From 3041520419b984d3e69f3aadf5d5bc9ae8162a15 Mon Sep 17 00:00:00 2001
From: Roger Howell <roger.howell@education.gov.uk>
Date: Mon, 22 Jan 2024 23:56:46 +0000
Subject: [PATCH] Revert "Enable authentication to the service using active
 directory / entra / microsoft account"

This reverts commit 80f0a72d561323269d98a84c54f953903d37e1cb.
---
 .../Models/GraphUserClient.cs                 | 54 -----------
 .../Pages/Me/Index.cshtml                     | 94 -------------------
 .../Pages/Me/Index.cshtml.cs                  | 31 ------
 .../Pages/Shared/_DfE_1200px_Layout.cshtml    | 42 ++++-----
 .../Pages/Shared/_LoginPartial.cshtml         | 20 +++-
 .../Program.cs                                | 49 ++++------
 .../ServiceAssessmentService.WebApp.csproj    |  9 +-
 .../appsettings.Development.json              |  9 --
 .../appsettings.json                          | 13 ---
 9 files changed, 54 insertions(+), 267 deletions(-)
 delete mode 100644 src/ServiceAssessmentService/ServiceAssessmentService.WebApp/Models/GraphUserClient.cs
 delete mode 100644 src/ServiceAssessmentService/ServiceAssessmentService.WebApp/Pages/Me/Index.cshtml
 delete mode 100644 src/ServiceAssessmentService/ServiceAssessmentService.WebApp/Pages/Me/Index.cshtml.cs

diff --git a/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/Models/GraphUserClient.cs b/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/Models/GraphUserClient.cs
deleted file mode 100644
index 60135d64..00000000
--- a/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/Models/GraphUserClient.cs
+++ /dev/null
@@ -1,54 +0,0 @@
-using Microsoft.Graph;
-using ServiceAssessmentService.WebApp.Pages.Me;
-
-namespace ServiceAssessmentService.WebApp.Models;
-
-public class GraphUserClient
-{
-
-    private readonly GraphServiceClient _graphServiceClient;
-    private readonly ILogger<GraphUserClient> _logger;
-
-    private Microsoft.Graph.User? _graphUser = null;
-
-    public GraphUserClient(GraphServiceClient graphServiceClient, ILogger<GraphUserClient> logger)
-    {
-        _graphServiceClient = graphServiceClient;
-        _logger = logger;
-    }
-
-    public async Task<Microsoft.Graph.User> GetGraphUser()
-    {
-        if (_graphUser == null)
-        {
-            _graphUser = await _graphServiceClient.Me.Request().GetAsync();
-        }
-
-        return _graphUser;
-    }
-
-    public async Task<string> GetGraphUserDisplayName()
-    {
-        var graphUser = await GetGraphUser();
-        return graphUser.DisplayName;
-    }
-
-    public async Task<string> GetGraphUserGivenName()
-    {
-        var graphUser = await GetGraphUser();
-        return graphUser.GivenName;
-    }
-
-    public async Task<string> GetGraphUserSurname()
-    {
-        var graphUser = await GetGraphUser();
-        return graphUser.Surname;
-    }
-
-    public async Task<string> GetGraphUserMail()
-    {
-        var graphUser = await GetGraphUser();
-        return graphUser.Mail;
-    }
-
-}
diff --git a/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/Pages/Me/Index.cshtml b/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/Pages/Me/Index.cshtml
deleted file mode 100644
index f9be45ef..00000000
--- a/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/Pages/Me/Index.cshtml
+++ /dev/null
@@ -1,94 +0,0 @@
-@page
-@model ServiceAssessmentService.WebApp.Pages.Me.IndexModel
-@{
-    ViewData["Title"] = "Home page";
-
-    var graphUser = ViewData["GraphUser"] as Microsoft.Graph.User;
-}
-
-<div class="main--content">
-
-    <div class="main--inside-container">
-
-        <div class="govuk-grid-row">
-            <div class="govuk-grid-column">
-                <h1 class="govuk-heading-l ">Graph API result</h1>
-
-                <ul>
-                    <li>@ViewData["GraphApiResult"]</li>
-                    <li>@graphUser.GivenName</li>
-                    <li>@graphUser.Surname</li>
-                    <li>@graphUser.Mail</li>
-                </ul>
-            </div>
-        </div>
-
-        <div class="govuk-grid-row">
-            <div class="govuk-grid-column">
-                <h3 class="govuk-heading-m">User Properties</h3>
-
-                <dl class="govuk-summary-list">
-                    @foreach (var property in Model.User.GetType().GetProperties())
-                    {
-                        <div class="govuk-summary-list__row">
-                            <dt class="govuk-summary-list__key">
-                                @property.Name
-                            </dt>
-                            <dd class="govuk-summary-list__value">
-                                @property.GetValue(Model.User)
-                            </dd>
-                        </div>
-                    }
-                </dl>
-            </div>
-        </div>
-
-        <div class="govuk-grid-row">
-            <div class="govuk-grid-column">
-                <h3 class="govuk-heading-m">Claims</h3>
-
-                <dl class="govuk-summary-list">
-                    @foreach (var claim in Model.User.Claims)
-                    {
-                        <div class="govuk-summary-list__row">
-                            <dt class="govuk-summary-list__key">
-                                @claim.Type
-                            </dt>
-                            <dd class="govuk-summary-list__value">
-                                @claim.Value
-                            </dd>
-                        </div>
-                    }
-                </dl>
-            </div>
-        </div>
-
-
-        <div class="govuk-grid-row">
-            <div class="govuk-grid-column">
-                <h3 class="govuk-heading-m">User Properties</h3>
-
-                <dl class="govuk-summary-list">
-                    @foreach (var property in graphUser.GetType().GetProperties())
-                    {
-                        var value = property.GetValue(graphUser);
-                        if (value is null)
-                        {
-                            continue;
-                        }
-                        
-                        <div class="govuk-summary-list__row">
-                            <dt class="govuk-summary-list__key">
-                                @property.Name
-                            </dt>
-                            <dd class="govuk-summary-list__value">
-                                @value
-                            </dd>
-                        </div>
-                    }
-                </dl>
-            </div>
-        </div>
-
-    </div>
-</div>
diff --git a/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/Pages/Me/Index.cshtml.cs b/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/Pages/Me/Index.cshtml.cs
deleted file mode 100644
index c096f2e5..00000000
--- a/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/Pages/Me/Index.cshtml.cs
+++ /dev/null
@@ -1,31 +0,0 @@
-using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Mvc.RazorPages;
-using Microsoft.Identity.Web;
-using System.Net;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.Graph;
-using ServiceAssessmentService.WebApp.Models;
-
-namespace ServiceAssessmentService.WebApp.Pages.Me;
-
-[AuthorizeForScopes(ScopeKeySection = "MicrosoftGraph:Scopes")]
-public class IndexModel : PageModel
-{
-    private readonly GraphServiceClient _graphServiceClient;
-    private readonly GraphUserClient _graphUserClient;
-    private readonly ILogger<IndexModel> _logger;
-
-    public IndexModel(ILogger<IndexModel> logger, GraphServiceClient graphServiceClient, GraphUserClient graphUserClient)
-    {
-        _logger = logger;
-        _graphServiceClient = graphServiceClient;
-        _graphUserClient = graphUserClient;
-    }
-
-    public async Task OnGet()
-    {
-        var user = await _graphUserClient.GetGraphUser();
-        ViewData["GraphUser"] = user;
-        ViewData["GraphApiResult"] = user.DisplayName;
-    }
-}
diff --git a/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/Pages/Shared/_DfE_1200px_Layout.cshtml b/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/Pages/Shared/_DfE_1200px_Layout.cshtml
index 1d5e132e..0fcc542a 100644
--- a/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/Pages/Shared/_DfE_1200px_Layout.cshtml
+++ b/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/Pages/Shared/_DfE_1200px_Layout.cshtml
@@ -2,6 +2,8 @@
 @using ServiceAssessmentService.Data.Entities
 @using GovUk.Frontend.AspNetCore.TagHelpers
 
+@inject SignInManager<ServiceAssessmentServiceWebAppUser> SignInManager
+@inject UserManager<ServiceAssessmentServiceWebAppUser> UserManager
 
 @{
     // ReSharper disable once Razor.LayoutNotResolved
@@ -10,10 +12,10 @@
 
     // Use the page title, suffixed by the service name
     ViewData["Title"] += " - Service Assessment Service";
-
+    
     // get name of current area
     var area = ViewContext.RouteData.Values["area"] as string;
-
+    
     // get name of current controller
     var controller = ViewContext.RouteData.Values["controller"] as string;
 
@@ -38,14 +40,14 @@
     // Helpers, used to determine which navigation item is currently active
     var isAreaDefault = (area is null) || ("Home".Equals(area, StringComparison.OrdinalIgnoreCase));
     var isAreaBook = ("Book".Equals(area, StringComparison.OrdinalIgnoreCase));
-
+    
 
 }
 
 
 @* ReSharper disable once Razor.SectionNotResolved *@
 @section Head {
-    <link rel="stylesheet" href="~/dist/css/site.min.css" />
+    <link rel="stylesheet" href="~/dist/css/site.min.css"/>
 }
 
 
@@ -71,7 +73,7 @@
                 @*         <a href="/" class="govuk-link govuk-link--inverse">Sign out</a> *@
                 @*     </li> *@
                 @* </ul> *@
-
+                
                 <partial name="_LoginPartial" />
 
                 <div class="dfe-header__menu">
@@ -91,27 +93,28 @@
                     <button class="dfe-header__navigation-close" id="close-menu">
                         <svg class="dfe-icon dfe-icon__close" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"
                              aria-hidden="true" focusable="false" width="27" height="27">
-                            <path d="M13.41 12l5.3-5.29a1 1 0 1 0-1.42-1.42L12 10.59l-5.29-5.3a1 1 0 0 0-1.42 1.42l5.3 5.29-5.3 5.29a1 1 0 0 0 0 1.42 1 1 0 0 0 1.42 0l5.29-5.3 5.29 5.3a1 1 0 0 0 1.42 0 1 1 0 0 0 0-1.42z">
+                            <path
+                                d="M13.41 12l5.3-5.29a1 1 0 1 0-1.42-1.42L12 10.59l-5.29-5.3a1 1 0 0 0-1.42 1.42l5.3 5.29-5.3 5.29a1 1 0 0 0 0 1.42 1 1 0 0 0 1.42 0l5.29-5.3 5.29 5.3a1 1 0 0 0 1.42 0 1 1 0 0 0 0-1.42z">
                             </path>
                         </svg>
                         <span class="govuk-visually-hidden">Close menu</span>
                     </button>
                 </p>
                 <ul class="dfe-header__navigation-list">
-                    @if (User.Identity.IsAuthenticated)
+                    @if (SignInManager.IsSignedIn(User))
                     {
                         <li class="dfe-header__navigation-item @(isAreaDefault ? "dfe-header__navigation-item--current" : "")">
                             <a class="dfe-header__navigation-link" asp-page="/Dashboard">
                                 Dashboard
                                 <svg class="dfe-icon dfe-icon__chevron-right" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"
-                                     aria-hidden="true" width="34" height="34">
+                                aria-hidden="true" width="34" height="34">
                                     <path d="M15.5 12a1 1 0 0 1-.29.71l-5 5a1 1 0 0 1-1.42-1.42l4.3-4.29-4.3-4.29a1 1 0 0 1 1.42-1.42l5 5a1 1 0 0 1 .29.71z">
                                     </path>
                                 </svg>
                             </a>
                         </li>
                     }
-                    @if (User.Identity.IsAuthenticated)
+                    @if (SignInManager.IsSignedIn(User))
                     {
                         @* <li class="dfe-header__navigation-item @(isAreaDefault ? "dfe-header__navigation-item--current" : "")"> *@
                         @*     <a class="dfe-header__navigation-link" asp-page="/Book/Index"> *@
@@ -124,26 +127,13 @@
                         @*     </a> *@
                         @* </li> *@
                     }
-                    @if (User.Identity.IsAuthenticated)
+                    @if (SignInManager.IsSignedIn(User))
                     {
                         <li class="dfe-header__navigation-item @(isAreaDefault ? "dfe-header__navigation-item--current" : "")">
                             <a class="dfe-header__navigation-link" asp-page="/Book/List">
                                 Booking Requests
                                 <svg class="dfe-icon dfe-icon__chevron-right" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"
-                                     aria-hidden="true" width="34" height="34">
-                                    <path d="M15.5 12a1 1 0 0 1-.29.71l-5 5a1 1 0 0 1-1.42-1.42l4.3-4.29-4.3-4.29a1 1 0 0 1 1.42-1.42l5 5a1 1 0 0 1 .29.71z">
-                                    </path>
-                                </svg>
-                            </a>
-                        </li>
-                    }
-                    @if (User.Identity.IsAuthenticated)
-                    {
-                        <li class="dfe-header__navigation-item @(isAreaDefault ? "dfe-header__navigation-item--current" : "")">
-                            <a class="dfe-header__navigation-link" asp-page="/Me/Index">
-                                About Me
-                                <svg class="dfe-icon dfe-icon__chevron-right" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"
-                                     aria-hidden="true" width="34" height="34">
+                                aria-hidden="true" width="34" height="34">
                                     <path d="M15.5 12a1 1 0 0 1-.29.71l-5 5a1 1 0 0 1-1.42-1.42l4.3-4.29-4.3-4.29a1 1 0 0 1 1.42-1.42l5 5a1 1 0 0 1 .29.71z">
                                     </path>
                                 </svg>
@@ -158,7 +148,7 @@
 
 
 @* ReSharper disable once Razor.SectionNotResolved *@
-@section BeforeContent {
+@section BeforeContent{
     <govuk-phase-banner>
         <govuk-phase-banner-tag>Beta</govuk-phase-banner-tag>
         This is a new service - your <a href="#" class="govuk-link">feedback</a> will help us to improve it.
@@ -230,7 +220,7 @@
                          height="17"
                          width="41">
                         <path fill="currentColor"
-                              d="M421.5 142.8V.1l-50.7 32.3v161.1h112.4v-50.7zm-122.3-9.6A47.12 47.12 0 0 1 221 97.8c0-26 21.1-47.1 47.1-47.1 16.7 0 31.4 8.7 39.7 21.8l42.7-27.2A97.63 97.63 0 0 0 268.1 0c-36.5 0-68.3 20.1-85.1 49.7A98 98 0 0 0 97.8 0C43.9 0 0 43.9 0 97.8s43.9 97.8 97.8 97.8c36.5 0 68.3-20.1 85.1-49.7a97.76 97.76 0 0 0 149.6 25.4l19.4 22.2h3v-87.8h-80l24.3 27.5zM97.8 145c-26 0-47.1-21.1-47.1-47.1s21.1-47.1 47.1-47.1 47.2 21 47.2 47S123.8 145 97.8 145" />
+                              d="M421.5 142.8V.1l-50.7 32.3v161.1h112.4v-50.7zm-122.3-9.6A47.12 47.12 0 0 1 221 97.8c0-26 21.1-47.1 47.1-47.1 16.7 0 31.4 8.7 39.7 21.8l42.7-27.2A97.63 97.63 0 0 0 268.1 0c-36.5 0-68.3 20.1-85.1 49.7A98 98 0 0 0 97.8 0C43.9 0 0 43.9 0 97.8s43.9 97.8 97.8 97.8c36.5 0 68.3-20.1 85.1-49.7a97.76 97.76 0 0 0 149.6 25.4l19.4 22.2h3v-87.8h-80l24.3 27.5zM97.8 145c-26 0-47.1-21.1-47.1-47.1s21.1-47.1 47.1-47.1 47.2 21 47.2 47S123.8 145 97.8 145"/>
                     </svg>
                     <span class="govuk-footer__licence-description">
                         All content is available under the
diff --git a/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/Pages/Shared/_LoginPartial.cshtml b/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/Pages/Shared/_LoginPartial.cshtml
index 78ac3e18..eb445b6c 100644
--- a/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/Pages/Shared/_LoginPartial.cshtml
+++ b/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/Pages/Shared/_LoginPartial.cshtml
@@ -1,19 +1,29 @@
-@using GovUk.Frontend.AspNetCore.TagHelpers
+@using Microsoft.AspNetCore.Identity
+@using ServiceAssessmentService.Data.Entities
+@using GovUk.Frontend.AspNetCore.TagHelpers
+
+@inject SignInManager<ServiceAssessmentServiceWebAppUser> SignInManager
+@inject UserManager<ServiceAssessmentServiceWebAppUser> UserManager
 
 <ul class="dfe-header__action-links">
-    @if (User?.Identity?.IsAuthenticated ?? false)
+    @if (SignInManager.IsSignedIn(User))
     {
         <li class="nav-item">
-            <span class="govuk-link govuk-link--inverse">Hello @User.Identity.Name!</span>
+            <a class="govuk-link govuk-link--inverse" asp-area="Identity" asp-page="/Account/Manage/Index" title="Manage">Hello @UserManager.GetUserName(User)!</a>
         </li>
         <li class="nav-item">
-            <a class="govuk-link govuk-link--inverse" asp-area="MicrosoftIdentity" asp-controller="Account" asp-action="SignOut">Sign out</a>
+            <form id="logoutForm" class="form-inline" asp-area="Identity" asp-page="/Account/Logout" asp-route-returnUrl="/">
+                <button id="logout" type="submit" class="nav-link btn btn-link text-dark border-0">Logout</button>
+            </form>
         </li>
     }
     else
     {
         <li class="nav-item">
-            <a class="govuk-link govuk-link--inverse" asp-area="MicrosoftIdentity" asp-controller="Account" asp-action="SignIn">Sign in</a>
+            <a class="govuk-link govuk-link--inverse" asp-area="Identity" asp-page="/Account/Register">Register</a>
+        </li>
+        <li class="nav-item">
+            <a class="govuk-link govuk-link--inverse" asp-area="Identity" asp-page="/Account/Login">Login</a>
         </li>
     }
 </ul>
diff --git a/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/Program.cs b/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/Program.cs
index 9ef5b3ef..8eadab29 100644
--- a/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/Program.cs
+++ b/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/Program.cs
@@ -1,37 +1,15 @@
 using GovUk.Frontend.AspNetCore;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc.Authorization;
 using Microsoft.EntityFrameworkCore;
 using ServiceAssessmentService.Data;
 using ServiceAssessmentService.Data.Entities;
-using Microsoft.AspNetCore.Authentication.OpenIdConnect;
-using Microsoft.Identity.Web;
-using Microsoft.Identity.Web.UI;
-using ServiceAssessmentService.WebApp.Models;
-
 
 var builder = WebApplication.CreateBuilder(args);
 
-var initialScopes = builder.Configuration["DownstreamApi:Scopes"]?.Split(' ') ??
-                    builder.Configuration["MicrosoftGraph:Scopes"]?.Split(' ');
-
 // Add services to the container.
-builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
-    .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"))
-    .EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
-    .AddMicrosoftGraph(builder.Configuration.GetSection("MicrosoftGraph"))
-    .AddInMemoryTokenCaches();
-
-builder.Services.AddAuthorization(options =>
-{
-    // By default, all incoming requests will be authorized according to the default policy.
-    options.FallbackPolicy = options.DefaultPolicy;
-});
-builder.Services.AddRazorPages()
-    .AddMicrosoftIdentityUI();
-
-// // Used for local accounts
-// builder.Services
-//     .AddDefaultIdentity<ServiceAssessmentServiceWebAppUser>(options => options.SignIn.RequireConfirmedAccount = true)
-//     .AddEntityFrameworkStores<DataContext>();
+builder.Services.AddControllersWithViews();
+builder.Services.AddRazorPages();
 
 builder.Services.AddGovUkFrontend();
 
@@ -40,12 +18,23 @@
     options.UseSqlServer(builder.Configuration.GetConnectionString("DefaultConnection"));
 });
 
+builder.Services
+    .AddDefaultIdentity<ServiceAssessmentServiceWebAppUser>(options => options.SignIn.RequireConfirmedAccount = true)
+    .AddEntityFrameworkStores<DataContext>();
 
 builder.Services.AddHealthChecks()
     .AddDbContextCheck<DataContext>();
 
 builder.Services.AddScoped<AssessmentRequestRepository>();
-builder.Services.AddScoped<GraphUserClient>();
+
+builder.Services.AddControllers(config =>
+{
+    // Default to requiring authorisation, unless explicit [AllowAnonymous] specified for the page/route
+    var policy = new AuthorizationPolicyBuilder()
+                     .RequireAuthenticatedUser()
+                     .Build();
+    config.Filters.Add(new AuthorizeFilter(policy));
+});
 
 builder.Services.AddApplicationInsightsTelemetry();
 
@@ -59,18 +48,14 @@
     // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
     app.UseHsts();
 }
-else
-{
-    app.UseDeveloperExceptionPage();
-}
 
 app.UseHttpsRedirection();
 app.UseStaticFiles();
 
 app.UseRouting();
 
-app.UseAuthentication();
 app.UseAuthorization();
+app.UseAuthentication();
 
 app.MapControllerRoute(
     name: "default",
diff --git a/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/ServiceAssessmentService.WebApp.csproj b/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/ServiceAssessmentService.WebApp.csproj
index 7ed13db5..95607369 100644
--- a/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/ServiceAssessmentService.WebApp.csproj
+++ b/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/ServiceAssessmentService.WebApp.csproj
@@ -12,11 +12,14 @@
     <PackageReference Include="GovUk.Frontend.AspNetCore" Version="1.4.0" />
     <PackageReference Include="Microsoft.ApplicationInsights.AspNetCore" Version="2.21.0" />
     <PackageReference Include="Microsoft.AspNetCore.Components.QuickGrid.EntityFrameworkAdapter" Version="8.0.1" />
+    <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="8.0.1" />
     <PackageReference Include="Microsoft.AspNetCore.Identity.UI" Version="8.0.1" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="8.0.1" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="8.0.1">
+      <PrivateAssets>all</PrivateAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+    </PackageReference>
     <PackageReference Include="Microsoft.Extensions.Diagnostics.HealthChecks.EntityFrameworkCore" Version="8.0.1" />
-    <PackageReference Include="Microsoft.Identity.Web" Version="2.16.1" />
-    <PackageReference Include="Microsoft.Identity.Web.MicrosoftGraph" Version="2.16.1" />
-    <PackageReference Include="Microsoft.Identity.Web.UI" Version="2.16.1" />
     <PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="8.0.0" />
   </ItemGroup>
   <ItemGroup>
diff --git a/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/appsettings.Development.json b/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/appsettings.Development.json
index 0e902a7e..3bb1769d 100644
--- a/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/appsettings.Development.json
+++ b/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/appsettings.Development.json
@@ -1,13 +1,4 @@
 {
-  "AzureAd": {
-    "Instance": "https://login.microsoftonline.com/",
-    "Domain": "platform.education.gov.uk",
-    "TenantId": "9c7d9dd3-840c-4b3f-818e-552865082e16",
-    "ClientId": "3bccece3-7950-4793-8799-49bf7ad14ed1",
-    "CallbackPath": "/signin-oidc",
-    "ClientSecret": "Client secret from app-registration. Check user secrets/azure portal.",
-    "ClientCertificates": []
-  },
   "ConnectionStrings": {
     "DefaultConnection": "",
     "RemoteDevConnection": "Server=serviceassessmentplus-dev.database.windows.net;Database=ServiceAssessmentPlus-dev;Authentication=Active Directory Integrated;",
diff --git a/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/appsettings.json b/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/appsettings.json
index cc5fa3d5..fce100ee 100644
--- a/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/appsettings.json
+++ b/src/ServiceAssessmentService/ServiceAssessmentService.WebApp/appsettings.json
@@ -2,19 +2,6 @@
   "ConnectionStrings": {
     "DefaultConnection": ""
   },
-  "AzureAd": {
-    "Instance": "",
-    "Domain": "",
-    "TenantId": "",
-    "ClientId": "",
-    "CallbackPath": "",
-    "ClientSecret": "",
-    "ClientCertificates": []
-  },
-  "MicrosoftGraph": {
-    "BaseUrl": "https://graph.microsoft.com/v1.0",
-    "Scopes": "user.read User.ReadBasic.All"
-  },
   "Logging": {
     "LogLevel": {
       "Default": "Information",