diff --git a/api/HelloYou.cs b/api/HelloYou.cs
new file mode 100644
index 0000000..c0d59f2
--- /dev/null
+++ b/api/HelloYou.cs
@@ -0,0 +1,45 @@
+using System;
+using System.IO;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Azure.WebJobs;
+using Microsoft.Azure.WebJobs.Extensions.Http;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging;
+using Newtonsoft.Json;
+using System.Security.Claims;
+
+namespace demo.Function
+{
+    public static class HelloYou
+    {
+        [FunctionName("HelloYou")]
+        public static async Task<IActionResult> Run(
+            [HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = "secured/HelloYou")] HttpRequest req,
+            ILogger log,
+            ClaimsPrincipal principal)
+        {
+            log.LogInformation("C# HTTP trigger function processed a request.");
+
+            bool isClaimValid = true;
+
+            if (principal == null && !principal.Identity.IsAuthenticated)
+            {
+                log.LogWarning("Request was not authenticated.");
+                isClaimValid = false;
+            }
+
+            string name = req.Query["name"];
+
+            string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
+            dynamic data = JsonConvert.DeserializeObject(requestBody);
+            name = name ?? data?.name;
+
+            string responseMessage = string.IsNullOrEmpty(name)
+                ? "This SECURED HTTP triggered function executed successfully. Pass a name in the query string or in the request body for a personalized response."
+                : $"Bonjour Hi, {name}. This SECURED HTTP triggered function executed successfully.";
+
+            return new OkObjectResult(responseMessage);
+        }
+    }
+}
\ No newline at end of file
diff --git a/api/JustHello.cs b/api/JustHello.cs
index 1900ba5..869080d 100644
--- a/api/JustHello.cs
+++ b/api/JustHello.cs
@@ -7,6 +7,7 @@ using Microsoft.Azure.WebJobs.Extensions.Http;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json;
+using System.Security.Claims;
 
 namespace demo.Function
 {
@@ -14,11 +15,12 @@ namespace demo.Function
     {
         [FunctionName("JustHello")]
         public static async Task<IActionResult> Run(
-            [HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,
-            ILogger log)
+            [HttpTrigger(AuthorizationLevel.Function, "get", "post")] HttpRequest req,
+            ILogger log,
+            ClaimsPrincipal principal)
         {
             log.LogInformation("C# HTTP trigger function processed a request.");
-
+      
             string name = req.Query["name"];
 
             string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
@@ -26,10 +28,10 @@ namespace demo.Function
             name = name ?? data?.name;
 
             string responseMessage = string.IsNullOrEmpty(name)
-                ? "This HTTP triggered function executed successfully. Pass a name in the query string or in the request body for a personalized response."
-                : $"Bonjour Hi, {name}. This HTTP triggered function executed successfully.";
+                ? "This SECURED HTTP triggered function executed successfully. Pass a name in the query string or in the request body for a personalized response."
+                : $"Bonjour Hi, {name}. This SECURED HTTP triggered function executed successfully.";
 
             return new OkObjectResult(responseMessage);
         }
     }
-}
+}
\ No newline at end of file
diff --git a/app/App.razor b/app/App.razor
index b941644..8154eac 100644
--- a/app/App.razor
+++ b/app/App.razor
@@ -1,10 +1,14 @@
-<Router AppAssembly="@typeof(Program).Assembly" PreferExactMatches="@true">
-    <Found Context="routeData">
-        <RouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)" />
-    </Found>
-    <NotFound>
-        <LayoutView Layout="@typeof(MainLayout)">
-            <p>Sorry, there's nothing at this address.</p>
-        </LayoutView>
-    </NotFound>
-</Router>
+@using Microsoft.AspNetCore.Components.Authorization
+
+<CascadingAuthenticationState>
+    <Router AppAssembly="@typeof(Program).Assembly" PreferExactMatches="@true">
+        <Found Context="routeData">
+            <AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)" />
+        </Found>
+        <NotFound>
+            <LayoutView Layout="@typeof(MainLayout)">
+                <p>Sorry, there's nothing at this address.</p>
+            </LayoutView>
+        </NotFound>
+    </Router>
+</CascadingAuthenticationState>
diff --git a/app/Pages/FetchData.razor b/app/Pages/FetchData.razor
index 4432ee5..6141cd4 100644
--- a/app/Pages/FetchData.razor
+++ b/app/Pages/FetchData.razor
@@ -1,5 +1,7 @@
 @page "/fetchdata"
 @inject HttpClient Http
+@using Microsoft.AspNetCore.Authorization
+@attribute [Authorize]
 
 <h1>Weather forecast</h1>
 
diff --git a/app/Pages/LoginProviders.razor b/app/Pages/LoginProviders.razor
new file mode 100644
index 0000000..a3e4618
--- /dev/null
+++ b/app/Pages/LoginProviders.razor
@@ -0,0 +1,26 @@
+@page "/login-providers"
+
+@{
+
+    var providers = new Dictionary<string, string[]>
+    {
+        { "github", new string[3]{ "github", "github", "GitHub"}}, 
+        { "twitter", new string[3]{ "twitter","twitter", "Twitter" }},
+        { "microsoft", new string[3]{ "windows", "aad", "Azure AD" }}
+    };
+}
+
+<h1>Login</h1>
+
+<div class="container">
+    @foreach(var provider in providers)
+    {
+        <div class="row">
+            <div class="col-sm-12 col-md-9 col-lg-6">
+                <a class="btn btn-block btn-lg btn-social btn-@provider.Key" href="/.auth/login/@provider.Value[1]">
+                    <span class="fa fa-@provider.Value[0]"></span> Sign in with @provider.Value[2]
+                </a>
+            </div>
+        </div>
+    }
+</div>
\ No newline at end of file
diff --git a/app/Pages/Secured.razor b/app/Pages/Secured.razor
new file mode 100644
index 0000000..c96efd9
--- /dev/null
+++ b/app/Pages/Secured.razor
@@ -0,0 +1,19 @@
+@page "/secured"
+@using Microsoft.AspNetCore.Authorization
+@inject HttpClient Http
+@attribute [Authorize(Roles = "admin")]
+
+<h1>Azure Function Test</h1>
+
+<h2>@result</h2>
+
+@code {
+    private string result = "temp value";
+
+    protected override async Task OnInitializedAsync()
+    {
+        var response = await Http.GetStringAsync("/api/secured/HelloYou?name=cloudies");
+        result = response.ToString();
+    }
+
+}
\ No newline at end of file
diff --git a/app/Program.cs b/app/Program.cs
index f1f0233..2133110 100644
--- a/app/Program.cs
+++ b/app/Program.cs
@@ -7,6 +7,7 @@ using Microsoft.AspNetCore.Components.WebAssembly.Hosting;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
+using Microsoft.Azure.Functions.Authentication.WebAssembly;
 
 namespace SimpleDemo
 {
@@ -18,6 +19,7 @@ namespace SimpleDemo
             builder.RootComponents.Add<App>("#app");
 
             builder.Services.AddScoped(sp => new HttpClient { BaseAddress = new Uri(builder.HostEnvironment.BaseAddress) });
+            builder.Services.AddStaticWebAppsAuthentication();
 
             await builder.Build().RunAsync();
         }
diff --git a/app/Shared/MainLayout.razor b/app/Shared/MainLayout.razor
index a76e097..e174f43 100644
--- a/app/Shared/MainLayout.razor
+++ b/app/Shared/MainLayout.razor
@@ -1,4 +1,5 @@
 @inherits LayoutComponentBase
+@using Microsoft.AspNetCore.Components.Authorization
 
 <div class="page">
     <div class="sidebar">
@@ -7,7 +8,15 @@
 
     <div class="main">
         <div class="top-row px-4">
-            <a href="http://blazor.net" target="_blank" class="ml-md-auto">About</a>
+            <AuthorizeView>
+                <Authorized>
+                    Hello, @context.User.Identity.Name!
+                    <a href="/.auth/logout?post_logout_redirect_uri=/">Log out</a>
+                </Authorized>
+                <NotAuthorized>
+                    <a href="/login-providers">Log in</a>
+                </NotAuthorized>
+            </AuthorizeView>
         </div>
 
         <div class="content px-4">
diff --git a/app/Shared/NavMenu.razor b/app/Shared/NavMenu.razor
index 7287750..8df08c1 100644
--- a/app/Shared/NavMenu.razor
+++ b/app/Shared/NavMenu.razor
@@ -22,6 +22,11 @@
                 <span class="oi oi-list-rich" aria-hidden="true"></span> Fetch data
             </NavLink>
         </li>
+        <li class="nav-item px-3">
+            <NavLink class="nav-link" href="secured">
+                <span class="oi oi-list-rich" aria-hidden="true"></span> Secured
+            </NavLink>
+        </li>
     </ul>
 </div>
 
diff --git a/app/SimpleDemo.csproj b/app/SimpleDemo.csproj
index 3889c44..4cf7ec5 100644
--- a/app/SimpleDemo.csproj
+++ b/app/SimpleDemo.csproj
@@ -7,6 +7,7 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="5.0.6" />
     <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="5.0.6" PrivateAssets="all" />
+    <PackageReference Include="Microsoft.Azure.Functions.Authentication.WebAssembly" Version="1.0.1-preview" />
     <PackageReference Include="System.Net.Http.Json" Version="5.0.0" />
   </ItemGroup>