diff --git a/src/Umbraco.Core/Constants-Web.cs b/src/Umbraco.Core/Constants-Web.cs
index f6c2df14c3..e2f2841dc3 100644
--- a/src/Umbraco.Core/Constants-Web.cs
+++ b/src/Umbraco.Core/Constants-Web.cs
@@ -22,6 +22,8 @@
 	    public static class Security
 	    {
 
+            public const string BackOfficeAuthenticationType = "UmbracoBackOffice";
+
 	        public const string StartContentNodeIdClaimType = "http://umbraco.org/2015/02/identity/claims/backoffice/startcontentnode";
             public const string StartMediaNodeIdClaimType = "http://umbraco.org/2015/02/identity/claims/backoffice/startmedianode";
             public const string AllowedApplicationsClaimType = "http://umbraco.org/2015/02/identity/claims/backoffice/allowedapps";
diff --git a/src/Umbraco.Core/Models/Identity/BackOfficeIdentityUser.cs b/src/Umbraco.Core/Models/Identity/BackOfficeIdentityUser.cs
new file mode 100644
index 0000000000..087f5913e6
--- /dev/null
+++ b/src/Umbraco.Core/Models/Identity/BackOfficeIdentityUser.cs
@@ -0,0 +1,60 @@
+using System;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Collections.Specialized;
+
+namespace Umbraco.Core.Models.Identity
+{
+    public class BackOfficeIdentityUser : IdentityUser<int, IIdentityUserLogin, IdentityUserRole<string>, IdentityUserClaim<int>>
+    {
+        /// <summary>
+        /// Gets/sets the user's real name
+        /// </summary>
+        public string Name { get; set; }
+        public int StartContentNode { get; set; }
+        public int StartMediaNode { get; set; }
+        public string[] AllowedApplications { get; set; }
+        public string Culture { get; set; }
+
+        /// <summary>
+        /// Overridden to make the retrieval lazy
+        /// </summary>
+        public override ICollection<IIdentityUserLogin> Logins
+        {
+            get
+            {
+                if (_getLogins != null && _getLogins.IsValueCreated == false)
+                {
+                    _logins = new ObservableCollection<IIdentityUserLogin>();
+                    foreach (var l in _getLogins.Value)
+                    {
+                        _logins.Add(l);
+                    }
+                    //now assign events
+                    _logins.CollectionChanged += Logins_CollectionChanged;
+                }
+                return _logins;
+            }
+        }
+
+        public bool LoginsChanged { get; private set; }
+
+        void Logins_CollectionChanged(object sender, NotifyCollectionChangedEventArgs e)
+        {
+            LoginsChanged = true;
+        }
+
+        private ObservableCollection<IIdentityUserLogin> _logins;
+        private Lazy<IEnumerable<IIdentityUserLogin>> _getLogins;
+
+        /// <summary>
+        /// Used to set a lazy call back to populate the user's Login list
+        /// </summary>
+        /// <param name="callback"></param>
+        public void SetLoginsCallback(Lazy<IEnumerable<IIdentityUserLogin>> callback)
+        {
+            if (callback == null) throw new ArgumentNullException("callback");
+            _getLogins = callback;
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Core/Models/Identity/IIdentityUserLogin.cs b/src/Umbraco.Core/Models/Identity/IIdentityUserLogin.cs
new file mode 100644
index 0000000000..c95722f4e3
--- /dev/null
+++ b/src/Umbraco.Core/Models/Identity/IIdentityUserLogin.cs
@@ -0,0 +1,25 @@
+using Umbraco.Core.Models.EntityBase;
+
+namespace Umbraco.Core.Models.Identity
+{
+    public interface IIdentityUserLogin : IAggregateRoot, IRememberBeingDirty, ICanBeDirty
+    {
+        /// <summary>
+        /// The login provider for the login (i.e. facebook, google)
+        /// 
+        /// </summary>
+        string LoginProvider { get; set; }
+
+        /// <summary>
+        /// Key representing the login for the provider
+        /// 
+        /// </summary>
+        string ProviderKey { get; set; }
+
+        /// <summary>
+        /// User Id for the user who owns this login
+        /// 
+        /// </summary>
+        int UserId { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Core/Models/Identity/IdentityUser.cs b/src/Umbraco.Core/Models/Identity/IdentityUser.cs
new file mode 100644
index 0000000000..09306bb1f0
--- /dev/null
+++ b/src/Umbraco.Core/Models/Identity/IdentityUser.cs
@@ -0,0 +1,122 @@
+using System;
+using System.Collections.Generic;
+using Microsoft.AspNet.Identity;
+
+namespace Umbraco.Core.Models.Identity
+{
+    /// <summary>
+    /// Default IUser implementation
+    /// </summary>
+    /// <typeparam name="TKey"/><typeparam name="TLogin"/><typeparam name="TRole"/><typeparam name="TClaim"/>
+    /// <remarks>
+    /// This class normally exists inside of the EntityFramework library, not sure why MS chose to explicitly put it there but we don't want
+    /// references to that so we will create our own here
+    /// </remarks>
+    public class IdentityUser<TKey, TLogin, TRole, TClaim> : IUser<TKey>
+        where TLogin : IIdentityUserLogin
+        //NOTE: Making our role id a string
+        where TRole : IdentityUserRole<string>
+        where TClaim : IdentityUserClaim<TKey>
+    {
+        /// <summary>
+        /// Email
+        /// 
+        /// </summary>
+        public virtual string Email { get; set; }
+
+        /// <summary>
+        /// True if the email is confirmed, default is false
+        /// 
+        /// </summary>
+        public virtual bool EmailConfirmed { get; set; }
+
+        /// <summary>
+        /// The salted/hashed form of the user password
+        /// 
+        /// </summary>
+        public virtual string PasswordHash { get; set; }
+
+        /// <summary>
+        /// A random value that should change whenever a users credentials have changed (password changed, login removed)
+        /// 
+        /// </summary>
+        public virtual string SecurityStamp { get; set; }
+
+        /// <summary>
+        /// PhoneNumber for the user
+        /// 
+        /// </summary>
+        public virtual string PhoneNumber { get; set; }
+
+        /// <summary>
+        /// True if the phone number is confirmed, default is false
+        /// 
+        /// </summary>
+        public virtual bool PhoneNumberConfirmed { get; set; }
+
+        /// <summary>
+        /// Is two factor enabled for the user
+        /// 
+        /// </summary>
+        public virtual bool TwoFactorEnabled { get; set; }
+
+        /// <summary>
+        /// DateTime in UTC when lockout ends, any time in the past is considered not locked out.
+        /// 
+        /// </summary>
+        public virtual DateTime? LockoutEndDateUtc { get; set; }
+
+        /// <summary>
+        /// Is lockout enabled for this user
+        /// 
+        /// </summary>
+        public virtual bool LockoutEnabled { get; set; }
+
+        /// <summary>
+        /// Used to record failures for the purposes of lockout
+        /// 
+        /// </summary>
+        public virtual int AccessFailedCount { get; set; }
+
+        /// <summary>
+        /// Navigation property for user roles
+        /// 
+        /// </summary>
+        public virtual ICollection<TRole> Roles { get; private set; }
+
+        /// <summary>
+        /// Navigation property for user claims
+        /// 
+        /// </summary>
+        public virtual ICollection<TClaim> Claims { get; private set; }
+
+        /// <summary>
+        /// Navigation property for user logins
+        /// 
+        /// </summary>
+        public virtual ICollection<TLogin> Logins { get; private set; }
+
+        /// <summary>
+        /// User ID (Primary Key)
+        /// 
+        /// </summary>
+        public virtual TKey Id { get; set; }
+
+        /// <summary>
+        /// User name
+        /// 
+        /// </summary>
+        public virtual string UserName { get; set; }
+
+        /// <summary>
+        /// Constructor
+        /// 
+        /// </summary>
+        public IdentityUser()
+        {
+            this.Claims = new List<TClaim>();
+            this.Roles = new List<TRole>();
+            this.Logins = new List<TLogin>();
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Core/Models/Identity/IdentityUserClaim.cs b/src/Umbraco.Core/Models/Identity/IdentityUserClaim.cs
new file mode 100644
index 0000000000..832438f3c3
--- /dev/null
+++ b/src/Umbraco.Core/Models/Identity/IdentityUserClaim.cs
@@ -0,0 +1,38 @@
+namespace Umbraco.Core.Models.Identity
+{
+    /// <summary>
+    /// EntityType that represents one specific user claim
+    /// 
+    /// </summary>
+    /// <typeparam name="TKey"/>
+    /// <remarks>
+    /// This class normally exists inside of the EntityFramework library, not sure why MS chose to explicitly put it there but we don't want
+    /// references to that so we will create our own here
+    /// </remarks>
+    public class IdentityUserClaim<TKey>
+    {
+        /// <summary>
+        /// Primary key
+        /// 
+        /// </summary>
+        public virtual int Id { get; set; }
+
+        /// <summary>
+        /// User Id for the user who owns this login
+        /// 
+        /// </summary>
+        public virtual TKey UserId { get; set; }
+
+        /// <summary>
+        /// Claim type
+        /// 
+        /// </summary>
+        public virtual string ClaimType { get; set; }
+
+        /// <summary>
+        /// Claim value
+        /// 
+        /// </summary>
+        public virtual string ClaimValue { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Core/Models/Identity/IdentityUserLogin.cs b/src/Umbraco.Core/Models/Identity/IdentityUserLogin.cs
new file mode 100644
index 0000000000..f9c77031e9
--- /dev/null
+++ b/src/Umbraco.Core/Models/Identity/IdentityUserLogin.cs
@@ -0,0 +1,39 @@
+using System;
+using Umbraco.Core.Models.EntityBase;
+
+namespace Umbraco.Core.Models.Identity
+{
+    /// <summary>
+    /// Entity type for a user's login (i.e. facebook, google)
+    /// 
+    /// </summary>
+    public class IdentityUserLogin : Entity, IIdentityUserLogin
+    {
+        public IdentityUserLogin(int id, string loginProvider, string providerKey, int userId, DateTime createDate)
+        {
+            Id = id;
+            LoginProvider = loginProvider;
+            ProviderKey = providerKey;
+            UserId = userId;
+            CreateDate = createDate;
+        }
+
+        /// <summary>
+        /// The login provider for the login (i.e. facebook, google)
+        /// 
+        /// </summary>
+        public string LoginProvider { get; set; }
+
+        /// <summary>
+        /// Key representing the login for the provider
+        /// 
+        /// </summary>
+        public string ProviderKey { get; set; }
+
+        /// <summary>
+        /// User Id for the user who owns this login
+        /// 
+        /// </summary>
+        public int UserId { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Core/Models/Identity/IdentityUserRole.cs b/src/Umbraco.Core/Models/Identity/IdentityUserRole.cs
new file mode 100644
index 0000000000..5c68a97d86
--- /dev/null
+++ b/src/Umbraco.Core/Models/Identity/IdentityUserRole.cs
@@ -0,0 +1,26 @@
+namespace Umbraco.Core.Models.Identity
+{
+    /// <summary>
+    /// EntityType that represents a user belonging to a role
+    /// 
+    /// </summary>
+    /// <typeparam name="TKey"/>
+    /// <remarks>
+    /// This class normally exists inside of the EntityFramework library, not sure why MS chose to explicitly put it there but we don't want
+    /// references to that so we will create our own here
+    /// </remarks>
+    public class IdentityUserRole<TKey>
+    {
+        /// <summary>
+        /// UserId for the user that is in the role
+        /// 
+        /// </summary>
+        public virtual TKey UserId { get; set; }
+
+        /// <summary>
+        /// RoleId for the role
+        /// 
+        /// </summary>
+        public virtual TKey RoleId { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Core/Models/Rdbms/ExternalLoginDto.cs b/src/Umbraco.Core/Models/Rdbms/ExternalLoginDto.cs
new file mode 100644
index 0000000000..c94ee1193f
--- /dev/null
+++ b/src/Umbraco.Core/Models/Rdbms/ExternalLoginDto.cs
@@ -0,0 +1,35 @@
+using System;
+using Umbraco.Core.Persistence;
+using Umbraco.Core.Persistence.DatabaseAnnotations;
+
+namespace Umbraco.Core.Models.Rdbms
+{
+    [TableName("umbracoExternalLogin")]
+    [ExplicitColumns]
+    [PrimaryKey("externalLoginId")]
+    internal class ExternalLoginDto
+    {
+        [Column("id")]
+        [PrimaryKeyColumn(Name = "PK_umbracoExternalLogin")]
+        public int Id { get; set; }
+
+        [Column("userId")]
+        public int UserId { get; set; }
+
+        [Column("loginProvider")]
+        [Length(4000)]
+        [NullSetting(NullSetting = NullSettings.NotNull)]
+        public string LoginProvider { get; set; }
+
+        [Column("providerKey")]
+        [Length(4000)]
+        [NullSetting(NullSetting = NullSettings.NotNull)]
+        public string ProviderKey { get; set; }
+
+        [Column("createDate")]
+        [Constraint(Default = "getdate()")]
+        public DateTime CreateDate { get; set; }
+
+
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Core/Persistence/Factories/ExternalLoginFactory.cs b/src/Umbraco.Core/Persistence/Factories/ExternalLoginFactory.cs
new file mode 100644
index 0000000000..4882df3202
--- /dev/null
+++ b/src/Umbraco.Core/Persistence/Factories/ExternalLoginFactory.cs
@@ -0,0 +1,32 @@
+using Umbraco.Core.Models.Identity;
+using Umbraco.Core.Models.Rdbms;
+
+namespace Umbraco.Core.Persistence.Factories
+{
+    internal class ExternalLoginFactory
+    {
+        public IIdentityUserLogin BuildEntity(ExternalLoginDto dto)
+        {
+            var entity = new IdentityUserLogin(dto.Id, dto.LoginProvider, dto.ProviderKey, dto.UserId, dto.CreateDate);
+
+            //on initial construction we don't want to have dirty properties tracked
+            // http://issues.umbraco.org/issue/U4-1946
+            entity.ResetDirtyProperties(false);
+            return entity;
+        }
+
+        public ExternalLoginDto BuildDto(IIdentityUserLogin entity)
+        {
+            var dto = new ExternalLoginDto
+            {
+                Id = entity.Id,
+                CreateDate = entity.CreateDate,
+                LoginProvider = entity.LoginProvider,
+                ProviderKey = entity.ProviderKey,
+                UserId = entity.UserId               
+            };
+
+            return dto;
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Core/Persistence/Migrations/Initial/DatabaseSchemaCreation.cs b/src/Umbraco.Core/Persistence/Migrations/Initial/DatabaseSchemaCreation.cs
index b77e0843ea..25d5f2a9af 100644
--- a/src/Umbraco.Core/Persistence/Migrations/Initial/DatabaseSchemaCreation.cs
+++ b/src/Umbraco.Core/Persistence/Migrations/Initial/DatabaseSchemaCreation.cs
@@ -81,7 +81,9 @@ namespace Umbraco.Core.Persistence.Migrations.Initial
                                                                               {40, typeof (ServerRegistrationDto)},
 
                                                                               {41, typeof (AccessDto)},
-                                                                              {42, typeof (AccessRuleDto)}
+                                                                              {42, typeof (AccessRuleDto)},
+
+                                                                              {43, typeof (ExternalLoginDto)}
                                                                           };
         #endregion
         
diff --git a/src/Umbraco.Core/Persistence/Migrations/Upgrades/TargetVersionSevenThreeZero/AddExternalLoginsTable.cs b/src/Umbraco.Core/Persistence/Migrations/Upgrades/TargetVersionSevenThreeZero/AddExternalLoginsTable.cs
new file mode 100644
index 0000000000..b29aff9048
--- /dev/null
+++ b/src/Umbraco.Core/Persistence/Migrations/Upgrades/TargetVersionSevenThreeZero/AddExternalLoginsTable.cs
@@ -0,0 +1,28 @@
+using System.Linq;
+using Umbraco.Core.Configuration;
+using Umbraco.Core.Persistence.DatabaseModelDefinitions;
+
+namespace Umbraco.Core.Persistence.Migrations.Upgrades.TargetVersionSevenThreeZero
+{
+    [Migration("7.3.0", 9, GlobalSettings.UmbracoMigrationName)]
+    public class AddExternalLoginsTable : MigrationBase
+    {
+        public override void Up()
+        {
+            //Don't exeucte if the table is already there
+            var tables = SqlSyntax.GetTablesInSchema(Context.Database).ToArray();
+            if (tables.InvariantContains("umbracoExternalLogin")) return;
+
+            Create.Table("umbracoExternalLogin")
+                .WithColumn("id").AsInt32().Identity().PrimaryKey("PK_umbracoExternalLogin")
+                .WithColumn("userId").AsInt32().NotNullable().ForeignKey("FK_umbracoExternalLogin_umbracoUser_id", "umbracoUser", "id")
+                .WithColumn("loginProvider").AsString(4000).NotNullable()
+                .WithColumn("providerKey").AsString(4000).NotNullable()
+                .WithColumn("createDate").AsDateTime().NotNullable().WithDefault(SystemMethods.CurrentDateTime);
+        }
+
+        public override void Down()
+        {
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Core/Persistence/Repositories/ExternalLoginRepository.cs b/src/Umbraco.Core/Persistence/Repositories/ExternalLoginRepository.cs
new file mode 100644
index 0000000000..bafe30d901
--- /dev/null
+++ b/src/Umbraco.Core/Persistence/Repositories/ExternalLoginRepository.cs
@@ -0,0 +1,182 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using Microsoft.AspNet.Identity;
+using Umbraco.Core.Logging;
+using Umbraco.Core.Models.EntityBase;
+using Umbraco.Core.Models.Identity;
+using Umbraco.Core.Models.Rdbms;
+using Umbraco.Core.Persistence.Factories;
+using Umbraco.Core.Persistence.Querying;
+using Umbraco.Core.Persistence.SqlSyntax;
+using Umbraco.Core.Persistence.UnitOfWork;
+
+namespace Umbraco.Core.Persistence.Repositories
+{
+    internal class ExternalLoginRepository : PetaPocoRepositoryBase<int, IIdentityUserLogin>, IExternalLoginRepository
+    {
+        public ExternalLoginRepository(IDatabaseUnitOfWork work, CacheHelper cache, ILogger logger, ISqlSyntaxProvider sqlSyntax)
+            : base(work, cache, logger, sqlSyntax)
+        {
+        }
+
+        public void DeleteUserLogins(int memberId)
+        {
+            using (var t = Database.GetTransaction())
+            {
+                Database.Execute("DELETE FROM ExternalLogins WHERE UserId=@userId", new { userId = memberId });
+
+                t.Complete();
+            }
+        }
+
+        public void SaveUserLogins(int memberId, IEnumerable<UserLoginInfo> logins)
+        {
+            using (var t = Database.GetTransaction())
+            {
+                //clear out logins for member
+                Database.Execute("DELETE FROM ExternalLogins WHERE UserId=@userId", new { userId = memberId });
+
+                //add them all
+                foreach (var l in logins)
+                {
+                    Database.Insert(new ExternalLoginDto
+                    {
+                        LoginProvider = l.LoginProvider,
+                        ProviderKey = l.ProviderKey,
+                        UserId = memberId,
+                        CreateDate = DateTime.Now
+                    });
+                }
+
+                t.Complete();
+            }
+        }
+
+        protected override IIdentityUserLogin PerformGet(int id)
+        {
+            var sql = GetBaseQuery(false);
+            sql.Where(GetBaseWhereClause(), new { Id = id });
+
+            var macroDto = Database.Fetch<ExternalLoginDto>(sql).FirstOrDefault();
+            if (macroDto == null)
+                return null;
+
+            var factory = new ExternalLoginFactory();
+            var entity = factory.BuildEntity(macroDto);
+
+            //on initial construction we don't want to have dirty properties tracked
+            // http://issues.umbraco.org/issue/U4-1946
+            ((TracksChangesEntityBase)entity).ResetDirtyProperties(false);
+
+            return entity;
+        }
+
+        protected override IEnumerable<IIdentityUserLogin> PerformGetAll(params int[] ids)
+        {
+            if (ids.Any())
+            {
+                return PerformGetAllOnIds(ids);
+            }
+
+            var sql = GetBaseQuery(false);
+
+            return ConvertFromDtos(Database.Fetch<ExternalLoginDto>(sql))
+                .ToArray();// we don't want to re-iterate again!
+        }
+
+        private IEnumerable<IIdentityUserLogin> PerformGetAllOnIds(params int[] ids)
+        {
+            if (ids.Any() == false) yield break;
+            foreach (var id in ids)
+            {
+                yield return Get(id);
+            }
+        }
+
+        private IEnumerable<IIdentityUserLogin> ConvertFromDtos(IEnumerable<ExternalLoginDto> dtos)
+        {
+            var factory = new ExternalLoginFactory();
+            foreach (var entity in dtos.Select(factory.BuildEntity))
+            {
+                //on initial construction we don't want to have dirty properties tracked
+                // http://issues.umbraco.org/issue/U4-1946
+                ((TracksChangesEntityBase)entity).ResetDirtyProperties(false);
+
+                yield return entity;
+            }
+        }
+
+        protected override IEnumerable<IIdentityUserLogin> PerformGetByQuery(IQuery<IIdentityUserLogin> query)
+        {
+            var sqlClause = GetBaseQuery(false);
+            var translator = new SqlTranslator<IIdentityUserLogin>(sqlClause, query);
+            var sql = translator.Translate();
+
+            var dtos = Database.Fetch<ExternalLoginDto>(sql);
+
+            foreach (var dto in dtos)
+            {
+                yield return Get(dto.Id);
+            }
+        }
+
+        protected override Sql GetBaseQuery(bool isCount)
+        {
+            var sql = new Sql();
+            if (isCount)
+            {
+                sql.Select("COUNT(*)").From<ExternalLoginDto>(SqlSyntax);
+            }
+            else
+            {
+                sql.Select("*").From<ExternalLoginDto>(SqlSyntax);
+            }
+            return sql;
+        }
+
+        protected override string GetBaseWhereClause()
+        {
+            return "umbracoExternalLogin.id = @Id";
+        }
+
+        protected override IEnumerable<string> GetDeleteClauses()
+        {
+            var list = new List<string>
+                {
+                    "DELETE FROM umbracoExternalLogin WHERE id = @Id"                           
+                };
+            return list;
+        }
+
+        protected override Guid NodeObjectTypeId
+        {
+            get { throw new NotImplementedException(); }
+        }
+
+        protected override void PersistNewItem(IIdentityUserLogin entity)
+        {
+            ((Entity)entity).AddingEntity();
+
+            var factory = new ExternalLoginFactory();
+            var dto = factory.BuildDto(entity);
+
+            var id = Convert.ToInt32(Database.Insert(dto));
+            entity.Id = id;
+
+            entity.ResetDirtyProperties();
+        }
+
+        protected override void PersistUpdatedItem(IIdentityUserLogin entity)
+        {
+            ((Entity)entity).UpdatingEntity();
+
+            var factory = new ExternalLoginFactory();
+            var dto = factory.BuildDto(entity);
+
+            Database.Update(dto);          
+
+            entity.ResetDirtyProperties();
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Core/Persistence/Repositories/Interfaces/IExternalLoginRepository.cs b/src/Umbraco.Core/Persistence/Repositories/Interfaces/IExternalLoginRepository.cs
new file mode 100644
index 0000000000..17fc153980
--- /dev/null
+++ b/src/Umbraco.Core/Persistence/Repositories/Interfaces/IExternalLoginRepository.cs
@@ -0,0 +1,12 @@
+using System.Collections.Generic;
+using Microsoft.AspNet.Identity;
+using Umbraco.Core.Models.Identity;
+
+namespace Umbraco.Core.Persistence.Repositories
+{
+    public interface IExternalLoginRepository : IRepositoryQueryable<int, IIdentityUserLogin>
+    {
+        void SaveUserLogins(int memberId, IEnumerable<UserLoginInfo> logins);
+        void DeleteUserLogins(int memberId);
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Core/Persistence/Repositories/UserRepository.cs b/src/Umbraco.Core/Persistence/Repositories/UserRepository.cs
index fb66dc7ade..d13df47b71 100644
--- a/src/Umbraco.Core/Persistence/Repositories/UserRepository.cs
+++ b/src/Umbraco.Core/Persistence/Repositories/UserRepository.cs
@@ -122,7 +122,8 @@ namespace Umbraco.Core.Persistence.Repositories
                                "DELETE FROM umbracoUser2NodeNotify WHERE userId = @Id",
                                "DELETE FROM umbracoUserLogins WHERE userID = @Id",
                                "DELETE FROM umbracoUser2app WHERE " + SqlSyntax.GetQuotedColumnName("user") + "=@Id",
-                               "DELETE FROM umbracoUser WHERE id = @Id"
+                               "DELETE FROM umbracoUser WHERE id = @Id",
+                               "DELETE FROM umbracoExternalLogin WHERE id = @Id"
                            };
             return list;
         }
diff --git a/src/Umbraco.Core/Persistence/RepositoryFactory.cs b/src/Umbraco.Core/Persistence/RepositoryFactory.cs
index be6d35ca27..356e876c54 100644
--- a/src/Umbraco.Core/Persistence/RepositoryFactory.cs
+++ b/src/Umbraco.Core/Persistence/RepositoryFactory.cs
@@ -64,6 +64,13 @@ namespace Umbraco.Core.Persistence
      
         #endregion
 
+        public virtual IExternalLoginRepository CreateExternalLoginRepository(IDatabaseUnitOfWork uow)
+        {
+            return new ExternalLoginRepository(uow,
+                _cacheHelper,
+                _logger, _sqlSyntax);
+        }
+
         public virtual IPublicAccessRepository CreatePublicAccessRepository(IDatabaseUnitOfWork uow)
         {
             return new PublicAccessRepository(uow,
diff --git a/src/Umbraco.Core/Security/AuthenticationExtensions.cs b/src/Umbraco.Core/Security/AuthenticationExtensions.cs
index dd688cfe25..e71dd0e00c 100644
--- a/src/Umbraco.Core/Security/AuthenticationExtensions.cs
+++ b/src/Umbraco.Core/Security/AuthenticationExtensions.cs
@@ -216,7 +216,6 @@ namespace Umbraco.Core.Security
                 GlobalSettings.TimeOutInMinutes, 
                 //Umbraco has always persisted it's original cookie for 1 day so we'll keep it that way
                 1440, 
-                "/umbraco",
                 UmbracoConfig.For.UmbracoSettings().Security.AuthCookieName,
                 UmbracoConfig.For.UmbracoSettings().Security.AuthCookieDomain);
         }
@@ -420,7 +419,6 @@ namespace Umbraco.Core.Security
                                             string userData,
                                             int loginTimeoutMins,
                                             int minutesPersisted,
-                                            string cookiePath,
                                             string cookieName,
                                             string cookieDomain)
         {
@@ -433,7 +431,7 @@ namespace Umbraco.Core.Security
                 DateTime.Now.AddMinutes(loginTimeoutMins),
                 true,
                 userData,
-                cookiePath
+                "/"
                 );
 	
             // Encrypt the cookie using the machine key for secure transport
@@ -444,7 +442,7 @@ namespace Umbraco.Core.Security
                 {
                     Expires = DateTime.Now.AddMinutes(minutesPersisted),
                     Domain = cookieDomain,
-                    Path = cookiePath
+                    Path = "/"
                 };
 
 			if (GlobalSettings.UseSSL)
diff --git a/src/Umbraco.Core/Security/BackOfficeClaimsIdentityFactory.cs b/src/Umbraco.Core/Security/BackOfficeClaimsIdentityFactory.cs
new file mode 100644
index 0000000000..54b537faab
--- /dev/null
+++ b/src/Umbraco.Core/Security/BackOfficeClaimsIdentityFactory.cs
@@ -0,0 +1,35 @@
+using System.Linq;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Identity;
+using Umbraco.Core.Models.Identity;
+
+namespace Umbraco.Core.Security
+{
+    public class BackOfficeClaimsIdentityFactory : ClaimsIdentityFactory<BackOfficeIdentityUser, int>
+    {
+        /// <summary>
+        /// Create a ClaimsIdentity from a user
+        /// </summary>
+        /// <param name="manager"/><param name="user"/><param name="authenticationType"/>
+        /// <returns/>
+        public override async Task<ClaimsIdentity> CreateAsync(UserManager<BackOfficeIdentityUser, int> manager, BackOfficeIdentityUser user, string authenticationType)
+        {
+            var baseIdentity = await base.CreateAsync(manager, user, authenticationType);
+
+            var umbracoIdentity = new UmbracoBackOfficeIdentity(baseIdentity, new UserData()
+            {
+                Id = user.Id,
+                Username = user.UserName,
+                RealName = user.Name,
+                AllowedApplications = user.AllowedApplications,
+                Culture = user.Culture,
+                Roles = user.Roles.Select(x => x.RoleId).ToArray(),
+                StartContentNode = user.StartContentNode,
+                StartMediaNode = user.StartMediaNode
+            });
+
+            return umbracoIdentity;
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Core/Security/BackOfficeUserManager.cs b/src/Umbraco.Core/Security/BackOfficeUserManager.cs
new file mode 100644
index 0000000000..9634b17c73
--- /dev/null
+++ b/src/Umbraco.Core/Security/BackOfficeUserManager.cs
@@ -0,0 +1,157 @@
+using System;
+using System.Linq;
+using System.Security.Claims;
+using System.Text;
+using System.Threading.Tasks;
+using System.Web.Security;
+using Microsoft.AspNet.Identity;
+using Microsoft.AspNet.Identity.Owin;
+using Microsoft.Owin;
+using Umbraco.Core.Models.Identity;
+using Umbraco.Core.Services;
+
+namespace Umbraco.Core.Security
+{
+    /// <summary>
+    /// A custom password hasher that conforms to the current password hashing done in Umbraco
+    /// </summary>
+    internal class MembershipPasswordHasher : IPasswordHasher
+    {
+        private readonly MembershipProviderBase _provider;
+
+        public MembershipPasswordHasher(MembershipProviderBase provider)
+        {
+            _provider = provider;
+        }
+
+        public string HashPassword(string password)
+        {
+            return _provider.HashPasswordForStorage(password);
+        }
+
+        public PasswordVerificationResult VerifyHashedPassword(string hashedPassword, string providedPassword)
+        {
+            return _provider.VerifyPassword(providedPassword, hashedPassword)
+                ? PasswordVerificationResult.Success
+                : PasswordVerificationResult.Failed;
+        }
+
+
+    }
+
+    /// <summary>
+    /// Back office user manager
+    /// </summary>
+    public class BackOfficeUserManager : UserManager<BackOfficeIdentityUser, int>
+    {
+        public BackOfficeUserManager(IUserStore<BackOfficeIdentityUser, int> store)
+            : base(store)
+        {
+        }
+
+        #region What we support currently
+
+        //TODO: Support this
+        public override bool SupportsUserRole
+        {
+            get { return false; }
+        }
+
+        //TODO: Support this
+        public override bool SupportsQueryableUsers
+        {
+            get { return false; }
+        }
+
+        //TODO: Support this
+        public override bool SupportsUserLockout
+        {
+            get { return false; }
+        }
+
+        //TODO: Support this
+        public override bool SupportsUserSecurityStamp
+        {
+            get { return false; }
+        }
+
+        public override bool SupportsUserTwoFactor
+        {
+            get { return false; }
+        }
+
+        public override bool SupportsUserPhoneNumber
+        {
+            get { return false; }
+        } 
+        #endregion
+
+        public static BackOfficeUserManager Create(
+            IdentityFactoryOptions<BackOfficeUserManager> options,
+            IOwinContext context,
+            IUserService userService,
+            IExternalLoginService externalLoginService,
+            MembershipProviderBase membershipProvider)
+        {
+            if (options == null) throw new ArgumentNullException("options");
+            if (context == null) throw new ArgumentNullException("context");
+            if (userService == null) throw new ArgumentNullException("userService");
+            if (externalLoginService == null) throw new ArgumentNullException("externalLoginService");
+
+            var manager = new BackOfficeUserManager(new BackOfficeUserStore(userService, externalLoginService, membershipProvider));
+
+            // Configure validation logic for usernames
+            manager.UserValidator = new UserValidator<BackOfficeIdentityUser, int>(manager)
+            {
+                AllowOnlyAlphanumericUserNames = false,
+                RequireUniqueEmail = true
+            };
+
+            // Configure validation logic for passwords
+            manager.PasswordValidator = new PasswordValidator
+            {
+                RequiredLength = membershipProvider.MinRequiredPasswordLength,
+                RequireNonLetterOrDigit = membershipProvider.MinRequiredNonAlphanumericCharacters > 0,
+                RequireDigit = false,
+                RequireLowercase = false,
+                RequireUppercase = false
+            };
+
+            //use a custom hasher based on our membership provider
+            manager.PasswordHasher = new MembershipPasswordHasher(membershipProvider);
+
+            var dataProtectionProvider = options.DataProtectionProvider;
+            if (dataProtectionProvider != null)
+            {
+                manager.UserTokenProvider = new DataProtectorTokenProvider<BackOfficeIdentityUser, int>(dataProtectionProvider.Create("ASP.NET Identity"));
+            }
+
+            //custom identity factory for creating the identity object for which we auth against in the back office
+            manager.ClaimsIdentityFactory = new BackOfficeClaimsIdentityFactory();
+
+            //NOTE: Not implementing these currently
+
+            //// Register two factor authentication providers. This application uses Phone and Emails as a step of receiving a code for verifying the user
+            //// You can write your own provider and plug in here.
+            //manager.RegisterTwoFactorProvider("PhoneCode", new PhoneNumberTokenProvider<ApplicationUser>
+            //{
+            //    MessageFormat = "Your security code is: {0}"
+            //});
+            //manager.RegisterTwoFactorProvider("EmailCode", new EmailTokenProvider<ApplicationUser>
+            //{
+            //    Subject = "Security Code",
+            //    BodyFormat = "Your security code is: {0}"
+            //});
+
+            //manager.EmailService = new EmailService();
+            //manager.SmsService = new SmsService();
+
+            return manager;
+        }
+
+        protected override void Dispose(bool disposing)
+        {
+            base.Dispose(disposing);
+        }
+    }
+}
diff --git a/src/Umbraco.Core/Security/BackOfficeUserStore.cs b/src/Umbraco.Core/Security/BackOfficeUserStore.cs
new file mode 100644
index 0000000000..427bc306da
--- /dev/null
+++ b/src/Umbraco.Core/Security/BackOfficeUserStore.cs
@@ -0,0 +1,251 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using System.Web.Security;
+using Microsoft.AspNet.Identity;
+using Umbraco.Core.Models.Identity;
+using Umbraco.Core.Services;
+
+namespace Umbraco.Core.Security
+{
+    public class BackOfficeUserStore : DisposableObject, IUserStore<BackOfficeIdentityUser, int>, IUserPasswordStore<BackOfficeIdentityUser, int>, IUserEmailStore<BackOfficeIdentityUser, int>, IUserLoginStore<BackOfficeIdentityUser, int>
+    {
+        private readonly IUserService _userService;
+        private readonly IExternalLoginService _externalLoginService;
+        private readonly MembershipProviderBase _usersMembershipProvider;
+
+        public BackOfficeUserStore(IUserService userService, IExternalLoginService externalLoginService, MembershipProviderBase usersMembershipProvider)
+        {
+            _userService = userService;
+            _externalLoginService = externalLoginService;
+            _usersMembershipProvider = usersMembershipProvider;
+            if (userService == null) throw new ArgumentNullException("userService");
+            if (usersMembershipProvider == null) throw new ArgumentNullException("usersMembershipProvider");
+            if (externalLoginService == null) throw new ArgumentNullException("externalLoginService");
+
+            _userService = userService;
+            _usersMembershipProvider = usersMembershipProvider;
+            _externalLoginService = externalLoginService;
+
+            if (_usersMembershipProvider.PasswordFormat != MembershipPasswordFormat.Hashed)
+            {
+                throw new InvalidOperationException("Cannot use ASP.Net Identity with UmbracoMembersUserStore when the password format is not Hashed");
+            }
+        }
+
+        /// <summary>
+        /// Handles the disposal of resources. Derived from abstract class <see cref="DisposableObject"/> which handles common required locking logic.
+        /// </summary>
+        protected override void DisposeResources()
+        {
+            throw new NotImplementedException();
+        }
+
+        /// <summary>
+        /// Insert a new user
+        /// </summary>
+        /// <param name="user"/>
+        /// <returns/>
+        public Task CreateAsync(BackOfficeIdentityUser user)
+        {
+            throw new NotImplementedException();
+        }
+
+        /// <summary>
+        /// Update a user
+        /// </summary>
+        /// <param name="user"/>
+        /// <returns/>
+        public Task UpdateAsync(BackOfficeIdentityUser user)
+        {
+            throw new NotImplementedException();
+        }
+
+        /// <summary>
+        /// Delete a user
+        /// </summary>
+        /// <param name="user"/>
+        /// <returns/>
+        public Task DeleteAsync(BackOfficeIdentityUser user)
+        {
+            throw new NotImplementedException();
+        }
+
+        /// <summary>
+        /// Finds a user
+        /// </summary>
+        /// <param name="userId"/>
+        /// <returns/>
+        public Task<BackOfficeIdentityUser> FindByIdAsync(int userId)
+        {
+            throw new NotImplementedException();
+        }
+
+        /// <summary>
+        /// Find a user by name
+        /// </summary>
+        /// <param name="userName"/>
+        /// <returns/>
+        public Task<BackOfficeIdentityUser> FindByNameAsync(string userName)
+        {
+            throw new NotImplementedException();
+        }
+
+        /// <summary>
+        /// Set the user password hash
+        /// </summary>
+        /// <param name="user"/><param name="passwordHash"/>
+        /// <returns/>
+        public Task SetPasswordHashAsync(BackOfficeIdentityUser user, string passwordHash)
+        {
+            throw new NotImplementedException();
+        }
+
+        /// <summary>
+        /// Get the user password hash
+        /// </summary>
+        /// <param name="user"/>
+        /// <returns/>
+        public Task<string> GetPasswordHashAsync(BackOfficeIdentityUser user)
+        {
+            throw new NotImplementedException();
+        }
+
+        /// <summary>
+        /// Returns true if a user has a password set
+        /// </summary>
+        /// <param name="user"/>
+        /// <returns/>
+        public Task<bool> HasPasswordAsync(BackOfficeIdentityUser user)
+        {
+            throw new NotImplementedException();
+        }
+
+        /// <summary>
+        /// Set the user email
+        /// </summary>
+        /// <param name="user"/><param name="email"/>
+        /// <returns/>
+        public Task SetEmailAsync(BackOfficeIdentityUser user, string email)
+        {
+            throw new NotImplementedException();
+        }
+
+        /// <summary>
+        /// Get the user email
+        /// </summary>
+        /// <param name="user"/>
+        /// <returns/>
+        public Task<string> GetEmailAsync(BackOfficeIdentityUser user)
+        {
+            throw new NotImplementedException();
+        }
+
+        /// <summary>
+        /// Returns true if the user email is confirmed
+        /// </summary>
+        /// <param name="user"/>
+        /// <returns/>
+        public Task<bool> GetEmailConfirmedAsync(BackOfficeIdentityUser user)
+        {
+            throw new NotImplementedException();
+        }
+
+        /// <summary>
+        /// Sets whether the user email is confirmed
+        /// </summary>
+        /// <param name="user"/><param name="confirmed"/>
+        /// <returns/>
+        public Task SetEmailConfirmedAsync(BackOfficeIdentityUser user, bool confirmed)
+        {
+            throw new NotImplementedException();
+        }
+
+        /// <summary>
+        /// Returns the user associated with this email
+        /// </summary>
+        /// <param name="email"/>
+        /// <returns/>
+        public Task<BackOfficeIdentityUser> FindByEmailAsync(string email)
+        {
+            throw new NotImplementedException();
+        }
+
+        /// <summary>
+        /// Adds a user login with the specified provider and key
+        /// </summary>
+        /// <param name="user"/><param name="login"/>
+        /// <returns/>
+        public Task AddLoginAsync(BackOfficeIdentityUser user, UserLoginInfo login)
+        {
+            throw new NotImplementedException();
+        }
+
+        /// <summary>
+        /// Removes the user login with the specified combination if it exists
+        /// </summary>
+        /// <param name="user"/><param name="login"/>
+        /// <returns/>
+        public Task RemoveLoginAsync(BackOfficeIdentityUser user, UserLoginInfo login)
+        {
+            throw new NotImplementedException();
+        }
+
+        /// <summary>
+        /// Returns the linked accounts for this user
+        /// </summary>
+        /// <param name="user"/>
+        /// <returns/>
+        public Task<IList<UserLoginInfo>> GetLoginsAsync(BackOfficeIdentityUser user)
+        {
+            throw new NotImplementedException();
+        }
+
+        /// <summary>
+        /// Returns the user associated with this login
+        /// </summary>
+        /// <returns/>
+        public Task<BackOfficeIdentityUser> FindAsync(UserLoginInfo login)
+        {
+            //get all logins associated with the login id
+            var result = _externalLoginService.Find(login).ToArray();
+            if (result.Any())
+            {
+                //return the first member that matches the result
+                var user = (from l in result
+                            select _userService.GetUserById(l.Id)
+                                into member
+                                where member != null
+                                select new BackOfficeIdentityUser
+                                {
+                                    Email = member.Email,
+                                    Id = member.Id,
+                                    LockoutEnabled = member.IsLockedOut,
+                                    LockoutEndDateUtc = DateTime.MaxValue.ToUniversalTime(),
+                                    UserName = member.Username,
+                                    PasswordHash = GetPasswordHash(member.RawPasswordValue)
+                                }).FirstOrDefault();
+
+                return Task.FromResult(AssignLoginsCallback(user));
+            }
+
+            return Task.FromResult<BackOfficeIdentityUser>(null);
+        }
+
+        private BackOfficeIdentityUser AssignLoginsCallback(BackOfficeIdentityUser user)
+        {
+            if (user != null)
+            {
+                user.SetLoginsCallback(new Lazy<IEnumerable<IIdentityUserLogin>>(() =>
+                            _externalLoginService.GetAll(user.Id)));
+            }
+            return user;
+        }
+
+        private string GetPasswordHash(string storedPass)
+        {
+            return storedPass.StartsWith("___UIDEMPTYPWORD__") ? null : storedPass;
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Core/Security/MembershipProviderBase.cs b/src/Umbraco.Core/Security/MembershipProviderBase.cs
index ebcd967cc2..e39919d291 100644
--- a/src/Umbraco.Core/Security/MembershipProviderBase.cs
+++ b/src/Umbraco.Core/Security/MembershipProviderBase.cs
@@ -16,6 +16,19 @@ namespace Umbraco.Core.Security
     /// </summary>
     public abstract class MembershipProviderBase : MembershipProvider
     {
+
+        public string HashPasswordForStorage(string password)
+        {
+            string salt;
+            var hashed = EncryptOrHashNewPassword(password, out salt);
+            return FormatPasswordForStorage(hashed, salt);
+        }
+
+        public bool VerifyPassword(string password, string hashedPassword)
+        {
+            return CheckPassword(password, hashedPassword);
+        }
+
         /// <summary>
         /// Providers can override this setting, default is 7
         /// </summary>
diff --git a/src/Umbraco.Core/Security/MembershipProviderExtensions.cs b/src/Umbraco.Core/Security/MembershipProviderExtensions.cs
index f59f4d1169..bdd3174960 100644
--- a/src/Umbraco.Core/Security/MembershipProviderExtensions.cs
+++ b/src/Umbraco.Core/Security/MembershipProviderExtensions.cs
@@ -13,21 +13,21 @@ using Umbraco.Core.Security;
 
 namespace Umbraco.Core.Security
 {
-    internal static class MembershipProviderExtensions
+    public static class MembershipProviderExtensions
     {
-        public static MembershipUserCollection FindUsersByName(this MembershipProvider provider, string usernameToMatch)
+        internal static MembershipUserCollection FindUsersByName(this MembershipProvider provider, string usernameToMatch)
         {
             int totalRecords = 0;
             return provider.FindUsersByName(usernameToMatch, 0, int.MaxValue, out totalRecords);
         }
 
-        public static MembershipUserCollection FindUsersByEmail(this MembershipProvider provider, string emailToMatch)
+        internal static MembershipUserCollection FindUsersByEmail(this MembershipProvider provider, string emailToMatch)
         {
             int totalRecords = 0;
             return provider.FindUsersByEmail(emailToMatch, 0, int.MaxValue, out totalRecords);
         }
 
-        public static MembershipUser CreateUser(this MembershipProvider provider, string username, string password, string email)
+        internal static MembershipUser CreateUser(this MembershipProvider provider, string username, string password, string email)
         {
             MembershipCreateStatus status;
             var user = provider.CreateUser(username, password, email, null, null, true, null, out status);
@@ -80,7 +80,7 @@ namespace Umbraco.Core.Security
         /// </summary>
         /// <param name="membershipProvider"></param>
         /// <returns></returns>
-        public static MembershipUser GetCurrentUser(this MembershipProvider membershipProvider)
+        internal static MembershipUser GetCurrentUser(this MembershipProvider membershipProvider)
         {
             var username = membershipProvider.GetCurrentUserName();
             return username.IsNullOrWhiteSpace()
@@ -93,7 +93,7 @@ namespace Umbraco.Core.Security
         /// </summary>
         /// <param name="membershipProvider"></param>
         /// <returns></returns>
-        public static string GetCurrentUserName(this MembershipProvider membershipProvider)
+        internal static string GetCurrentUserName(this MembershipProvider membershipProvider)
         {
             if (HostingEnvironment.IsHosted)
             {
diff --git a/src/Umbraco.Core/Security/UmbracoBackOfficeIdentity.cs b/src/Umbraco.Core/Security/UmbracoBackOfficeIdentity.cs
index be6811ad7b..08f53fb76e 100644
--- a/src/Umbraco.Core/Security/UmbracoBackOfficeIdentity.cs
+++ b/src/Umbraco.Core/Security/UmbracoBackOfficeIdentity.cs
@@ -27,8 +27,28 @@ namespace Umbraco.Core.Security
             //This just creates a temp/fake ticket
             : base(new FormsAuthenticationTicket(userdata.Username, true, 10))
         {
+            if (userdata == null) throw new ArgumentNullException("userdata");
             UserData = userdata;
-            AddClaims();
+            AddUserDataClaims();
+        }
+
+        /// <summary>
+        /// Create a back office identity based on an existing claims identity
+        /// </summary>
+        /// <param name="claimsIdentity"></param>
+        /// <param name="userdata"></param>
+        public UmbracoBackOfficeIdentity(ClaimsIdentity claimsIdentity, UserData userdata)
+            //This just creates a temp/fake ticket
+            : base(new FormsAuthenticationTicket(userdata.Username, true, 10))
+        {
+            if (claimsIdentity == null) throw new ArgumentNullException("claimsIdentity");
+            if (userdata == null) throw new ArgumentNullException("userdata");
+
+            _currentIssuer = claimsIdentity.AuthenticationType;
+            UserData = userdata;
+            AddClaims(claimsIdentity);
+            Actor = claimsIdentity;
+            AddUserDataClaims();
         }
 
         /// <summary>
@@ -39,7 +59,7 @@ namespace Umbraco.Core.Security
             : base(ticket)
         {
             UserData = JsonConvert.DeserializeObject<UserData>(ticket.UserData);
-            AddClaims();
+            AddUserDataClaims();
         }
 
         /// <summary>
@@ -49,24 +69,49 @@ namespace Umbraco.Core.Security
         private UmbracoBackOfficeIdentity(UmbracoBackOfficeIdentity identity)
             : base(identity)
         {
+            if (identity.Actor != null)
+            {
+                _currentIssuer = identity.AuthenticationType;
+                AddClaims(identity);
+                Actor = identity.Clone();
+            }
+
             UserData = identity.UserData;
-            AddClaims();
+            AddUserDataClaims();
         }
 
-        public static string Issuer = "UmbracoBackOffice";
+        public const string Issuer = "UmbracoBackOffice";
+        private readonly string _currentIssuer = Issuer;
 
-        //TODO: Another option is to create a ClaimsIdentityFactory when everything is wired up... optional though i think
-        private void AddClaims()
+        private void AddClaims(ClaimsIdentity claimsIdentity)
+        {
+            foreach (var claim in claimsIdentity.Claims)
+            {
+                AddClaim(claim);
+            }
+        }
+
+        /// <summary>
+        /// Adds claims based on the UserData data
+        /// </summary>
+        private void AddUserDataClaims()
         {
             AddClaims(new[]
             {
                 new Claim(Constants.Security.StartContentNodeIdClaimType, StartContentNode.ToInvariantString(), null, Issuer, Issuer, this),
                 new Claim(Constants.Security.StartMediaNodeIdClaimType, StartMediaNode.ToInvariantString(), null, Issuer, Issuer, this),
                 new Claim(Constants.Security.AllowedApplicationsClaimType, string.Join(",", AllowedApplications), null, Issuer, Issuer, this),
+                
+                //TODO: Similar one created by the ClaimsIdentityFactory<TUser, TKey> not sure we need this
                 new Claim(Constants.Security.UserIdClaimType, Id.ToString(), null, Issuer, Issuer, this),
                 new Claim(Constants.Security.CultureClaimType, Culture, null, Issuer, Issuer, this),
                 new Claim(Constants.Security.SessionIdClaimType, SessionId, null, Issuer, Issuer, this),
-                new Claim(ClaimTypes.Role, string.Join(",", Roles), null, Issuer, Issuer, this)
+
+                //TODO: Role claims are added by the default ClaimsIdentityFactory<TUser, TKey> based on the result from 
+                // the user manager manager.GetRolesAsync method so not sure if we can do that there or needs to be done here
+                // and each role should be a different claim, not a single string 
+
+                //new Claim(ClaimTypes.Role, string.Join(",", Roles), null, Issuer, Issuer, this)
             });
         }
 
@@ -80,7 +125,7 @@ namespace Umbraco.Core.Security
         /// </returns>
         public override string AuthenticationType
         {
-            get { return Issuer; }
+            get { return _currentIssuer; }
         }
 
         public int StartContentNode
diff --git a/src/Umbraco.Core/Security/UmbracoMembershipProviderBase.cs b/src/Umbraco.Core/Security/UmbracoMembershipProviderBase.cs
index 12ca2b4b4a..328d8ad335 100644
--- a/src/Umbraco.Core/Security/UmbracoMembershipProviderBase.cs
+++ b/src/Umbraco.Core/Security/UmbracoMembershipProviderBase.cs
@@ -8,6 +8,8 @@ namespace Umbraco.Core.Security
     /// </summary>
     public abstract class UmbracoMembershipProviderBase : MembershipProviderBase
     {
+
+
         public abstract string DefaultMemberTypeAlias { get; }
         
         /// <summary>
diff --git a/src/Umbraco.Core/Services/ExternalLoginService.cs b/src/Umbraco.Core/Services/ExternalLoginService.cs
new file mode 100644
index 0000000000..f33f1c492b
--- /dev/null
+++ b/src/Umbraco.Core/Services/ExternalLoginService.cs
@@ -0,0 +1,78 @@
+using System.Collections.Generic;
+using System.Linq;
+using Microsoft.AspNet.Identity;
+using Umbraco.Core.Logging;
+using Umbraco.Core.Models.Identity;
+using Umbraco.Core.Persistence;
+using Umbraco.Core.Persistence.Querying;
+using Umbraco.Core.Persistence.UnitOfWork;
+
+namespace Umbraco.Core.Services
+{
+    public class ExternalLoginService : RepositoryService, IExternalLoginService
+    {
+        public ExternalLoginService(IDatabaseUnitOfWorkProvider provider, RepositoryFactory repositoryFactory, ILogger logger)
+            : base(provider, repositoryFactory, logger)
+        {
+        }
+
+        /// <summary>
+        /// Returns all user logins assigned
+        /// </summary>
+        /// <param name="userId"></param>
+        /// <returns></returns>
+        public IEnumerable<IIdentityUserLogin> GetAll(int userId)
+        {            
+            using (var repo = RepositoryFactory.CreateExternalLoginRepository(UowProvider.GetUnitOfWork()))
+            {
+                return repo.GetByQuery(new Query<IIdentityUserLogin>().Where(x => x.UserId == userId));
+            }
+        }
+
+        /// <summary>
+        /// Returns all logins matching the login info - generally there should only be one but in some cases 
+        /// there might be more than one depending on if an adminstrator has been editing/removing members
+        /// </summary>
+        /// <param name="login"></param>
+        /// <returns></returns>
+        public IEnumerable<IIdentityUserLogin> Find(UserLoginInfo login)
+        {
+            using (var repo = RepositoryFactory.CreateExternalLoginRepository(UowProvider.GetUnitOfWork()))
+            {
+                return repo.GetByQuery(new Query<IIdentityUserLogin>()
+                    .Where(x => x.ProviderKey == login.ProviderKey && x.LoginProvider == login.LoginProvider));
+            }
+        }
+
+        /// <summary>
+        /// Save user logins
+        /// </summary>
+        /// <param name="userId"></param>
+        /// <param name="logins"></param>
+        public void SaveUserLogins(int userId, IEnumerable<UserLoginInfo> logins)
+        {
+            var uow = UowProvider.GetUnitOfWork();
+            using (var repo = RepositoryFactory.CreateExternalLoginRepository(uow))
+            {
+                repo.SaveUserLogins(userId, logins);
+                uow.Commit();
+            }
+        }
+
+        /// <summary>
+        /// Deletes all user logins - normally used when a member is deleted
+        /// </summary>
+        /// <param name="userId"></param>
+        public void DeleteUserLogins(int userId)
+        {
+            var uow = UowProvider.GetUnitOfWork();
+            using (var repo = RepositoryFactory.CreateExternalLoginRepository(uow))
+            {
+                repo.DeleteUserLogins(userId);
+                uow.Commit();
+            }
+        }
+
+        
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Core/Services/IExternalLoginService.cs b/src/Umbraco.Core/Services/IExternalLoginService.cs
new file mode 100644
index 0000000000..e1b1a161d8
--- /dev/null
+++ b/src/Umbraco.Core/Services/IExternalLoginService.cs
@@ -0,0 +1,40 @@
+using System.Collections.Generic;
+using Microsoft.AspNet.Identity;
+using Umbraco.Core.Models.Identity;
+
+namespace Umbraco.Core.Services
+{
+    /// <summary>
+    /// Used to store the external login info, this can be replaced with your own implementation
+    /// </summary>
+    public interface IExternalLoginService : IService
+    {
+        /// <summary>
+        /// Returns all user logins assigned
+        /// </summary>
+        /// <param name="userId"></param>
+        /// <returns></returns>
+        IEnumerable<IIdentityUserLogin> GetAll(int userId);
+
+        /// <summary>
+        /// Returns all logins matching the login info - generally there should only be one but in some cases 
+        /// there might be more than one depending on if an adminstrator has been editing/removing members
+        /// </summary>
+        /// <param name="login"></param>
+        /// <returns></returns>
+        IEnumerable<IIdentityUserLogin> Find(UserLoginInfo login);
+
+        /// <summary>
+        /// Save user logins
+        /// </summary>
+        /// <param name="userId"></param>
+        /// <param name="logins"></param>
+        void SaveUserLogins(int userId, IEnumerable<UserLoginInfo> logins);
+
+        /// <summary>
+        /// Deletes all user logins - normally used when a member is deleted
+        /// </summary>
+        /// <param name="userId"></param>
+        void DeleteUserLogins(int userId);
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Core/Services/IFileService.cs b/src/Umbraco.Core/Services/IFileService.cs
index 484226ae78..7803abe98e 100644
--- a/src/Umbraco.Core/Services/IFileService.cs
+++ b/src/Umbraco.Core/Services/IFileService.cs
@@ -1,3 +1,4 @@
+using System;
 using System.Collections.Generic;
 using Umbraco.Core.Models;
 
diff --git a/src/Umbraco.Core/Services/ServiceContext.cs b/src/Umbraco.Core/Services/ServiceContext.cs
index f1eb873db7..d72115e49d 100644
--- a/src/Umbraco.Core/Services/ServiceContext.cs
+++ b/src/Umbraco.Core/Services/ServiceContext.cs
@@ -41,6 +41,7 @@ namespace Umbraco.Core.Services
         private Lazy<IMemberTypeService> _memberTypeService;
         private Lazy<IMemberGroupService> _memberGroupService;
         private Lazy<INotificationService> _notificationService;
+        private Lazy<IExternalLoginService> _externalLoginService;
 
         /// <summary>
         /// public ctor - will generally just be used for unit testing all items are optional and if not specified, the defaults will be used
@@ -91,8 +92,10 @@ namespace Umbraco.Core.Services
             IDomainService domainService = null,
             ITaskService taskService = null,
             IMacroService macroService = null,
-            IPublicAccessService publicAccessService = null)
+            IPublicAccessService publicAccessService = null,
+            IExternalLoginService externalLoginService = null)
         {
+            if (externalLoginService != null) _externalLoginService = new Lazy<IExternalLoginService>(() => externalLoginService);
             if (auditService != null) _auditService = new Lazy<IAuditService>(() => auditService);
             if (localizedTextService != null) _localizedTextService = new Lazy<ILocalizedTextService>(() => localizedTextService);
             if (tagService != null) _tagService = new Lazy<ITagService>(() => tagService);
@@ -145,6 +148,9 @@ namespace Umbraco.Core.Services
             var provider = dbUnitOfWorkProvider;
             var fileProvider = fileUnitOfWorkProvider;
 
+            if (_externalLoginService == null)
+                _externalLoginService = new Lazy<IExternalLoginService>(() => new ExternalLoginService(provider, repositoryFactory, logger));
+
             if (_publicAccessService == null)
                 _publicAccessService = new Lazy<IPublicAccessService>(() => new PublicAccessService(provider, repositoryFactory, logger));
 
@@ -415,5 +421,9 @@ namespace Umbraco.Core.Services
             get { return _memberGroupService.Value; }
         }
 
+        public IExternalLoginService ExternalLoginService
+        {
+            get { return _externalLoginService.Value; }
+        }
     }
 }
\ No newline at end of file
diff --git a/src/Umbraco.Core/Umbraco.Core.csproj b/src/Umbraco.Core/Umbraco.Core.csproj
index f0f09c499c..f76cb2667c 100644
--- a/src/Umbraco.Core/Umbraco.Core.csproj
+++ b/src/Umbraco.Core/Umbraco.Core.csproj
@@ -67,12 +67,13 @@
       <SpecificVersion>False</SpecificVersion>
       <HintPath>..\packages\Microsoft.Owin.Security.3.0.0\lib\net45\Microsoft.Owin.Security.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.Owin.Security.Cookies">
-      <HintPath>..\packages\Microsoft.Owin.Security.Cookies.2.1.0\lib\net45\Microsoft.Owin.Security.Cookies.dll</HintPath>
+    <Reference Include="Microsoft.Owin.Security.Cookies, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\packages\Microsoft.Owin.Security.Cookies.3.0.0\lib\net45\Microsoft.Owin.Security.Cookies.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.Owin.Security.OAuth">
-      <HintPath>..\packages\Microsoft.Owin.Security.OAuth.2.1.0\lib\net45\Microsoft.Owin.Security.OAuth.dll</HintPath>
-      <Private>True</Private>
+    <Reference Include="Microsoft.Owin.Security.OAuth, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\packages\Microsoft.Owin.Security.OAuth.3.0.0\lib\net45\Microsoft.Owin.Security.OAuth.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Web.Infrastructure, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <Private>True</Private>
@@ -347,6 +348,8 @@
     <Compile Include="Models\Identity\IdentityUserClaim.cs" />
     <Compile Include="Models\Identity\IdentityUserLogin.cs" />
     <Compile Include="Models\Identity\IdentityUserRole.cs" />
+    <Compile Include="Models\Identity\BackOfficeIdentityUser.cs" />
+    <Compile Include="Models\Identity\IIdentityUserLogin.cs" />
     <Compile Include="Models\PublicAccessEntry.cs" />
     <Compile Include="Models\PublicAccessRule.cs" />
     <Compile Include="Models\Rdbms\AccessDto.cs" />
@@ -368,11 +371,13 @@
     <Compile Include="Models\UmbracoDomain.cs" />
     <Compile Include="Models\DoNotCloneAttribute.cs" />
     <Compile Include="Models\IDomain.cs" />
+    <Compile Include="Persistence\Factories\ExternalLoginFactory.cs" />
     <Compile Include="Persistence\Factories\PublicAccessEntryFactory.cs" />
     <Compile Include="Persistence\Factories\TaskFactory.cs" />
     <Compile Include="Persistence\Factories\TaskTypeFactory.cs" />
     <Compile Include="Persistence\Mappers\AccessMapper.cs" />
     <Compile Include="Persistence\Mappers\DomainMapper.cs" />
+    <Compile Include="Persistence\Migrations\Upgrades\TargetVersionSevenThreeZero\AddExternalLoginsTable.cs" />
     <Compile Include="Persistence\Migrations\Upgrades\TargetVersionSevenThreeZero\AddPublicAccessTables.cs" />
     <Compile Include="Persistence\Migrations\Upgrades\TargetVersionSevenThreeZero\MovePublicAccessXmlDataToDb.cs" />
     <Compile Include="Persistence\Migrations\Upgrades\TargetVersionSevenThreeZero\RemoveHelpTextColumn.cs" />
@@ -400,8 +405,10 @@
     <Compile Include="Persistence\Relators\AccessRulesRelator.cs" />
     <Compile Include="Persistence\Repositories\AuditRepository.cs" />
     <Compile Include="Persistence\Repositories\DomainRepository.cs" />
+    <Compile Include="Persistence\Repositories\ExternalLoginRepository.cs" />
     <Compile Include="Persistence\Repositories\Interfaces\IAuditRepository.cs" />
     <Compile Include="Persistence\Repositories\Interfaces\IDomainRepository.cs" />
+    <Compile Include="Persistence\Repositories\Interfaces\IExternalLoginRepository.cs" />
     <Compile Include="Persistence\Repositories\Interfaces\IPublicAccessRepository.cs" />
     <Compile Include="Persistence\Repositories\Interfaces\ITaskRepository.cs" />
     <Compile Include="Persistence\Repositories\Interfaces\ITaskTypeRepository.cs" />
@@ -409,7 +416,9 @@
     <Compile Include="Persistence\Repositories\RepositoryCacheOptions.cs" />
     <Compile Include="Persistence\Repositories\TaskRepository.cs" />
     <Compile Include="Persistence\Repositories\TaskTypeRepository.cs" />
+    <Compile Include="Security\BackOfficeClaimsIdentityFactory.cs" />
     <Compile Include="Security\BackOfficeUserManager.cs" />
+    <Compile Include="Security\BackOfficeUserStore.cs" />
     <Compile Include="ServiceProviderExtensions.cs" />
     <Compile Include="IO\ResizedImage.cs" />
     <Compile Include="IO\UmbracoMediaFile.cs" />
@@ -420,8 +429,10 @@
     <Compile Include="Persistence\Migrations\Upgrades\TargetVersionSevenThreeZero\MigrateStylesheetDataToFile.cs" />
     <Compile Include="Services\AuditService.cs" />
     <Compile Include="Services\DomainService.cs" />
+    <Compile Include="Services\ExternalLoginService.cs" />
     <Compile Include="Services\IAuditService.cs" />
     <Compile Include="Services\IDomainService.cs" />
+    <Compile Include="Services\IExternalLoginService.cs" />
     <Compile Include="Services\IPublicAccessService.cs" />
     <Compile Include="Services\ITaskService.cs" />
     <Compile Include="Services\PublicAccessService.cs" />
diff --git a/src/Umbraco.Core/packages.config b/src/Umbraco.Core/packages.config
index 93c9737158..e8702a60bc 100644
--- a/src/Umbraco.Core/packages.config
+++ b/src/Umbraco.Core/packages.config
@@ -14,8 +14,8 @@
   <package id="Microsoft.Net.Http" version="2.2.28" targetFramework="net45" />
   <package id="Microsoft.Owin" version="3.0.0" targetFramework="net45" />
   <package id="Microsoft.Owin.Security" version="3.0.0" targetFramework="net45" />
-  <package id="Microsoft.Owin.Security.Cookies" version="2.1.0" targetFramework="net45" />
-  <package id="Microsoft.Owin.Security.OAuth" version="2.1.0" targetFramework="net45" />
+  <package id="Microsoft.Owin.Security.Cookies" version="3.0.0" targetFramework="net45" />
+  <package id="Microsoft.Owin.Security.OAuth" version="3.0.0" targetFramework="net45" />
   <package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net40" />
   <package id="MiniProfiler" version="2.1.0" targetFramework="net45" />
   <package id="MySql.Data" version="6.6.5" targetFramework="net40" />
diff --git a/src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.controller.js b/src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.controller.js
index 00d3cda1ab..04e6672b4b 100644
--- a/src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.controller.js
+++ b/src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.controller.js
@@ -17,9 +17,8 @@
     
     $scope.errorMsg = "";
 
-    $scope.externalLoginFormAction = Umbraco.Sys.ServerVariables.umbracoUrls.externalLoginsUrl;
-
-    $scope.externalLogins = Umbraco.Sys.ServerVariables.externalLogins;
+    $scope.externalLoginFormAction = Umbraco.Sys.ServerVariables.umbracoUrls.externalLoginsUrl;    
+    $scope.externalLoginProviders = Umbraco.Sys.ServerVariables.externalLogins.providers;
 
     $scope.loginSubmit = function (login, password) {
         
diff --git a/src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.html b/src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.html
index 5b73743772..b09c11bf18 100644
--- a/src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.html
+++ b/src/Umbraco.Web.UI.Client/src/views/common/dialogs/login.html
@@ -23,12 +23,12 @@
                     <div class="alert alert-error">{{errorMsg}}</div>
                 </div>
             </form>
-            
+
             <br/><br/>
 
             <form method="POST" name="externalLoginForm" action="{{externalLoginFormAction}}">
 
-                <div class="alert alert-success" ng-repeat="login in externalLogins">
+                <div class="alert alert-success" ng-repeat="login in externalLoginProviders">
 
                     <button type="submit" class="btn btn-default" id="{{login.authType}}" name="provider" value="{{login.authType}}"
                             title="Log in using your {{login.caption}} account">
diff --git a/src/Umbraco.Web.UI/App_Code/OwinStartup.cs b/src/Umbraco.Web.UI/App_Code/OwinStartup.cs
index ba6e3b3d59..baf56c1bb5 100644
--- a/src/Umbraco.Web.UI/App_Code/OwinStartup.cs
+++ b/src/Umbraco.Web.UI/App_Code/OwinStartup.cs
@@ -2,12 +2,16 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Web;
+using System.Web.Security;
 using Microsoft.AspNet.Identity;
 using Microsoft.AspNet.Identity.Owin;
 using Microsoft.Owin;
 using Microsoft.Owin.Security.Cookies;
-
+using Microsoft.Owin.Security.Google;
+using Umbraco.Web.Security.Identity;
 using Owin;
+using Umbraco.Core;
+using Umbraco.Core.Security;
 using Umbraco.Web.Security.Identity;
 using Umbraco.Web.UI;
 
@@ -24,8 +28,10 @@ namespace Umbraco.Web.UI
 
         public void Configuration(IAppBuilder app)
         {
-            ////Single method to configure the Identity user manager for use with Umbraco
-            //app.ConfigureUserManagerForUmbraco<UmbracoApplicationUser>();
+            //Single method to configure the Identity user manager for use with Umbraco
+            app.ConfigureUserManagerForUmbracoBackOffice(
+                ApplicationContext.Current,
+                Core.Security.MembershipProviderExtensions.GetUsersMembershipProvider().AsUmbracoMembershipProvider());
 
             //// Enable the application to use a cookie to store information for the 
             //// signed in user and to use a cookie to temporarily store information 
@@ -56,6 +62,9 @@ namespace Umbraco.Web.UI
 
             //app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
 
+
+
+         
         }
 
 
diff --git a/src/Umbraco.Web.UI/Umbraco.Web.UI.csproj b/src/Umbraco.Web.UI/Umbraco.Web.UI.csproj
index 0cec068f48..cbc8c23880 100644
--- a/src/Umbraco.Web.UI/Umbraco.Web.UI.csproj
+++ b/src/Umbraco.Web.UI/Umbraco.Web.UI.csproj
@@ -170,14 +170,16 @@
       <HintPath>..\packages\Microsoft.Owin.Security.3.0.0\lib\net45\Microsoft.Owin.Security.dll</HintPath>
       <Private>True</Private>
     </Reference>
-    <Reference Include="Microsoft.Owin.Security.Cookies">
-      <HintPath>..\packages\Microsoft.Owin.Security.Cookies.2.1.0\lib\net45\Microsoft.Owin.Security.Cookies.dll</HintPath>
+    <Reference Include="Microsoft.Owin.Security.Cookies, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\packages\Microsoft.Owin.Security.Cookies.3.0.0\lib\net45\Microsoft.Owin.Security.Cookies.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Owin.Security.Google">
       <HintPath>..\packages\Microsoft.Owin.Security.Google.3.0.0\lib\net45\Microsoft.Owin.Security.Google.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.Owin.Security.OAuth">
-      <HintPath>..\packages\Microsoft.Owin.Security.OAuth.2.1.0\lib\net45\Microsoft.Owin.Security.OAuth.dll</HintPath>
+    <Reference Include="Microsoft.Owin.Security.OAuth, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\packages\Microsoft.Owin.Security.OAuth.3.0.0\lib\net45\Microsoft.Owin.Security.OAuth.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Threading.Tasks">
       <HintPath>..\packages\Microsoft.Bcl.Async.1.0.165\lib\net45\Microsoft.Threading.Tasks.dll</HintPath>
diff --git a/src/Umbraco.Web.UI/packages.config b/src/Umbraco.Web.UI/packages.config
index 5ed2c4b1d0..c55244e7bf 100644
--- a/src/Umbraco.Web.UI/packages.config
+++ b/src/Umbraco.Web.UI/packages.config
@@ -26,9 +26,9 @@
   <package id="Microsoft.Owin" version="3.0.0" targetFramework="net45" />
   <package id="Microsoft.Owin.Host.SystemWeb" version="3.0.0" targetFramework="net45" />
   <package id="Microsoft.Owin.Security" version="3.0.0" targetFramework="net45" />
-  <package id="Microsoft.Owin.Security.Cookies" version="2.1.0" targetFramework="net45" />
+  <package id="Microsoft.Owin.Security.Cookies" version="3.0.0" targetFramework="net45" />
   <package id="Microsoft.Owin.Security.Google" version="3.0.0" targetFramework="net45" />
-  <package id="Microsoft.Owin.Security.OAuth" version="2.1.0" targetFramework="net45" />
+  <package id="Microsoft.Owin.Security.OAuth" version="3.0.0" targetFramework="net45" />
   <package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net45" />
   <package id="MiniProfiler" version="2.1.0" targetFramework="net45" />
   <package id="MySql.Data" version="6.6.5" targetFramework="net40" />
diff --git a/src/Umbraco.Web.UI/umbraco/Views/Default.cshtml b/src/Umbraco.Web.UI/umbraco/Views/Default.cshtml
index 8369b5b677..55c28da1f3 100644
--- a/src/Umbraco.Web.UI/umbraco/Views/Default.cshtml
+++ b/src/Umbraco.Web.UI/umbraco/Views/Default.cshtml
@@ -63,19 +63,21 @@
         we will load the rest of the server vars after the user is authenticated.
     *@
     <script type="text/javascript">
-        var Umbraco = {};
-        Umbraco.Sys = {};
-        Umbraco.Sys.ServerVariables = {
-            "umbracoUrls": {
-                "authenticationApiBaseUrl": "@(Url.GetUmbracoApiServiceBaseUrl<AuthenticationController>(controller => controller.PostLogin(null)))",
-                "serverVarsJs": "@Url.GetUrlWithCacheBust("ServerVariables", "BackOffice")",
-                "externalLoginsUrl": "@(Url.Action("ExternalLogin", "BackOffice", new { area = ViewBag.UmbracoPath }))"
-            },
-            "externalLogins": @Html.Raw(JsonConvert.SerializeObject(loginProviders)),
-            "application": {
-                "applicationPath" : "@Context.Request.ApplicationPath"
-            }
-        };       
+    var Umbraco = {};
+    Umbraco.Sys = {};
+    Umbraco.Sys.ServerVariables = {
+        "umbracoUrls": {
+            "authenticationApiBaseUrl": "@(Url.GetUmbracoApiServiceBaseUrl<AuthenticationController>(controller => controller.PostLogin(null)))",
+            "serverVarsJs": "@Url.GetUrlWithCacheBust("ServerVariables", "BackOffice")",
+            "externalLoginsUrl": "@(Url.Action("ExternalLogin", "BackOffice", new { area = ViewBag.UmbracoPath }))"
+        },
+        "externalLogins": {
+            "providers": @Html.Raw(JsonConvert.SerializeObject(loginProviders))
+        },
+        "application": {
+            "applicationPath" : "@Context.Request.ApplicationPath"
+        }
+    };       
     </script>
 
     @*And finally we can load in our angular app*@
diff --git a/src/Umbraco.Web/BaseRest/BaseRestHandler.cs b/src/Umbraco.Web/BaseRest/BaseRestHandler.cs
index f57b75e089..6f899463d7 100644
--- a/src/Umbraco.Web/BaseRest/BaseRestHandler.cs
+++ b/src/Umbraco.Web/BaseRest/BaseRestHandler.cs
@@ -31,6 +31,7 @@ namespace Umbraco.Web.BaseRest
 		/// <returns>A value indicating whether the specified Uri should be routed to the BaseRestHandler.</returns>
 		public static bool IsBaseRestRequest(Uri uri)
 		{
+		    if (uri == null) return false;
             return UmbracoConfig.For.BaseRestExtensions().Enabled
 				&& uri.AbsolutePath.ToLowerInvariant().StartsWith(BaseUrl);
 		}
diff --git a/src/Umbraco.Web/Editors/BackOfficeController.cs b/src/Umbraco.Web/Editors/BackOfficeController.cs
index e844d8f5fb..1146f255dd 100644
--- a/src/Umbraco.Web/Editors/BackOfficeController.cs
+++ b/src/Umbraco.Web/Editors/BackOfficeController.cs
@@ -3,6 +3,8 @@ using System.Collections.Generic;
 using System.Globalization;
 using System.IO;
 using System.Linq;
+using System.Security.Claims;
+using System.ServiceModel.Security;
 using System.Text;
 using System.Text.RegularExpressions;
 using System.Threading.Tasks;
@@ -33,7 +35,10 @@ using Umbraco.Web.WebServices;
 using Umbraco.Web.WebApi.Filters;
 using System.Web;
 using AutoMapper;
+using Microsoft.AspNet.Identity.Owin;
+using Umbraco.Core.Models.Identity;
 using Umbraco.Core.Security;
+using Task = System.Threading.Tasks.Task;
 
 namespace Umbraco.Web.Editors
 {
@@ -44,19 +49,48 @@ namespace Umbraco.Web.Editors
     [DisableClientCache]
     public class BackOfficeController : UmbracoController
     {
+        private BackOfficeUserManager _userManager;
+
         protected IOwinContext OwinContext
         {
             get { return Request.GetOwinContext(); }
         }
 
+        protected BackOfficeUserManager UserManager
+        {
+            get { return _userManager ?? (_userManager = OwinContext.GetUserManager<BackOfficeUserManager>()); }
+        }
+
         /// <summary>
         /// Render the default view
         /// </summary>
         /// <returns></returns>
-        public ActionResult Default()
+        public async Task<ActionResult> Default()
         {
             ViewBag.UmbracoPath = GlobalSettings.UmbracoMvcArea;
-            return View(GlobalSettings.Path.EnsureEndsWith('/') + "Views/Default.cshtml");
+
+            //First check if there's external login info, if there's not proceed as normal
+            var loginInfo = await OwinContext.Authentication.GetExternalLoginInfoAsync();
+            if (loginInfo == null)
+            {
+                return View(GlobalSettings.Path.EnsureEndsWith('/') + "Views/Default.cshtml");
+            }
+
+            // Sign in the user with this external login provider if the user already has a login
+            var user = await UserManager.FindAsync(loginInfo.Login);
+            if (user != null)
+            {
+                await SignInAsync(user, isPersistent: false);
+                //all signed in so just render the view as per normal
+                return View(GlobalSettings.Path.EnsureEndsWith('/') + "Views/Default.cshtml");
+            }
+
+            //The user hasn't used this login provider so need to display an error, they must link the provider in the user section
+            // TODO: Or wherever we decide to put that.
+
+            // TODO: Return a real error in one way or another, maybe a different view?
+
+            throw new SecurityNegotiationException("The requested provider " + loginInfo.Login.LoginProvider + " has not been linked to to an account");
         }
 
         /// <summary>
@@ -374,57 +408,33 @@ namespace Umbraco.Web.Editors
         
         [HttpPost]
         [AllowAnonymous]
-        public ActionResult ExternalLogin(string provider, string returnUrl = null)
+        public ActionResult ExternalLogin(string provider)
         {
-            if (returnUrl.IsNullOrWhiteSpace())
-            {
-                returnUrl = GlobalSettings.Path;
-            }
-
             // Request a redirect to the external login provider
             return new ChallengeResult(provider,
-                Url.Action("ExternalLoginCallback", "BackOffice", new
+                Url.Action("Default", "BackOffice", new
                 {
-                    area = GlobalSettings.UmbracoMvcArea,
-                    ReturnUrl = returnUrl
+                    area = GlobalSettings.UmbracoMvcArea
                 }));
         }
 
-        [HttpGet]
-        [AllowAnonymous]
-        public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
+        private async Task SignInAsync(BackOfficeIdentityUser user, bool isPersistent)
         {
-            var loginInfo = await OwinContext.Authentication.GetExternalLoginInfoAsync();
-            if (loginInfo == null)
-            {
-                //go home, invalid callback
-                return RedirectToLocal(returnUrl);
-            }
-
-            //// Sign in the user with this external login provider if the user already has a login
-            //var user = await UserManager<>.FindAsync(loginInfo.Login);
-            //if (user != null)
-            //{
-            //    await SignInAsync(user, isPersistent: false);
-            //    return RedirectToLocal(returnUrl);
-            //}
-            //else
-            //{
-            //    // If the user does not have an account, then prompt the user to create an account
-            //    ViewBag.ReturnUrl = returnUrl;
-            //    ViewBag.LoginProvider = loginInfo.Login.LoginProvider;
-
-            //    return View("ExternalLoginConfirmation", new ExternalLoginConfirmationViewModel { Email = loginInfo.Email });
-            //}
-
-            //TODO: until we make a user thingy and make this correctly , we'll just see if this works
-
-            var user = Security.GetBackOfficeUser(loginInfo.DefaultUserName);
-
-            var ticket = UmbracoContext.Security.PerformLogin(user);
-            HttpContext.AuthenticateCurrentRequest(ticket, false);
+            //TODO: I don't think we want to reference the 'default' external cookie since people might be using this on the front-end
+            // we'll need to create a secondary custom handler for the external cookie for the back office
+            OwinContext.Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie);
             
-            return View(GlobalSettings.Path.EnsureEndsWith('/') + "Views/Default.cshtml");
+            OwinContext.Authentication.SignIn(
+                new AuthenticationProperties() {IsPersistent = isPersistent}, 
+                await GenerateUserIdentityAsync(user));
+        }
+
+        private async Task<ClaimsIdentity> GenerateUserIdentityAsync(BackOfficeIdentityUser user)
+        {
+            // NOTE the authenticationType must match the umbraco one
+            // defined in CookieAuthenticationOptions.AuthenticationType
+            var userIdentity = await UserManager.CreateIdentityAsync(user, global::Umbraco.Core.Constants.Security.BackOfficeAuthenticationType);
+            return userIdentity;
         }
         
         
diff --git a/src/Umbraco.Web/IUmbracoContextAccessor.cs b/src/Umbraco.Web/IUmbracoContextAccessor.cs
new file mode 100644
index 0000000000..e3614a1e86
--- /dev/null
+++ b/src/Umbraco.Web/IUmbracoContextAccessor.cs
@@ -0,0 +1,13 @@
+namespace Umbraco.Web
+{
+    /// <summary>
+    /// Used to retrieve the Umbraco context
+    /// </summary>
+    /// <remarks>
+    /// TODO: We could expose this to make working with UmbracoContext easier if we were to use it throughout the codebase
+    /// </remarks>
+    internal interface IUmbracoContextAccessor
+    {
+        UmbracoContext Value { get; }
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Web/Security/Identity/AppBuilderExtensions.cs b/src/Umbraco.Web/Security/Identity/AppBuilderExtensions.cs
index d408e7a98a..27dfe80c6d 100644
--- a/src/Umbraco.Web/Security/Identity/AppBuilderExtensions.cs
+++ b/src/Umbraco.Web/Security/Identity/AppBuilderExtensions.cs
@@ -12,39 +12,35 @@ using Owin;
 using Umbraco.Core;
 using Umbraco.Core.Configuration;
 using Umbraco.Core.Logging;
+using Umbraco.Core.Models.Identity;
+using Umbraco.Core.Security;
 
 namespace Umbraco.Web.Security.Identity
 {
     public static class AppBuilderExtensions
     {
-        ///// <summary>
-        ///// Configure Identity User Manager for Umbraco
-        ///// </summary>
-        ///// <typeparam name="T"></typeparam>
-        ///// <param name="app"></param>
-        ///// <param name="appContext"></param>
-        //public static void ConfigureUserManagerForUmbraco<T>(this IAppBuilder app, ApplicationContext appContext)
-        //    where T : UmbracoIdentityUser, new()
-        //{
+        /// <summary>
+        /// Configure Identity User Manager for Umbraco
+        /// </summary>
+        /// <param name="app"></param>
+        /// <param name="appContext"></param>
+        /// <param name="userMembershipProvider"></param>
+        public static void ConfigureUserManagerForUmbracoBackOffice(this IAppBuilder app, ApplicationContext appContext, MembershipProviderBase userMembershipProvider)
+        {
+            //Don't proceed if the app is not ready
+            if (appContext.IsConfigured == false
+                || appContext.DatabaseContext == null
+                || appContext.DatabaseContext.IsDatabaseConfigured == false) return;
 
-        //    //Don't proceed if the app is not ready
-        //    if (appContext.IsConfigured == false
-        //        || appContext.DatabaseContext == null
-        //        || appContext.DatabaseContext.IsDatabaseConfigured == false) return;
-
-        //    //Configure Umbraco user manager to be created per request
-        //    app.CreatePerOwinContext<UmbracoMembersUserManager<T>>(
-        //        (o, c) => UmbracoMembersUserManager<T>.Create(
-        //            o, c, ApplicationContext.Current.Services.MemberService));
-
-        //    //Configure Umbraco member event handler to be created per request - this will ensure that the
-        //    // external logins are kept in sync if members are deleted from Umbraco
-        //    app.CreatePerOwinContext<MembersEventHandler<T>>((options, context) => new MembersEventHandler<T>(context));
-
-        //    //TODO: This is just for the mem leak fix
-        //    app.CreatePerOwinContext<OwinContextDisposal<MembersEventHandler<T>, UmbracoMembersUserManager<T>>>(
-        //        (o, c) => new OwinContextDisposal<MembersEventHandler<T>, UmbracoMembersUserManager<T>>(c));
-        //}
+            //Configure Umbraco user manager to be created per request
+            app.CreatePerOwinContext<BackOfficeUserManager>(
+                (options, owinContext) => BackOfficeUserManager.Create(
+                    options, 
+                    owinContext, 
+                    appContext.Services.UserService,
+                    appContext.Services.ExternalLoginService,
+                    userMembershipProvider));
+        }
 
         /// <summary>
         /// Ensures that the UmbracoBackOfficeAuthenticationMiddleware is assigned to the pipeline
@@ -59,8 +55,7 @@ namespace Umbraco.Web.Security.Identity
             app.UseCookieAuthentication(new UmbracoBackOfficeCookieAuthenticationOptions(
                     UmbracoConfig.For.UmbracoSettings().Security,
                     GlobalSettings.TimeOutInMinutes,
-                    GlobalSettings.UseSSL,
-                    GlobalSettings.Path)
+                    GlobalSettings.UseSSL)
             {
                 Provider = new CookieAuthenticationProvider
                 {                
@@ -82,7 +77,9 @@ namespace Umbraco.Web.Security.Identity
         {
             if (app == null) throw new ArgumentNullException("app");
 
-            app.UseExternalSignInCookie("UmbracoExternalCookie");
+            //app.UseExternalSignInCookie("UmbracoExternalCookie");
+
+            app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
 
             return app;
         }
diff --git a/src/Umbraco.Web/Security/Identity/BackOfficeCookieManager.cs b/src/Umbraco.Web/Security/Identity/BackOfficeCookieManager.cs
new file mode 100644
index 0000000000..7eedf2ecb0
--- /dev/null
+++ b/src/Umbraco.Web/Security/Identity/BackOfficeCookieManager.cs
@@ -0,0 +1,45 @@
+using Microsoft.Owin;
+using Microsoft.Owin.Infrastructure;
+using Umbraco.Core;
+
+namespace Umbraco.Web.Security.Identity
+{
+    /// <summary>
+    /// A custom cookie manager that is used to read the cookie from the request.
+    /// </summary>
+    /// <remarks>
+    /// Umbraco's back office cookie needs to be read on two paths: /umbraco and /install and /base therefore we cannot just set the cookie path to be /umbraco, 
+    /// instead we'll specify our own cookie manager and return null if the request isn't for an acceptable path.
+    /// </remarks>
+    internal class BackOfficeCookieManager : ChunkingCookieManager, ICookieManager
+    {
+        private readonly IUmbracoContextAccessor _umbracoContextAccessor;
+
+        public BackOfficeCookieManager(IUmbracoContextAccessor umbracoContextAccessor)
+        {
+            _umbracoContextAccessor = umbracoContextAccessor;
+        }
+
+        /// <summary>
+        /// Explicitly implement this so that we filter the request
+        /// </summary>
+        /// <param name="context"></param>
+        /// <param name="key"></param>
+        /// <returns></returns>
+        string ICookieManager.GetRequestCookie(IOwinContext context, string key)
+        {
+            if (_umbracoContextAccessor.Value == null || context.Request.Uri.IsClientSideRequest())
+            {
+                return null;
+            }
+
+            return UmbracoModule.ShouldAuthenticateRequest(
+                context.HttpContextFromOwinContext().Request, 
+                _umbracoContextAccessor.Value.OriginalRequestUrl) == false 
+                //Don't auth request, don't return a cookie
+                ? null 
+                //Return the default implementation
+                : base.GetRequestCookie(context, key);
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Web/Security/Identity/FormsAuthenticationSecureDataFormat.cs b/src/Umbraco.Web/Security/Identity/FormsAuthenticationSecureDataFormat.cs
index c2c4810564..ba46bba881 100644
--- a/src/Umbraco.Web/Security/Identity/FormsAuthenticationSecureDataFormat.cs
+++ b/src/Umbraco.Web/Security/Identity/FormsAuthenticationSecureDataFormat.cs
@@ -1,24 +1,26 @@
 using System;
 using System.Security.Claims;
 using System.Web.Security;
+using Microsoft.Owin;
 using Microsoft.Owin.Security;
+using Microsoft.Owin.Security.Cookies;
 using Newtonsoft.Json;
+using Owin;
 using Umbraco.Core.Security;
 
 namespace Umbraco.Web.Security.Identity
 {
+
     /// <summary>
     /// Custom secure format that uses the old FormsAuthentication format
     /// </summary>
     internal class FormsAuthenticationSecureDataFormat : ISecureDataFormat<AuthenticationTicket>
     {
         private readonly int _loginTimeoutMinutes;
-        private readonly string _cookiePath;
 
-        public FormsAuthenticationSecureDataFormat(int loginTimeoutMinutes, string cookiePath)
+        public FormsAuthenticationSecureDataFormat(int loginTimeoutMinutes)
         {
             _loginTimeoutMinutes = loginTimeoutMinutes;
-            _cookiePath = cookiePath;
         }
 
         public string Protect(AuthenticationTicket data)
@@ -33,12 +35,17 @@ namespace Umbraco.Web.Security.Identity
                 data.Properties.ExpiresUtc.HasValue ? data.Properties.ExpiresUtc.Value.LocalDateTime : DateTime.Now.AddMinutes(_loginTimeoutMinutes),
                 data.Properties.IsPersistent,
                 userDataString,
-                _cookiePath
+                "/"
                 );
 
             return FormsAuthentication.Encrypt(ticket);
         }
 
+        /// <summary>
+        /// Unprotects the cookie
+        /// </summary>
+        /// <param name="protectedText"></param>
+        /// <returns></returns>
         public AuthenticationTicket Unprotect(string protectedText)
         {
             FormsAuthenticationTicket decrypt;
diff --git a/src/Umbraco.Web/Security/Identity/UmbracoBackOfficeCookieAuthenticationOptions.cs b/src/Umbraco.Web/Security/Identity/UmbracoBackOfficeCookieAuthenticationOptions.cs
index 41d52e0684..10a6d7cb5c 100644
--- a/src/Umbraco.Web/Security/Identity/UmbracoBackOfficeCookieAuthenticationOptions.cs
+++ b/src/Umbraco.Web/Security/Identity/UmbracoBackOfficeCookieAuthenticationOptions.cs
@@ -1,6 +1,5 @@
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.Owin;
 using Microsoft.Owin.Security.Cookies;
 using Umbraco.Core;
 using Umbraco.Core.Configuration;
@@ -14,7 +13,7 @@ namespace Umbraco.Web.Security.Identity
     public sealed class UmbracoBackOfficeCookieAuthenticationOptions : CookieAuthenticationOptions
     {
         public UmbracoBackOfficeCookieAuthenticationOptions()
-            : this(UmbracoConfig.For.UmbracoSettings().Security, GlobalSettings.TimeOutInMinutes, GlobalSettings.UseSSL, GlobalSettings.Path)
+            : this(UmbracoConfig.For.UmbracoSettings().Security, GlobalSettings.TimeOutInMinutes, GlobalSettings.UseSSL)
         {            
         }
 
@@ -22,15 +21,14 @@ namespace Umbraco.Web.Security.Identity
             ISecuritySection securitySection, 
             int loginTimeoutMinutes, 
             bool forceSsl, 
-            string cookiePath,
             bool useLegacyFormsAuthDataFormat = true)
         {
-            AuthenticationType = "UmbracoBackOffice";
+            AuthenticationType = Constants.Security.BackOfficeAuthenticationType;
 
             if (useLegacyFormsAuthDataFormat)
             {
                 //If this is not explicitly set it will fall back to the default automatically
-                TicketDataFormat = new FormsAuthenticationSecureDataFormat(loginTimeoutMinutes, cookiePath);    
+                TicketDataFormat = new FormsAuthenticationSecureDataFormat(loginTimeoutMinutes);    
             }
 
             CookieDomain = securitySection.AuthCookieDomain;
@@ -38,9 +36,10 @@ namespace Umbraco.Web.Security.Identity
             CookieHttpOnly = true;
             CookieSecure = forceSsl ? CookieSecureOption.Always : CookieSecureOption.SameAsRequest;
 
-            //Ensure the cookie path is set so that it isn't transmitted for anything apart from requests to the back office
-            CookiePath = cookiePath.EnsureStartsWith('/');
+            CookiePath = "/";
 
+            //Custom cookie manager so we can filter requests
+            CookieManager = new BackOfficeCookieManager(new SingletonUmbracoContextAccessor());
         }       
     }
 }
\ No newline at end of file
diff --git a/src/Umbraco.Web/SingletonUmbracoContextAccessor.cs b/src/Umbraco.Web/SingletonUmbracoContextAccessor.cs
new file mode 100644
index 0000000000..ef2df5b6ea
--- /dev/null
+++ b/src/Umbraco.Web/SingletonUmbracoContextAccessor.cs
@@ -0,0 +1,10 @@
+namespace Umbraco.Web
+{
+    internal class SingletonUmbracoContextAccessor : IUmbracoContextAccessor
+    {
+        public UmbracoContext Value
+        {
+            get { return UmbracoContext.Current; }           
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Web/Umbraco.Web.csproj b/src/Umbraco.Web/Umbraco.Web.csproj
index 8520557feb..5c82c24948 100644
--- a/src/Umbraco.Web/Umbraco.Web.csproj
+++ b/src/Umbraco.Web/Umbraco.Web.csproj
@@ -149,11 +149,13 @@
       <SpecificVersion>False</SpecificVersion>
       <HintPath>..\packages\Microsoft.Owin.Security.3.0.0\lib\net45\Microsoft.Owin.Security.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.Owin.Security.Cookies">
-      <HintPath>..\packages\Microsoft.Owin.Security.Cookies.2.1.0\lib\net45\Microsoft.Owin.Security.Cookies.dll</HintPath>
+    <Reference Include="Microsoft.Owin.Security.Cookies, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\packages\Microsoft.Owin.Security.Cookies.3.0.0\lib\net45\Microsoft.Owin.Security.Cookies.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.Owin.Security.OAuth">
-      <HintPath>..\packages\Microsoft.Owin.Security.OAuth.2.1.0\lib\net45\Microsoft.Owin.Security.OAuth.dll</HintPath>
+    <Reference Include="Microsoft.Owin.Security.OAuth, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\packages\Microsoft.Owin.Security.OAuth.3.0.0\lib\net45\Microsoft.Owin.Security.OAuth.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Web.Infrastructure, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <Private>True</Private>
@@ -301,6 +303,7 @@
     </Compile>
     <Compile Include="ApplicationContextExtensions.cs" />
     <Compile Include="AreaRegistrationContextExtensions.cs" />
+    <Compile Include="IUmbracoContextAccessor.cs" />
     <Compile Include="Models\ContentEditing\Relation.cs" />
     <Compile Include="HtmlStringUtilities.cs" />
     <Compile Include="Models\ContentEditing\RelationType.cs" />
@@ -546,10 +549,12 @@
     <Compile Include="Scheduling\ILatchedBackgroundTask.cs" />
     <Compile Include="Scheduling\RecurringTaskBase.cs" />
     <Compile Include="Security\Identity\AppBuilderExtensions.cs" />
+    <Compile Include="Security\Identity\BackOfficeCookieManager.cs" />
     <Compile Include="Security\Identity\FormsAuthenticationSecureDataFormat.cs" />
     <Compile Include="Security\Identity\OwinExtensions.cs" />
     <Compile Include="Security\Identity\UmbracoBackOfficeCookieAuthenticationOptions.cs" />
     <Compile Include="Scheduling\TaskAndFactoryExtensions.cs" />
+    <Compile Include="SingletonUmbracoContextAccessor.cs" />
     <Compile Include="Strategies\Migrations\ClearCsrfCookiesAfterUpgrade.cs" />
     <Compile Include="Strategies\Migrations\ClearMediaXmlCacheForDeletedItemsAfterUpgrade.cs" />
     <Compile Include="Strategies\Migrations\EnsureListViewDataTypeIsCreated.cs" />
diff --git a/src/Umbraco.Web/UmbracoContext.cs b/src/Umbraco.Web/UmbracoContext.cs
index e3f86b8eb0..fa719aadbf 100644
--- a/src/Umbraco.Web/UmbracoContext.cs
+++ b/src/Umbraco.Web/UmbracoContext.cs
@@ -16,7 +16,6 @@ using SystemDirectories = Umbraco.Core.IO.SystemDirectories;
 
 namespace Umbraco.Web
 {
-
     /// <summary>
     /// Class that encapsulates Umbraco information of a specific HTTP request
     /// </summary>
diff --git a/src/Umbraco.Web/packages.config b/src/Umbraco.Web/packages.config
index 877034b4e5..1429ad68d5 100644
--- a/src/Umbraco.Web/packages.config
+++ b/src/Umbraco.Web/packages.config
@@ -22,8 +22,8 @@
   <package id="Microsoft.Owin" version="3.0.0" targetFramework="net45" />
   <package id="Microsoft.Owin.Host.SystemWeb" version="3.0.0" targetFramework="net45" />
   <package id="Microsoft.Owin.Security" version="3.0.0" targetFramework="net45" />
-  <package id="Microsoft.Owin.Security.Cookies" version="2.1.0" targetFramework="net45" />
-  <package id="Microsoft.Owin.Security.OAuth" version="2.1.0" targetFramework="net45" />
+  <package id="Microsoft.Owin.Security.Cookies" version="3.0.0" targetFramework="net45" />
+  <package id="Microsoft.Owin.Security.OAuth" version="3.0.0" targetFramework="net45" />
   <package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net45" />
   <package id="MiniProfiler" version="2.1.0" targetFramework="net45" />
   <package id="Newtonsoft.Json" version="6.0.4" targetFramework="net45" />