diff --git a/Web/App.razor b/Web/App.razor
index 552da3a..5235d6a 100644
--- a/Web/App.razor
+++ b/Web/App.razor
@@ -1,10 +1,30 @@
-<Router AppAssembly="@typeof(Program).Assembly" PreferExactMatches="@true">
-    <Found Context="routeData">
-        <RouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)"/>
-    </Found>
-    <NotFound>
-        <LayoutView Layout="@typeof(MainLayout)">
-            <p>Sorry, there's nothing at this address.</p>
-        </LayoutView>
-    </NotFound>
-</Router>
\ No newline at end of file
+@inject NavigationManager NavigationManager
+
+<CascadingAuthenticationState>
+    <Router AppAssembly="@typeof(Program).Assembly">
+        <Found Context="routeData">
+            <AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)">
+                <NotAuthorized>
+                    @{
+                        var returnUrl = NavigationManager.ToBaseRelativePath(NavigationManager.Uri);
+                    
+                        NavigationManager.NavigateTo($"login?redirectUri={returnUrl}", forceLoad: true);
+                    
+                    }
+
+                </NotAuthorized>
+                <Authorizing>
+                    Wait...
+                </Authorizing>
+            </AuthorizeRouteView>
+        </Found>
+        <NotFound>
+
+            <LayoutView Layout="@typeof(MainLayout)">
+                <p>Sorry, there's nothing at this address.</p>
+            </LayoutView>
+
+        </NotFound>
+
+    </Router>
+</CascadingAuthenticationState>
\ No newline at end of file
diff --git a/Web/Pages/Login.cshtml b/Web/Pages/Login.cshtml
new file mode 100644
index 0000000..e200414
--- /dev/null
+++ b/Web/Pages/Login.cshtml
@@ -0,0 +1,19 @@
+@page
+@model Web.Pages.Login
+
+@{
+    Layout = null;
+}
+
+<!DOCTYPE html>
+
+<html>
+<head>
+    <title></title>
+</head>
+<body>
+<div>
+    
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/Web/Pages/Login.cshtml.cs b/Web/Pages/Login.cshtml.cs
new file mode 100644
index 0000000..44ca14d
--- /dev/null
+++ b/Web/Pages/Login.cshtml.cs
@@ -0,0 +1,20 @@
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+
+namespace Web.Pages
+{
+    public class Login : PageModel
+    {
+        // Can't be put into a razor page
+        public async Task OnGet(string redirectUri)
+        {
+            await HttpContext.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties()
+            {
+                RedirectUri = redirectUri
+            });
+        }
+    }
+}
\ No newline at end of file
diff --git a/Web/Pages/Logout.cshtml b/Web/Pages/Logout.cshtml
new file mode 100644
index 0000000..33438c7
--- /dev/null
+++ b/Web/Pages/Logout.cshtml
@@ -0,0 +1,19 @@
+@page
+@model Web.Pages.Logout
+
+@{
+    Layout = null;
+}
+
+<!DOCTYPE html>
+
+<html>
+<head>
+    <title></title>
+</head>
+<body>
+<div>
+    
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/Web/Pages/Logout.cshtml.cs b/Web/Pages/Logout.cshtml.cs
new file mode 100644
index 0000000..fd7debe
--- /dev/null
+++ b/Web/Pages/Logout.cshtml.cs
@@ -0,0 +1,16 @@
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+
+namespace Web.Pages
+{
+    public class Logout : PageModel
+    {
+        public async Task<IActionResult> OnGet()
+        {
+            await HttpContext.SignOutAsync();
+            return Redirect("/");
+        }
+    }
+}
\ No newline at end of file
diff --git a/Web/Shared/LoginDisplay.razor b/Web/Shared/LoginDisplay.razor
new file mode 100644
index 0000000..6ca5855
--- /dev/null
+++ b/Web/Shared/LoginDisplay.razor
@@ -0,0 +1,9 @@
+<AuthorizeView>
+    <Authorized>
+        Hello, @(context.User.Identity.Name)!
+        <a href="logout">Log out</a>
+    </Authorized>
+    <NotAuthorized>
+        <a href="login?redirectUri=/">Log in</a>
+    </NotAuthorized>
+ </AuthorizeView>
\ No newline at end of file
diff --git a/Web/Shared/MainLayout.razor b/Web/Shared/MainLayout.razor
index 8d253f6..9d70574 100644
--- a/Web/Shared/MainLayout.razor
+++ b/Web/Shared/MainLayout.razor
@@ -7,6 +7,7 @@
 
     <div class="main">
         <div class="top-row px-4">
+            <LoginDisplay/>
             <a href="https://docs.microsoft.com/aspnet/" target="_blank">About</a>
         </div>
 
diff --git a/Web/Startup.cs b/Web/Startup.cs
index b5f040d..4862858 100644
--- a/Web/Startup.cs
+++ b/Web/Startup.cs
@@ -2,6 +2,8 @@ using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Components;
 using Microsoft.AspNetCore.Hosting;
@@ -9,6 +11,8 @@ using Microsoft.AspNetCore.HttpsPolicy;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Microsoft.IdentityModel.Tokens;
 using Web.Data;
 
 namespace Web
@@ -28,17 +32,40 @@ namespace Web
         {
             services.AddRazorPages();
             services.AddServerSideBlazor();
+            services.AddHttpContextAccessor();
             services.AddSingleton<WeatherForecastService>();
             services.AddAuthentication(options =>
                 {
-                    options.DefaultScheme = "Cookies";
+                    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                     options.DefaultChallengeScheme = "oidc";
                 })
-                .AddCookie("Cookies")
+                .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
                 .AddOpenIdConnect(options =>
                 {
-                    options.Authority = "https://authentik.mattstop.com/application/o/petrie-panel/";
-                    options.ClientId = "85bcc426a47ac2c3575b6d590ec4f53db237e212";
+                    options.Authority = Configuration["oidc:authority"];
+                    options.ClientId = Configuration["oidc:client_id"];
+                    options.ClientSecret = Configuration["oidc:client_secret"];
+
+                    options.ResponseType = OpenIdConnectResponseType.Code;
+                    options.GetClaimsFromUserInfoEndpoint = true;
+                    options.SaveTokens = true;
+                    options.Scope.Add("openid");
+                    options.Scope.Add("profile");
+                    options.Scope.Add("email");
+                    options.TokenValidationParameters = new 
+                        TokenValidationParameters
+                        {
+                            NameClaimType = "name"
+                        };
+                    options.Events = new OpenIdConnectEvents
+                    {
+                        OnAccessDenied = context =>
+                        {
+                            context.HandleResponse();
+                            context.Response.Redirect("/");
+                            return Task.CompletedTask;
+                        }
+                    };
                 });
         }
 
@@ -60,7 +87,8 @@ namespace Web
             app.UseStaticFiles();
 
             app.UseRouting();
-            //app.UseAuthentication();
+            app.UseAuthentication();
+            app.UseAuthorization();
 
             app.UseEndpoints(endpoints =>
             {
diff --git a/Web/appsettings.json b/Web/appsettings.json
index d9d9a9b..a641504 100644
--- a/Web/appsettings.json
+++ b/Web/appsettings.json
@@ -6,5 +6,10 @@
       "Microsoft.Hosting.Lifetime": "Information"
     }
   },
-  "AllowedHosts": "*"
+  "AllowedHosts": "*",
+  "oidc" : {
+    "authority" : "https://dummy.dummy",
+    "client_id": "id",
+    "client_secret": "secret"
+  }
 }