
+using Microsoft.Framework.DependencyInjection;
+
+namespace UsePolicy
+{
+    public class Startup
+    {
+        public void ConfigureServices(IServiceCollection services)
+        {
+            services.AddCors();
+        }
+
+        public void Configure(IApplicationBuilder app)
+        {
+            app.UseCors(policy => policy.WithOrigins("http://example.com"));
+        }
+    }
+}
diff --git a/samples/UsePolicyBuilder/UsePolicyBuilder.xproj b/samples/UsePolicyBuilder/UsePolicyBuilder.xproj
new file mode 100644
index 0000000..cf8bbbd
--- /dev/null
+++ b/samples/UsePolicyBuilder/UsePolicyBuilder.xproj
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>6916db8a-0246-45f8-9c64-9b05556c1a5d</ProjectGuid>
+    <RootNamespace>UseOptions</RootNamespace>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+  </PropertyGroup>
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+    <DevelopmentServerPort>12497</DevelopmentServerPort>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/samples/UsePolicyBuilder/project.json b/samples/UsePolicyBuilder/project.json
new file mode 100644
index 0000000..6bcdc93
--- /dev/null
+++ b/samples/UsePolicyBuilder/project.json
@@ -0,0 +1,30 @@
+{
+    "webroot": "wwwroot",
+    "version": "1.0.0-*",
+    "dependencies": {
+        "Microsoft.AspNet.Cors": "1.0.0-*",
+        "Microsoft.AspNet.Diagnostics": "1.0.0-*",
+        "Microsoft.AspNet.Server.IIS": "1.0.0-*",
+        "Microsoft.AspNet.Server.WebListener": "1.0.0-*",
+        "Microsoft.Framework.Logging.Console": "1.0.0-*"
+    },
+    "commands": {
+        "web": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.WebListener --server.urls http://localhost:5000"
+    },
+    "frameworks": {
+        "dnx451": {},
+        "dnxcore50": {}
+    },
+    "bundleExclude": [
+        "node_modules",
+        "bower_components",
+        "**.kproj",
+        "**.user",
+        "**.vspscc"
+    ],
+    "exclude": [
+        "wwwroot",
+        "node_modules",
+        "bower_components"
+    ]
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Cors.Core/CorsOptions.cs b/src/Microsoft.AspNet.Cors.Core/CorsOptions.cs
index 7d76181..0a94c70 100644
--- a/src/Microsoft.AspNet.Cors.Core/CorsOptions.cs
+++ b/src/Microsoft.AspNet.Cors.Core/CorsOptions.cs
@@ -13,8 +13,27 @@ namespace Microsoft.AspNet.Cors.Core
     /// </summary>
     public class CorsOptions
     {
+        private string _defaultPolicyName = "__DefaultCorsPolicy";
         private IDictionary<string, CorsPolicy> PolicyMap { get; } = new Dictionary<string, CorsPolicy>();
 
+        public string DefaultPolicyName
+        {
+            get
+            {
+                return _defaultPolicyName;
+            }
+
+            set
+            {
+                if (value == null)
+                {
+                    throw new ArgumentNullException("value");
+                }
+
+                _defaultPolicyName = value;
+            }
+        }
+
         /// <summary>
         /// Adds a new policy.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Cors.Core/CorsPolicyBuilder.cs b/src/Microsoft.AspNet.Cors.Core/CorsPolicyBuilder.cs
index 8330300..b9dd7d9 100644
--- a/src/Microsoft.AspNet.Cors.Core/CorsPolicyBuilder.cs
+++ b/src/Microsoft.AspNet.Cors.Core/CorsPolicyBuilder.cs
@@ -21,7 +21,7 @@ namespace Microsoft.AspNet.Cors
         /// <param name="origins">list of origins which can be added.</param>
         public CorsPolicyBuilder(params string[] origins)
         {
-            AddOrigins(origins);
+            WithOrigins(origins);
         }
 
         /// <summary>
@@ -38,7 +38,7 @@ namespace Microsoft.AspNet.Cors
         /// </summary>
         /// <param name="origins">The origins that are allowed.</param>
         /// <returns>The current policy builder</returns>
-        public CorsPolicyBuilder AddOrigins(params string[] origins)
+        public CorsPolicyBuilder WithOrigins(params string[] origins)
         {
             foreach (var req in origins)
             {
@@ -53,7 +53,7 @@ namespace Microsoft.AspNet.Cors
         /// </summary>
         /// <param name="headers">The headers which need to be allowed in the request.</param>
         /// <returns>The current policy builder</returns>
-        public CorsPolicyBuilder AddHeaders(params string[] headers)
+        public CorsPolicyBuilder WithHeaders(params string[] headers)
         {
             foreach (var req in headers)
             {
@@ -67,7 +67,7 @@ namespace Microsoft.AspNet.Cors
         /// </summary>
         /// <param name="exposedHeaders">The headers which need to be exposed to the client.</param>
         /// <returns>The current policy builder</returns>
-        public CorsPolicyBuilder AddExposedHeaders(params string[] exposedHeaders)
+        public CorsPolicyBuilder WithExposedHeaders(params string[] exposedHeaders)
         {
             foreach (var req in exposedHeaders)
             {
@@ -82,7 +82,7 @@ namespace Microsoft.AspNet.Cors
         /// </summary>
         /// <param name="methods">The methods which need to be added to the policy.</param>
         /// <returns>The current policy builder</returns>
-        public CorsPolicyBuilder AddMethods(params string[] methods)
+        public CorsPolicyBuilder WithMethods(params string[] methods)
         {
             foreach (var req in methods)
             {
@@ -173,10 +173,10 @@ namespace Microsoft.AspNet.Cors
         /// <returns>The current policy builder</returns>
         private CorsPolicyBuilder Combine([NotNull] CorsPolicy policy)
         {
-            AddOrigins(policy.Origins.ToArray());
-            AddHeaders(policy.Headers.ToArray());
-            AddExposedHeaders(policy.ExposedHeaders.ToArray());
-            AddMethods(policy.Methods.ToArray());
+            WithOrigins(policy.Origins.ToArray());
+            WithHeaders(policy.Headers.ToArray());
+            WithExposedHeaders(policy.ExposedHeaders.ToArray());
+            WithMethods(policy.Methods.ToArray());
             SetPreflightMaxAge(policy.PreflightMaxAge.Value);
 
             if (policy.SupportsCredentials)
diff --git a/src/Microsoft.AspNet.Cors.Core/CorsServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Cors.Core/CorsServiceCollectionExtensions.cs
index adb38d1..544b426 100644
--- a/src/Microsoft.AspNet.Cors.Core/CorsServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Cors.Core/CorsServiceCollectionExtensions.cs
@@ -36,6 +36,7 @@ namespace Microsoft.Framework.DependencyInjection
         {
             serviceCollection.AddOptions();
             serviceCollection.AddTransient<ICorsService, CorsService>();
+            serviceCollection.AddTransient<ICorsPolicyProvider, DefaultCorsPolicyProvider>();
             return serviceCollection;
         }
     }
diff --git a/src/Microsoft.AspNet.Cors.Core/DefaultCorsPolicyProvider.cs b/src/Microsoft.AspNet.Cors.Core/DefaultCorsPolicyProvider.cs
new file mode 100644
index 0000000..307744e
--- /dev/null
+++ b/src/Microsoft.AspNet.Cors.Core/DefaultCorsPolicyProvider.cs
@@ -0,0 +1,31 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+using Microsoft.AspNet.Http;
+using Microsoft.Framework.Internal;
+using Microsoft.Framework.OptionsModel;
+
+namespace Microsoft.AspNet.Cors.Core
+{
+    /// <inheritdoc />
+    public class DefaultCorsPolicyProvider : ICorsPolicyProvider
+    {
+        private readonly CorsOptions _options;
+
+        /// <summary>
+        /// Creates a new instance of <see cref="DefaultCorsPolicyProvider"/>.
+        /// </summary>
+        /// <param name="options">The options configured for the application.</param>
+        public DefaultCorsPolicyProvider(IOptions<CorsOptions> options)
+        {
+            _options = options.Options;
+        }
+
+        /// <inheritdoc />
+        public Task<CorsPolicy> GetPolicyAsync(HttpContext context, string policyName)
+        {
+            return Task.FromResult(_options.GetPolicy(policyName ?? _options.DefaultPolicyName));
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Cors.Core/ICorsPolicyProvider.cs b/src/Microsoft.AspNet.Cors.Core/ICorsPolicyProvider.cs
new file mode 100644
index 0000000..b837230
--- /dev/null
+++ b/src/Microsoft.AspNet.Cors.Core/ICorsPolicyProvider.cs
@@ -0,0 +1,23 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+using Microsoft.AspNet.Http;
+using Microsoft.Framework.Internal;
+
+namespace Microsoft.AspNet.Cors.Core
+{
+    /// <summary>
+    /// A type which can provide a <see cref="CorsPolicy"/> for a particular <see cref="HttpContext"/>.
+    /// </summary>
+    public interface ICorsPolicyProvider
+    {
+        /// <summary>
+        /// Gets a <see cref="CorsPolicy"/> from the given <paramref name="context"/>
+        /// </summary>
+        /// <param name="context">The <see cref="HttpContext"/> associated with this call.</param>
+        /// <param name="policyName">An optional policy name to look for.</param>
+        /// <returns>A <see cref="CorsPolicy"/></returns>
+        Task<CorsPolicy> GetPolicyAsync([NotNull] HttpContext context, string policyName);
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Cors.Core/Properties/Resources.Designer.cs b/src/Microsoft.AspNet.Cors.Core/Properties/Resources.Designer.cs
index f50fb00..8b6e085 100644
--- a/src/Microsoft.AspNet.Cors.Core/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Cors.Core/Properties/Resources.Designer.cs
@@ -10,70 +10,6 @@ namespace Microsoft.AspNet.Cors.Core
         private static readonly ResourceManager _resourceManager
             = new ResourceManager("Microsoft.AspNet.Cors.Core.Resources", typeof(Resources).GetTypeInfo().Assembly);
 
-        /// <summary>
-        /// The collection of headers '{0}' is not allowed.
-        /// </summary>
-        internal static string HeadersNotAllowed
-        {
-            get { return GetString("HeadersNotAllowed"); }
-        }
-
-        /// <summary>
-        /// The collection of headers '{0}' is not allowed.
-        /// </summary>
-        internal static string FormatHeadersNotAllowed(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("HeadersNotAllowed"), p0);
-        }
-
-        /// <summary>
-        /// The method '{0}' is not allowed.
-        /// </summary>
-        internal static string MethodNotAllowed
-        {
-            get { return GetString("MethodNotAllowed"); }
-        }
-
-        /// <summary>
-        /// The method '{0}' is not allowed.
-        /// </summary>
-        internal static string FormatMethodNotAllowed(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("MethodNotAllowed"), p0);
-        }
-
-        /// <summary>
-        /// The request does not contain the Origin header.
-        /// </summary>
-        internal static string NoOriginHeader
-        {
-            get { return GetString("NoOriginHeader"); }
-        }
-
-        /// <summary>
-        /// The request does not contain the Origin header.
-        /// </summary>
-        internal static string FormatNoOriginHeader()
-        {
-            return GetString("NoOriginHeader");
-        }
-
-        /// <summary>
-        /// The origin '{0}' is not allowed.
-        /// </summary>
-        internal static string OriginNotAllowed
-        {
-            get { return GetString("OriginNotAllowed"); }
-        }
-
-        /// <summary>
-        /// The origin '{0}' is not allowed.
-        /// </summary>
-        internal static string FormatOriginNotAllowed(object p0)
-        {
-            return string.Format(CultureInfo.CurrentCulture, GetString("OriginNotAllowed"), p0);
-        }
-
         /// <summary>
         /// PreflightMaxAge must be greater than or equal to 0.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Cors.Core/Resources.resx b/src/Microsoft.AspNet.Cors.Core/Resources.resx
index ef0e5b5..6b9ebaa 100644
--- a/src/Microsoft.AspNet.Cors.Core/Resources.resx
+++ b/src/Microsoft.AspNet.Cors.Core/Resources.resx
@@ -117,19 +117,7 @@
   <resheader name="writer">
       <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
-  <data name="HeadersNotAllowed" xml:space="preserve">
-    <value>The collection of headers '{0}' is not allowed.</value>
-  </data>
-    <data name="MethodNotAllowed" xml:space="preserve">
-    <value>The method '{0}' is not allowed.</value>
-  </data>
-    <data name="NoOriginHeader" xml:space="preserve">
-    <value>The request does not contain the Origin header.</value>
-  </data>
-    <data name="OriginNotAllowed" xml:space="preserve">
-    <value>The origin '{0}' is not allowed.</value>
-  </data>
-    <data name="PreflightMaxAgeOutOfRange" xml:space="preserve">
+  <data name="PreflightMaxAgeOutOfRange" xml:space="preserve">
     <value>PreflightMaxAge must be greater than or equal to 0.</value>
   </data>
 </root>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Cors/CorsMiddleware.cs b/src/Microsoft.AspNet.Cors/CorsMiddleware.cs
new file mode 100644
index 0000000..21c079e
--- /dev/null
+++ b/src/Microsoft.AspNet.Cors/CorsMiddleware.cs
@@ -0,0 +1,91 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Cors.Core;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.WebUtilities;
+using Microsoft.Framework.Internal;
+using Microsoft.Framework.OptionsModel;
+
+namespace Microsoft.AspNet.Cors
+{
+    /// <summary>
+    /// An ASP.NET middleware for handling CORS.
+    /// </summary>
+    public class CorsMiddleware
+    {
+        private readonly RequestDelegate _next;
+        private readonly ICorsService _corsService;
+        private readonly ICorsPolicyProvider _corsPolicyProvider;
+        private readonly CorsPolicy _policy;
+        private readonly string _corsPolicyName;
+
+        /// <summary>
+        /// Instantiates a new <see cref="CorsMiddleware"/>.
+        /// </summary>
+        /// <param name="next">The next middleware in the pipeline.</param>
+        /// <param name="corsService">An instance of <see cref="ICorsService"/>.</param>
+        /// <param name="policyProvider">A policy provider which can get an <see cref="CorsPolicy"/>.</param>
+        /// <param name="policyName">An optional name of the policy to be fetched.</param>
+        public CorsMiddleware(
+            [NotNull] RequestDelegate next,
+            [NotNull] ICorsService corsService,
+            [NotNull] ICorsPolicyProvider policyProvider,
+            string policyName)
+        {
+            _next = next;
+            _corsService = corsService;
+            _corsPolicyProvider = policyProvider;
+            _corsPolicyName = policyName;
+        }
+
+        /// <summary>
+        /// Instantiates a new <see cref="CorsMiddleware"/>.
+        /// </summary>
+        /// <param name="next">The next middleware in the pipeline.</param>
+        /// <param name="corsService">An instance of <see cref="ICorsService"/>.</param>
+        /// <param name="policy">An instance of the <see cref="CorsPolicy"/> which can be applied.</param>
+        public CorsMiddleware(
+           [NotNull] RequestDelegate next,
+           [NotNull] ICorsService corsService,
+           [NotNull] CorsPolicy policy)
+        {
+            _next = next;
+            _corsService = corsService;
+            _policy = policy;
+        }
+
+        /// <inheritdoc />
+        public async Task Invoke(HttpContext context)
+        {
+            if (context.Request.Headers.ContainsKey(CorsConstants.Origin))
+            {
+                var corsPolicy = _policy ?? await _corsPolicyProvider?.GetPolicyAsync(context, _corsPolicyName);
+                if (corsPolicy != null)
+                {
+                    var corsResult = _corsService.EvaluatePolicy(context, corsPolicy);
+                    _corsService.ApplyResult(corsResult, context.Response);
+
+                    var accessControlRequestMethod = 
+                        context.Request.Headers.Get(CorsConstants.AccessControlRequestMethod);
+                    if (string.Equals(
+                            context.Request.Method,
+                            CorsConstants.PreflightHttpMethod,
+                            StringComparison.Ordinal) &&
+                        accessControlRequestMethod != null)
+                    {
+                        // Since there is a policy which was identified,
+                        // always respond to preflight requests.
+                        context.Response.StatusCode = StatusCodes.Status204NoContent;
+                        return;
+                    }
+                }
+            }
+
+            await _next(context);
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Cors/CorsMiddlewareExtensions.cs b/src/Microsoft.AspNet.Cors/CorsMiddlewareExtensions.cs
new file mode 100644
index 0000000..88e529d
--- /dev/null
+++ b/src/Microsoft.AspNet.Cors/CorsMiddlewareExtensions.cs
@@ -0,0 +1,43 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Cors;
+using Microsoft.AspNet.Cors.Core;
+using Microsoft.Framework.Internal;
+
+namespace Microsoft.AspNet.Builder
+{
+    /// <summary>
+    /// The <see cref="IApplicationBuilder"/> extensions for adding CORS middleware support.
+    /// </summary>
+    public static class CorsMiddlewareExtensions
+    {
+        /// <summary>
+        /// Adds a CORS middleware to your web application pipeline to allow cross domain requests.
+        /// </summary>
+        /// <param name="app">The IApplicationBuilder passed to your Configure method</param>
+        /// <param name="policyName">The policy name of a configured policy.</param>
+        /// <returns>The original app parameter</returns>
+        public static IApplicationBuilder UseCors([NotNull]this IApplicationBuilder app, string policyName)
+        {
+            return app.UseMiddleware<CorsMiddleware>(policyName);
+        }
+
+        /// <summary>
+        /// Adds a CORS middleware to your web application pipeline to allow cross domain requests.
+        /// </summary>
+        /// <param name="app">The IApplicationBuilder passed to your Configure method.</param>
+        /// <param name="configurePolicy">A delegate which can use a policy builder to build a policy.</param>
+        /// <returns>The original app parameter</returns>
+        public static IApplicationBuilder UseCors(
+            [NotNull] this IApplicationBuilder app,
+            [NotNull] Action<CorsPolicyBuilder> configurePolicy)
+        {
+            var policyBuilder = new CorsPolicyBuilder();
+            configurePolicy(policyBuilder);
+            return app.UseMiddleware<CorsMiddleware>(policyBuilder.Build());
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Cors/Microsoft.AspNet.Cors.xproj b/src/Microsoft.AspNet.Cors/Microsoft.AspNet.Cors.xproj
new file mode 100644
index 0000000..34f1a25
--- /dev/null
+++ b/src/Microsoft.AspNet.Cors/Microsoft.AspNet.Cors.xproj
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>41349fcd-d1c4-47a6-82d0-d16d00a8d59d</ProjectGuid>
+    <RootNamespace>Microsoft.AspNet.Cors</RootNamespace>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+  </PropertyGroup>
+
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Cors/project.json b/src/Microsoft.AspNet.Cors/project.json
new file mode 100644
index 0000000..bf9e28e
--- /dev/null
+++ b/src/Microsoft.AspNet.Cors/project.json
@@ -0,0 +1,21 @@
+{
+    "version": "1.0.0-*",
+    "dependencies": {
+        "Microsoft.AspNet.Cors.Core": "1.0.0-*",
+        "Microsoft.AspNet.RequestContainer": "1.0.0-*",
+        "Microsoft.AspNet.WebUtilities": "1.0.0-*",
+        "Microsoft.Framework.NotNullAttribute.Internal": { "version": "1.0.0-*", "type": "build" }
+    },
+
+    "frameworks" : {
+        "dnx451" : { 
+            "dependencies": {
+            }
+        },
+        "dnxcore50" : { 
+            "dependencies": {
+                "System.Runtime": "4.0.20-beta-*"
+            }
+        }
+    }
+}
diff --git a/test/Microsoft.AspNet.Cors.Core.Test/CorsPolicyBuilderTests.cs b/test/Microsoft.AspNet.Cors.Core.Test/CorsPolicyBuilderTests.cs
index 3a7a722..2b6d424 100644
--- a/test/Microsoft.AspNet.Cors.Core.Test/CorsPolicyBuilderTests.cs
+++ b/test/Microsoft.AspNet.Cors.Core.Test/CorsPolicyBuilderTests.cs
@@ -83,13 +83,13 @@ namespace Microsoft.AspNet.Cors.Core.Test
         }
 
         [Fact]
-        public void AddOrigins_AddsOrigins()
+        public void WithOrigins_AddsOrigins()
         {
             // Arrange
             var builder = new CorsPolicyBuilder();
 
             // Act
-            builder.AddOrigins("http://example.com", "http://example2.com");
+            builder.WithOrigins("http://example.com", "http://example2.com");
 
             // Assert
             var corsPolicy = builder.Build();
@@ -114,13 +114,13 @@ namespace Microsoft.AspNet.Cors.Core.Test
 
 
         [Fact]
-        public void AddMethods_AddsMethods()
+        public void WithMethods_AddsMethods()
         {
             // Arrange
             var builder = new CorsPolicyBuilder();
 
             // Act
-            builder.AddMethods("PUT", "GET");
+            builder.WithMethods("PUT", "GET");
 
             // Assert
             var corsPolicy = builder.Build();
@@ -144,13 +144,13 @@ namespace Microsoft.AspNet.Cors.Core.Test
         }
 
         [Fact]
-        public void AddHeaders_AddsHeaders()
+        public void WithHeaders_AddsHeaders()
         {
             // Arrange
             var builder = new CorsPolicyBuilder();
 
             // Act
-            builder.AddHeaders("example1", "example2");
+            builder.WithHeaders("example1", "example2");
 
             // Assert
             var corsPolicy = builder.Build();
@@ -174,13 +174,13 @@ namespace Microsoft.AspNet.Cors.Core.Test
         }
 
         [Fact]
-        public void AddExposedHeaders_AddsExposedHeaders()
+        public void WithExposedHeaders_AddsExposedHeaders()
         {
             // Arrange
             var builder = new CorsPolicyBuilder();
 
             // Act
-            builder.AddExposedHeaders("exposed1", "exposed2");
+            builder.WithExposedHeaders("exposed1", "exposed2");
 
             // Assert
             var corsPolicy = builder.Build();
diff --git a/test/Microsoft.AspNet.Cors.Core.Test/DefaultCorsPolicyProviderTests.cs b/test/Microsoft.AspNet.Cors.Core.Test/DefaultCorsPolicyProviderTests.cs
new file mode 100644
index 0000000..a04297b
--- /dev/null
+++ b/test/Microsoft.AspNet.Cors.Core.Test/DefaultCorsPolicyProviderTests.cs
@@ -0,0 +1,58 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Threading.Tasks;
+using Microsoft.AspNet.Http.Core;
+using Microsoft.Framework.OptionsModel;
+using Moq;
+using Xunit;
+
+namespace Microsoft.AspNet.Cors.Core.Test
+{
+    public class DefaultPolicyProviderTests
+    {
+        [Fact]
+        public async Task UsesTheDefaultPolicyName()
+        {
+            // Arrange
+            var options = new CorsOptions();
+            var policy = new CorsPolicy();
+            options.AddPolicy(options.DefaultPolicyName, policy);
+
+            var mockOptions = new Mock<IOptions<CorsOptions>>();
+            mockOptions
+                .SetupGet(o => o.Options)
+                .Returns(options);
+            var policyProvider = new DefaultCorsPolicyProvider(mockOptions.Object);
+
+            // Act 
+            var actualPolicy = await policyProvider.GetPolicyAsync(new DefaultHttpContext(), policyName: null);
+
+            // Assert
+            Assert.Same(policy, actualPolicy);
+        }
+
+        [Theory]
+        [InlineData("")]
+        [InlineData("policyName")]
+        public async Task GetsNamedPolicy(string policyName)
+        {
+            // Arrange
+            var options = new CorsOptions();
+            var policy = new CorsPolicy();
+            options.AddPolicy(policyName, policy);
+
+            var mockOptions = new Mock<IOptions<CorsOptions>>();
+            mockOptions
+                .SetupGet(o => o.Options)
+                .Returns(options);
+            var policyProvider = new DefaultCorsPolicyProvider(mockOptions.Object);
+
+            // Act 
+            var actualPolicy = await policyProvider.GetPolicyAsync(new DefaultHttpContext(), policyName);
+
+            // Assert
+            Assert.Same(policy, actualPolicy);
+        }
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Cors.Core.Test/project.json b/test/Microsoft.AspNet.Cors.Core.Test/project.json
index 3391960..4c01305 100644
--- a/test/Microsoft.AspNet.Cors.Core.Test/project.json
+++ b/test/Microsoft.AspNet.Cors.Core.Test/project.json
@@ -5,11 +5,11 @@
         "Microsoft.AspNet.Cors.Core": "1.0.0-*",
         "Microsoft.AspNet.Http.Core": "1.0.0-*",
         "Moq": "4.2.1312.1622",
-        "xunit.runner.kre": "1.0.0-*"
+        "xunit.runner.aspnet": "2.0.0-aspnet-*"
     },
 
     "commands": {
-        "test": "xunit.runner.kre"
+        "test": "xunit.runner.aspnet"
     },
 
     "frameworks" : {
diff --git a/test/Microsoft.AspNet.Cors.Test/CorsMiddlewareTests.cs b/test/Microsoft.AspNet.Cors.Test/CorsMiddlewareTests.cs
new file mode 100644
index 0000000..fc7da7b
--- /dev/null
+++ b/test/Microsoft.AspNet.Cors.Test/CorsMiddlewareTests.cs
@@ -0,0 +1,214 @@
+// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Linq;
+using System.Net;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Cors.Core;
+using Microsoft.AspNet.Http;
+using Microsoft.AspNet.Http.Core;
+using Microsoft.AspNet.TestHost;
+using Microsoft.Framework.DependencyInjection;
+using Moq;
+using Xunit;
+
+namespace Microsoft.AspNet.Cors.Test
+{
+    public class CorsMiddlewareTests
+    {
+        [Fact]
+        public async Task CorsRequest_MatchPolicy_SetsResponseHeaders()
+        {
+            // Arrange
+            using (var server = TestServer.Create(app =>
+            {
+                app.UseServices(services => services.AddCors());
+                app.UseCors(builder => 
+                    builder.WithOrigins("http://localhost:5001")
+                           .WithMethods("PUT")
+                           .WithHeaders("Header1")
+                           .WithExposedHeaders("AllowedHeader"));
+                app.Run(async context =>
+                {
+                    await context.Response.WriteAsync("Cross origin response");
+                });
+            }))
+            {
+                // Act
+                // Actual request.
+                var response = await server.CreateRequest("/")
+                    .AddHeader(CorsConstants.Origin, "http://localhost:5001")
+                    .SendAsync("PUT");
+
+                // Assert
+                response.EnsureSuccessStatusCode();
+                Assert.Equal(2, response.Headers.Count());
+                Assert.Equal("Cross origin response", await response.Content.ReadAsStringAsync());
+                Assert.Equal("http://localhost:5001", response.Headers.GetValues(CorsConstants.AccessControlAllowOrigin).FirstOrDefault());
+                Assert.Equal("AllowedHeader", response.Headers.GetValues(CorsConstants.AccessControlExposeHeaders).FirstOrDefault());
+            }
+        }
+
+        [Fact]
+        public async Task PreFlight_MatchesPolicy_SetsResponseHeaders()
+        {
+            // Arrange
+            var policy = new CorsPolicy();
+            policy.Origins.Add("http://localhost:5001");
+            policy.Methods.Add("PUT");
+            policy.Headers.Add("Header1");
+            policy.ExposedHeaders.Add("AllowedHeader");
+
+            using (var server = TestServer.Create(app =>
+            {
+                app.UseServices(services =>
+                {
+                    services.AddCors();
+                    services.ConfigureCors(options =>
+                    {
+                        options.AddPolicy("customPolicy", policy);
+                    });
+                });
+                app.UseCors("customPolicy");
+                app.Run(async context =>
+                {
+                    await context.Response.WriteAsync("Cross origin response");
+                });
+            }))
+            {
+                // Act
+                // Preflight request.
+                var response = await server.CreateRequest("/")
+                    .AddHeader(CorsConstants.Origin, "http://localhost:5001")
+                    .AddHeader(CorsConstants.AccessControlRequestMethod, "PUT")
+                    .SendAsync(CorsConstants.PreflightHttpMethod);
+
+                // Assert
+                response.EnsureSuccessStatusCode();
+                Assert.Equal(2, response.Headers.Count());
+                Assert.Equal("http://localhost:5001", response.Headers.GetValues(CorsConstants.AccessControlAllowOrigin).FirstOrDefault());
+                Assert.Equal("PUT", response.Headers.GetValues(CorsConstants.AccessControlAllowMethods).FirstOrDefault());
+            }
+        }
+
+        [Fact]
+        public async Task PreFlightRequest_DoesNotMatchPolicy_DoesNotSetHeaders()
+        {
+            // Arrange
+            using (var server = TestServer.Create(app =>
+            {
+                app.UseServices(services => services.AddCors());
+                app.UseCors(builder =>
+                    builder.WithOrigins("http://localhost:5001")
+                           .WithMethods("PUT")
+                           .WithHeaders("Header1")
+                           .WithExposedHeaders("AllowedHeader"));
+                app.Run(async context =>
+                {
+                    await context.Response.WriteAsync("Cross origin response");
+                });
+            }))
+            {
+                // Act
+                // Preflight request.
+                var response = await server.CreateRequest("/")
+                    .AddHeader(CorsConstants.Origin, "http://localhost:5002")
+                    .AddHeader(CorsConstants.AccessControlRequestMethod, "PUT")
+                    .SendAsync(CorsConstants.PreflightHttpMethod);
+
+                // Assert
+                Assert.Equal(HttpStatusCode.NoContent, response.StatusCode);
+                Assert.Empty(response.Headers);
+            }
+        }
+
+        [Fact]
+        public async Task CorsRequest_DoesNotMatchPolicy_DoesNotSetHeaders()
+        {
+            // Arrange
+            using (var server = TestServer.Create(app =>
+            {
+                app.UseServices(services => services.AddCors());
+                app.UseCors(builder => 
+                    builder.WithOrigins("http://localhost:5001")
+                           .WithMethods("PUT")
+                           .WithHeaders("Header1")
+                           .WithExposedHeaders("AllowedHeader"));
+                app.Run(async context =>
+                {
+                    await context.Response.WriteAsync("Cross origin response");
+                });
+            }))
+            {
+                // Act
+                // Actual request.
+                var response = await server.CreateRequest("/")
+                    .AddHeader(CorsConstants.Origin, "http://localhost:5002")
+                    .SendAsync("PUT");
+
+                // Assert
+                Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+                Assert.Empty(response.Headers);
+            }
+        }
+
+        [Fact]
+        public async Task Uses_PolicyProvider_AsFallback()
+        {
+            // Arrange 
+            var corsService = Mock.Of<ICorsService>();
+            var mockProvider = new Mock<ICorsPolicyProvider>();
+            mockProvider.Setup(o => o.GetPolicyAsync(It.IsAny<HttpContext>(), It.IsAny<string>()))
+                .Returns(Task.FromResult<CorsPolicy>(null))
+                .Verifiable();
+
+            var middleware = new CorsMiddleware(
+                Mock.Of<RequestDelegate>(),
+                corsService,
+                mockProvider.Object,
+                policyName: null);
+
+            var httpContext = new DefaultHttpContext();
+            httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" });
+
+            // Act
+            await middleware.Invoke(httpContext);
+
+            // Assert
+            mockProvider.Verify(
+                o => o.GetPolicyAsync(It.IsAny<HttpContext>(), It.IsAny<string>()),
+                Times.Once);
+        }
+
+        [Fact]
+        public async Task DoesNotSetHeaders_ForNoPolicy()
+        {
+            // Arrange 
+            var corsService = Mock.Of<ICorsService>();
+            var mockProvider = new Mock<ICorsPolicyProvider>();
+            mockProvider.Setup(o => o.GetPolicyAsync(It.IsAny<HttpContext>(), It.IsAny<string>()))
+                .Returns(Task.FromResult<CorsPolicy>(null))
+                .Verifiable();
+
+            var middleware = new CorsMiddleware(
+                Mock.Of<RequestDelegate>(),
+                corsService,
+                mockProvider.Object,
+                policyName: null);
+
+            var httpContext = new DefaultHttpContext();
+            httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" });
+
+            // Act
+            await middleware.Invoke(httpContext);
+
+            // Assert
+            Assert.Equal(200, httpContext.Response.StatusCode);
+            Assert.Empty(httpContext.Response.Headers);
+            mockProvider.Verify(
+                o => o.GetPolicyAsync(It.IsAny<HttpContext>(), It.IsAny<string>()),
+                Times.Once);
+        }
+    }
+}
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Cors.Test/Microsoft.AspNet.Cors.Test.xproj b/test/Microsoft.AspNet.Cors.Test/Microsoft.AspNet.Cors.Test.xproj
new file mode 100644
index 0000000..e1e0c40
--- /dev/null
+++ b/test/Microsoft.AspNet.Cors.Test/Microsoft.AspNet.Cors.Test.xproj
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
+  </PropertyGroup>
+
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.Props" Condition="'$(VSToolsPath)' != ''" />
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>f05be96f-f869-4408-a480-96935b4835ee</ProjectGuid>
+    <RootNamespace>Microsoft.AspNet.Cors.Test</RootNamespace>
+    <BaseIntermediateOutputPath Condition="'$(BaseIntermediateOutputPath)'=='' ">..\..\artifacts\obj\$(MSBuildProjectName)</BaseIntermediateOutputPath>
+    <OutputPath Condition="'$(OutputPath)'=='' ">..\..\artifacts\bin\$(MSBuildProjectName)\</OutputPath>
+  </PropertyGroup>
+
+  <PropertyGroup>
+    <SchemaVersion>2.0</SchemaVersion>
+  </PropertyGroup>
+  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+</Project>
\ No newline at end of file
diff --git a/test/Microsoft.AspNet.Cors.Test/project.json b/test/Microsoft.AspNet.Cors.Test/project.json
new file mode 100644
index 0000000..a75b306
--- /dev/null
+++ b/test/Microsoft.AspNet.Cors.Test/project.json
@@ -0,0 +1,17 @@
+{
+    "version": "1.0.0-*",
+    "dependencies": {
+        "Microsoft.AspNet.Cors": "1.0.0-*",
+        "Microsoft.AspNet.TestHost": "1.0.0-*",
+        "Moq": "4.2.1312.1622",
+        "xunit.runner.aspnet": "2.0.0-aspnet-*"
+    },
+    "commands": {
+        "test": "xunit.runner.aspnet"
+    },
+    "frameworks": {
+        "dnx451": {
+            "dependencies": {}
+        }
+    }
+}
\ No newline at end of file