diff --git a/eng/Versions.MSIdentity.props b/eng/Versions.MSIdentity.props
index 70e5460ab..46f49209b 100644
--- a/eng/Versions.MSIdentity.props
+++ b/eng/Versions.MSIdentity.props
@@ -6,7 +6,7 @@
     <UsingToolNetFrameworkReferenceAssemblies>true</UsingToolNetFrameworkReferenceAssemblies>
   </PropertyGroup>
   <PropertyGroup>
-    <VersionPrefix>1.0.1</VersionPrefix>
+    <VersionPrefix>1.0.2</VersionPrefix>
     <PreReleaseVersionLabel>rtm</PreReleaseVersionLabel>
     <IsServicingBuild Condition="'$(PreReleaseVersionLabel)' == 'servicing'">true</IsServicingBuild>
     <!--
diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/AuthenticationParameters/ApplicationParameters.cs b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/AuthenticationParameters/ApplicationParameters.cs
index da6ef6ae1..a52f3b059 100644
--- a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/AuthenticationParameters/ApplicationParameters.cs
+++ b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/AuthenticationParameters/ApplicationParameters.cs
@@ -117,7 +117,7 @@ public string? Domain1
         /// <summary>
         /// The project is a blazor web assembly.
         /// </summary>
-        public bool? IsBlazorWasm { get; set; }
+        public bool IsBlazorWasm { get; set; }
 
         /// <summary>
         /// The app calls Microsoft Graph.
@@ -155,7 +155,7 @@ public string? Domain1
         public List<string> PasswordCredentials { get; } = new List<string>();
 
         /// <summary>
-        /// Identitier URIs for web APIs.
+        /// Identifier URIs for web APIs.
         /// </summary>
         public string? AppIdUri { set;  get; }
 
diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/AuthenticationParameters/AzureAdProperties.cs b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/AuthenticationParameters/AzureAdProperties.cs
index 060a32c38..27c0c8f85 100644
--- a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/AuthenticationParameters/AzureAdProperties.cs
+++ b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/AuthenticationParameters/AzureAdProperties.cs
@@ -1,26 +1,37 @@
-using System;
-using System.Collections.Generic;
-using System.Text;
-
 namespace Microsoft.DotNet.MSIdentity.AuthenticationParameters
 {
-    public class AzureAdProperties
+    public class PropertyNames
     {
-        public string? Domain { get; set; }
-        public string? TenantId { get; set; }
-        public string? ClientId { get; set; }
-        public string? ClientSecret { get; set; }
-        public string? CallbackPath { get; set; }
-        public string? Instance { get; set; }
+        public const string Domain = nameof(Domain);
+        public const string TenantId = nameof(TenantId);
+        public const string ClientId = nameof(ClientId);
+        public const string ClientSecret = nameof(ClientSecret);
+        public const string ClientCertificates = nameof(ClientCertificates);
+        public const string CallbackPath = nameof(CallbackPath);
+        public const string Instance = nameof(Instance);
+
+        public const string Authority = nameof(Authority);
+        public const string ValidateAuthority = nameof(ValidateAuthority);
+
+        public const string BaseUrl = nameof(BaseUrl);
+        public const string Scopes = nameof(Scopes);
     }
 
-    //getting default properties from https://github.com/dotnet/aspnetcore/blob/6bc4b79f4ee7af00edcbb435e5ee4c1de349a110/src/ProjectTemplates/Web.ProjectTemplates/content/StarterWeb-CSharp/appsettings.json
-    public static class AzureAdDefaultProperties
+    // getting default properties from
+    // https://github.com/dotnet/aspnetcore/blob/6bc4b79f4ee7af00edcbb435e5ee4c1de349a110/src/ProjectTemplates/Web.ProjectTemplates/content/StarterWeb-CSharp/appsettings.json
+    public static class DefaultProperties
     {
         public const string Domain = "qualified.domain.name";
         public const string TenantId = "22222222-2222-2222-2222-222222222222";
         public const string ClientId = "11111111-1111-1111-11111111111111111";
         public const string Instance = "https://login.microsoftonline.com/";
         public const string CallbackPath = "/signin-oidc";
+        public const string ClientSecret = "Client secret from app-registration. Check user secrets/azure portal.";
+
+        public const string Authority = "https://login.microsoftonline.com/22222222-2222-2222-2222-222222222222";
+        public const string ValidateAuthority = "true";
+
+        public const string MicrosoftGraphBaseUrl = "https://graph.microsoft.com/v1.0";
+        public const string MicrosoftGraphScopes = "user.read";
     }
 }
diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeFiles/Blazor/Server/ShowProfile.razor b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeFiles/Blazor/Server/ShowProfile.razor
index 34718e0fd..78a629710 100644
--- a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeFiles/Blazor/Server/ShowProfile.razor
+++ b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeFiles/Blazor/Server/ShowProfile.razor
@@ -24,60 +24,21 @@ else
             <td>Name</td>
             <td>@user.DisplayName</td>
         </tr>
-        <tr>
-            <td>Photo</td>
-            <td>
-                @{
-                    if (photo != null)
-                    {
-                        <img style="margin: 5px 0; width: 150px" src="data:image/jpeg;base64, @photo" />
-                    }
-                    else
-                    {
-                        <h3>NO PHOTO</h3>
-                        <p>Check user profile in Azure Active Directory to add a photo.</p>
-                    }
-                }
-            </td>
-        </tr>
     </table>
 }
 
 @code {
-    User user;
-    string photo;
+    User? user;
 
     protected override async Task OnInitializedAsync()
     {
         try
         {
             user = await GraphServiceClient.Me.Request().GetAsync();
-            photo = await GetPhoto();
         }
         catch (Exception ex)
         {
             ConsentHandler.HandleException(ex);
         }
     }
-
-    protected async Task<string> GetPhoto()
-    {
-        string photo;
-
-        try
-        {
-            using (var photoStream = await GraphServiceClient.Me.Photo.Content.Request().GetAsync())
-            {
-                byte[] photoByte = ((System.IO.MemoryStream)photoStream).ToArray();
-                photo = Convert.ToBase64String(photoByte);
-                this.StateHasChanged();
-            }
-
-        }
-        catch (Exception)
-        {
-            photo = null;
-        }
-        return photo;
-    }
 }
diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeFiles/Blazor/wasm/Authentication.razor b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeFiles/Blazor/wasm/Authentication.razor
new file mode 100644
index 000000000..6c7435673
--- /dev/null
+++ b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeFiles/Blazor/wasm/Authentication.razor
@@ -0,0 +1,7 @@
+﻿@page "/authentication/{action}"
+@using Microsoft.AspNetCore.Components.WebAssembly.Authentication
+<RemoteAuthenticatorView Action="@Action" />
+
+@code{
+    [Parameter] public string? Action { get; set; }
+}
diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeFiles/Blazor/wasm/LoginDisplay.razor b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeFiles/Blazor/wasm/LoginDisplay.razor
new file mode 100644
index 000000000..9ce29c5d8
--- /dev/null
+++ b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeFiles/Blazor/wasm/LoginDisplay.razor
@@ -0,0 +1,23 @@
+@using Microsoft.AspNetCore.Components.Authorization
+@using Microsoft.AspNetCore.Components.WebAssembly.Authentication
+
+@inject NavigationManager Navigation
+@inject SignOutSessionStateManager SignOutManager
+
+<AuthorizeView>
+    <Authorized>
+        Hello, @context.User.Identity?.Name!
+        <button class="nav-link btn btn-link" @onclick="BeginLogout">Log out</button>
+    </Authorized>
+    <NotAuthorized>
+        <a href="authentication/login">Log in</a>
+    </NotAuthorized>
+</AuthorizeView>
+
+@code{
+    private async Task BeginLogout(MouseEventArgs args)
+    {
+        await SignOutManager.SetSignOutState();
+        Navigation.NavigateTo("authentication/logout");
+    }
+}
diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeFiles/Blazor/wasm/RedirectToLogin.razor b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeFiles/Blazor/wasm/RedirectToLogin.razor
new file mode 100644
index 000000000..2db61cf6d
--- /dev/null
+++ b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeFiles/Blazor/wasm/RedirectToLogin.razor
@@ -0,0 +1,8 @@
+﻿@inject NavigationManager Navigation
+
+@code {
+    protected override void OnInitialized()
+    {
+        Navigation.NavigateTo($"authentication/login?returnUrl={Uri.EscapeDataString(Navigation.Uri)}");
+    }
+}
diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeModifierConfigs/cm_dotnet_blazorserver.json b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeModifierConfigs/cm_dotnet_blazorserver.json
index 31818ea1c..a8c03fa7e 100644
--- a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeModifierConfigs/cm_dotnet_blazorserver.json
+++ b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeModifierConfigs/cm_dotnet_blazorserver.json
@@ -175,7 +175,7 @@
     },
     {
       "FileName": "App.razor",
-      "RazorChanges": [
+      "Replacements": [
         {
           "Block": "<CascadingAuthenticationState>\r\n    <Router AppAssembly=\"@typeof(App).Assembly\">",
           "ReplaceSnippet": "<Router AppAssembly=\"@typeof(App).Assembly\">"
@@ -192,7 +192,7 @@
         "MicrosoftGraph",
         "DownstreamApi"
       ],
-      "RazorChanges": [
+      "Replacements": [
         {
           "Block": "</NavLink>\r\n        </div>\r\n        <div class=\"nav-item px-3\">\r\n            <NavLink class=\"nav-link\" href=\"showprofile\">\r\n                <span class=\"oi oi-list-rich\" aria-hidden=\"true\"></span> Show profile\r\n            </NavLink>\r\n        </div>\r\n    </nav>\r\n</div>",
           "ReplaceSnippet": "</NavLink>\r\n        </div>\r\n    </nav>\r\n</div>",
@@ -211,7 +211,7 @@
     },
     {
       "FileName": "MainLayout.razor",
-      "RazorChanges": [
+      "Replacements": [
         {
           "Block": "    <main>\r\n        <div class=\"top-row px-4 auth\">\r\n            <LoginDisplay />",
           "ReplaceSnippet": "    <main>\r\n        <div class=\"top-row px-4\">"
diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeModifierConfigs/cm_dotnet_blazorwasm.json b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeModifierConfigs/cm_dotnet_blazorwasm.json
index 0db3279e4..b152328d4 100644
--- a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeModifierConfigs/cm_dotnet_blazorwasm.json
+++ b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeModifierConfigs/cm_dotnet_blazorwasm.json
@@ -1,3 +1,84 @@
 {
-
+  "Identifier": "dotnet-blazorwasm",
+  "Files": [
+    {
+      "FileName": "Program.cs",
+      "Options": [ "MinimalApp" ],
+      "Methods": {
+        "Global": {
+          "CodeChanges": [
+            {
+              "Block": "builder.Services.AddMsalAuthentication(options =>\r\n{\r\n    builder.Configuration.Bind(\"AzureAd\", options.ProviderOptions.Authentication);\r\n});\r\n",
+              "InsertAfter": "builder.Services.AddScoped",
+              "InsertBefore": [
+                "builder.Build"
+              ],
+              "CodeFormatting": {
+                "Newline": true
+              }
+            }
+          ]
+        }
+      }
+    },
+    {
+      "FileName": "_Imports.razor",
+      "Replacements": [
+        {
+          "Block": "@using Microsoft.AspNetCore.Components.Authorization\r\n"
+        }
+      ]
+    },
+    {
+      "FileName": "App.razor",
+      "Replacements": [
+        {
+          "Block": "<CascadingAuthenticationState>\r\n    <Router AppAssembly=\"@typeof(App).Assembly\">",
+          "ReplaceSnippet": "<Router AppAssembly=\"@typeof(App).Assembly\">"
+        },
+        {
+          "Block": "        <Found Context=\"routeData\">\r\n            <AuthorizeRouteView RouteData=\"@routeData\" DefaultLayout=\"@typeof(MainLayout)\">\r\n                <NotAuthorized>\r\n                    @if (context.User.Identity?.IsAuthenticated != true)\r\n                    {\r\n                        <RedirectToLogin />\r\n                    }\r\n                    else\r\n                    {\r\n                        <p role=\"alert\">You are not authorized to access this resource.</p>\r\n                    }\r\n                </NotAuthorized>\r\n            </AuthorizeRouteView>\r\n            <FocusOnNavigate RouteData=\"@routeData\" Selector=\"h1\" />\r\n        </Found>\r\n",
+          "ReplaceSnippet": "    <Found Context=\"routeData\">\r\n        <RouteView RouteData=\"@routeData\" DefaultLayout=\"@typeof(MainLayout)\" />\r\n        <FocusOnNavigate RouteData=\"@routeData\" Selector=\"h1\" />\r\n    </Found>\r\n"
+        },
+        {
+          "Block": "        <NotFound>\r\n            <PageTitle>Not found</PageTitle>\r\n            <LayoutView Layout=\"@typeof(MainLayout)\">\r\n                <p role=\"alert\">Sorry, there's nothing at this address.</p>\r\n            </LayoutView>\r\n        </NotFound>",
+          "ReplaceSnippet": "    <NotFound>\r\n        <PageTitle>Not found</PageTitle>\r\n        <LayoutView Layout=\"@typeof(MainLayout)\">\r\n            <p role=\"alert\">Sorry, there's nothing at this address.</p>\r\n        </LayoutView>\r\n    </NotFound>"
+        },
+        {
+          "Block": "    </Router>\r\n</CascadingAuthenticationState>",
+          "ReplaceSnippet": "</Router>"
+        }
+      ]
+    },
+    {
+      "FileName": "index.html",
+      "Replacements": [
+        {
+          "Block": "    <script src=\"_content/Microsoft.Authentication.WebAssembly.Msal/AuthenticationService.js\"></script>    \r\n    <script src=\"_framework/blazor.webassembly.js\"></script>",
+          "ReplaceSnippet": "    <script src=\"_framework/blazor.webassembly.js\"></script>"
+        }
+      ]
+    },
+    {
+      "FileName": "Authentication.razor",
+      "AddFilePath": "Pages/Authentication.razor"
+    },
+    {
+      "FileName": "LoginDisplay.razor", 
+      "AddFilePath": "Shared/LoginDisplay.razor"
+    },
+    {
+      "FileName": "MainLayout.razor",
+      "Replacements": [
+        {
+          "Block": "        <div class=\"top-row px-4 auth\">\r\n            <LoginDisplay />\r\n",
+          "ReplaceSnippet": "        <div class=\"top-row px-4\">\r\n"
+        }
+      ]
+    },
+    {
+      "FileName": "RedirectToLogin.razor",
+      "AddFilePath": "Shared/RedirectToLogin.razor"
+    }
+  ]
 }
diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeReader.cs b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeReader.cs
index 093f1de2e..bd8e5127e 100644
--- a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeReader.cs
+++ b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/CodeReader.cs
@@ -32,32 +32,30 @@ public class CodeReader
         /// <param name="projectDescriptions"></param>
         /// <returns></returns>
         public ProjectAuthenticationSettings ReadFromFiles(
-            string folderToConfigure,
             ProjectDescription projectDescription,
-            IEnumerable<ProjectDescription> projectDescriptions)
+            IEnumerable<ProjectDescription> projectDescriptions,
+            IEnumerable<string> files)
         {
             ProjectAuthenticationSettings projectAuthenticationSettings = new ProjectAuthenticationSettings(projectDescription);
             ProcessProject(
-                folderToConfigure,
                 projectDescription,
                 projectAuthenticationSettings,
-                projectDescriptions);
+                projectDescriptions,
+                files);
             return projectAuthenticationSettings;
         }
 
-        private static void ProcessProject(
-            string folderToConfigure,
+        private void ProcessProject(
             ProjectDescription projectDescription,
             ProjectAuthenticationSettings projectAuthenticationSettings,
-            IEnumerable<ProjectDescription> projectDescriptions)
+            IEnumerable<ProjectDescription> projectDescriptions,
+            IEnumerable<string> files)
         {
-            string projectPath = Path.Combine(folderToConfigure, projectDescription.ProjectRelativeFolder!);
-
             // TO-DO get all the project descriptions
-            var properties = projectDescription.GetMergedConfigurationProperties(projectDescriptions).ToArray();
+            var properties = projectDescription.GetMergedConfigurationProperties(projectDescriptions);
             foreach (ConfigurationProperties configurationProperties in properties)
             {
-                string? filePath = Directory.EnumerateFiles(projectPath, configurationProperties.FileRelativePath!).FirstOrDefault();
+                string? filePath = files.Where(f => f.Contains(configurationProperties.FileRelativePath!)).FirstOrDefault();
                 ProcessFile(projectAuthenticationSettings, filePath, configurationProperties);
             }
 
@@ -72,12 +70,9 @@ private static void ProcessProject(
             PostProcessWebUris(projectAuthenticationSettings);
         }
 
-        private static void PostProcessWebUris(ProjectAuthenticationSettings projectAuthenticationSettings)
+        private void PostProcessWebUris(ProjectAuthenticationSettings projectAuthenticationSettings)
         {
-            bool isBlazorWasm = projectAuthenticationSettings.ApplicationParameters.IsBlazorWasm.HasValue &&
-                                projectAuthenticationSettings.ApplicationParameters.IsBlazorWasm.Value &&
-                                projectAuthenticationSettings.ApplicationParameters.IsWebApp.HasValue &&
-                                !projectAuthenticationSettings.ApplicationParameters.IsWebApp.Value;
+            bool isBlazorWasm = projectAuthenticationSettings.ApplicationParameters.IsBlazorWasm;
             string callbackPath = projectAuthenticationSettings.ApplicationParameters.CallbackPath ?? "/signin-oidc";
             if (isBlazorWasm)
             {
@@ -187,8 +182,8 @@ private static void ProcessFile(
                                 JsonElement element = pair.Key;
                                 int index = pair.Value;
                                 found = true;
-                                string replaceFrom = element.ValueKind == JsonValueKind.Number 
-                                    ? element.GetInt32().ToString(CultureInfo.InvariantCulture) 
+                                string replaceFrom = element.ValueKind == JsonValueKind.Number
+                                    ? element.GetInt32().ToString(CultureInfo.InvariantCulture)
                                     : element.ToString()!;
 
                                 UpdatePropertyRepresents(
@@ -338,14 +333,15 @@ private static void ReadCodeSetting(
                     if (!string.IsNullOrEmpty(value))
                     {
                         // TODO: something more generic
-                        Uri authority = new Uri(value);
-                        string? tenantOrDomain = authority.LocalPath.Split('/', StringSplitOptions.RemoveEmptyEntries)[0];
-                        if (tenantOrDomain == "qualified.domain.name")
+                        if (Uri.TryCreate(value, UriKind.Absolute, out Uri? authority))
                         {
-                            tenantOrDomain = null;
+                            var tenantOrDomain = authority.LocalPath.Split('/', StringSplitOptions.RemoveEmptyEntries)[0];
+                            if (tenantOrDomain != "qualified.domain.name")
+                            {
+                                projectAuthenticationSettings.ApplicationParameters.Domain = tenantOrDomain;
+                                projectAuthenticationSettings.ApplicationParameters.TenantId = tenantOrDomain;
+                            }
                         }
-                        projectAuthenticationSettings.ApplicationParameters.Domain = tenantOrDomain;
-                        projectAuthenticationSettings.ApplicationParameters.TenantId = tenantOrDomain;
                     }
                     break;
                 case "Directory.Domain":
diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/ProjectModifier.cs b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/ProjectModifier.cs
index 6b9b25283..2b8c375cc 100644
--- a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/ProjectModifier.cs
+++ b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/CodeReaderWriter/ProjectModifier.cs
@@ -1,6 +1,8 @@
 using System;
+using System.Collections.Generic;
 using System.IO;
 using System.Linq;
+using System.Reflection;
 using System.Text;
 using System.Text.Json;
 using System.Threading.Tasks;
@@ -19,11 +21,13 @@ namespace Microsoft.DotNet.MSIdentity.CodeReaderWriter
     internal class ProjectModifier
     {
         private readonly ProvisioningToolOptions _toolOptions;
+        private readonly IEnumerable<string> _files;
         private readonly IConsoleLogger _consoleLogger;
 
-        public ProjectModifier(ProvisioningToolOptions toolOptions, IConsoleLogger consoleLogger)
+        public ProjectModifier(ProvisioningToolOptions toolOptions, IEnumerable<string> files, IConsoleLogger consoleLogger)
         {
             _toolOptions = toolOptions ?? throw new ArgumentNullException(nameof(toolOptions));
+            _files = files;
             _consoleLogger = consoleLogger ?? throw new ArgumentNullException(nameof(consoleLogger));
         }
 
@@ -53,7 +57,7 @@ public async Task AddAuthCodeAsync()
             }
 
             // Initialize CodeAnalysis.Project wrapper
-            CodeAnalysis.Project project = await CodeAnalysisHelper.LoadCodeAnalysisProjectAsync(_toolOptions.ProjectFilePath);
+            CodeAnalysis.Project project = await CodeAnalysisHelper.LoadCodeAnalysisProjectAsync(_toolOptions.ProjectFilePath, _files);
             if (project is null)
             {
                 return;
@@ -71,7 +75,7 @@ public async Task AddAuthCodeAsync()
             var filteredFiles = codeModifierConfig.Files.Where(f => ProjectModifierHelper.FilterOptions(f.Options, options));
             foreach (var file in filteredFiles)
             {
-                await HandleCodeFileAsync(file, project, options);
+                await HandleCodeFileAsync(file, project, options, codeModifierConfig.Identifier);
             }
         }
 
@@ -118,34 +122,39 @@ public async Task AddAuthCodeAsync()
             }
         }
 
-        private async Task HandleCodeFileAsync(CodeFile file, CodeAnalysis.Project project, CodeChangeOptions options)
+        private async Task HandleCodeFileAsync(CodeFile file, CodeAnalysis.Project project, CodeChangeOptions options, string identifier)
         {
             if (!string.IsNullOrEmpty(file.AddFilePath))
             {
-                AddFile(file);
+                AddFile(file, identifier);
             }
-            else if (file.FileName.EndsWith(".cs"))
-            {
-                await ModifyCsFile(file, project, options);
-            }
-            else if (file.FileName.EndsWith(".cshtml"))
-            {
-                await ModifyCshtmlFile(file, project, options);
-            }
-            else if (file.FileName.EndsWith(".razor"))
+            else
             {
-                await ModifyRazorFile(file, project, options);
+                switch (file.Extension)
+                {
+                    case "cs":
+                        await ModifyCsFile(file, project, options);
+                        break;
+                    case "cshtml":
+                        await ModifyCshtmlFile(file, project, options);
+                        break;
+                    case "razor":
+                    case "html":
+                        await ApplyTextReplacements(file, project, options);
+                        break;
+                }
             }
         }
 
         /// <summary>
         /// Determines if specified file exists, and if not then creates the 
         /// file based on template stored in AppProvisioningTool.Properties
-        /// and adds file to the project
+        /// then adds file to the project
         /// </summary>
         /// <param name="file"></param>
+        /// <param name="identifier"></param>
         /// <exception cref="FormatException"></exception>
-        private void AddFile(CodeFile file)
+        private void AddFile(CodeFile file, string identifier)
         {
             var filePath = Path.Combine(_toolOptions.ProjectPath, file.AddFilePath);
             if (File.Exists(filePath))
@@ -153,30 +162,41 @@ private void AddFile(CodeFile file)
                 return; // File exists, don't need to create
             }
 
-            // Resource names for addFiles prefixed with "add" and contain '_' in place of '.'
-            // e.g. fileName: "ShowProfile.razor" -> resourceName: "add_ShowProfile_razor"
-            var resourceName = file.FileName.Replace('.', '_');
-            var propertyInfo = AppProvisioningTool.Properties.Where(
-                p => p.Name.StartsWith("add") && p.Name.EndsWith(resourceName)).FirstOrDefault();
+            var codeFileString = GetCodeFileString(file, identifier);
+
+            var fileDir = Path.GetDirectoryName(filePath);
+            if (!string.IsNullOrEmpty(fileDir))
+            {
+                Directory.CreateDirectory(fileDir);
+                File.WriteAllText(filePath, codeFileString);
+            }
+        }
 
+        private string GetCodeFileString(CodeFile file, string identifier)
+        {
+            var propertyInfo = GetPropertyInfo(file.FileName, identifier);
             if (propertyInfo is null)
             {
-                return;
+                throw new FormatException($"Resource file for {file.FileName} could not be found. ");
             }
 
             byte[] content = (propertyInfo.GetValue(null) as byte[])!;
             string codeFileString = Encoding.UTF8.GetString(content);
             if (string.IsNullOrEmpty(codeFileString))
             {
-                throw new FormatException($"Resource file { propertyInfo.Name } could not be parsed. ");
+                throw new FormatException($"Resource file for {file.FileName} could not be parsed. ");
             }
 
-            var fileDir = Path.GetDirectoryName(filePath);
-            if (!string.IsNullOrEmpty(fileDir))
-            {
-                Directory.CreateDirectory(fileDir);
-                File.WriteAllText(filePath, codeFileString);
-            }
+            return codeFileString;
+        }
+
+        private PropertyInfo? GetPropertyInfo(string fileName, string identifier)
+        {
+            return AppProvisioningTool.Properties.Where(
+                p => p.Name.StartsWith("add")
+                && p.Name.Contains(identifier.Replace('-', '_')) // Resource files cannot have '-' (dash character)
+                && p.Name.Contains(fileName.Replace('.', '_'))) // Resource files cannot have '.' (period character)
+                .FirstOrDefault();
         }
 
         internal async Task ModifyCsFile(CodeFile file, CodeAnalysis.Project project, CodeChangeOptions options)
@@ -307,7 +327,14 @@ internal async Task ModifyCshtmlFile(CodeFile file, CodeAnalysis.Project project
             }
         }
 
-        internal async Task ModifyRazorFile(CodeFile file, CodeAnalysis.Project project, CodeChangeOptions toolOptions)
+        /// <summary>
+        /// Updates .razor and .html files via string replacement
+        /// </summary>
+        /// <param name="file"></param>
+        /// <param name="project"></param>
+        /// <param name="toolOptions"></param>
+        /// <returns></returns>
+        internal async Task ApplyTextReplacements(CodeFile file, CodeAnalysis.Project project, CodeChangeOptions toolOptions)
         {
             var document = project.Documents.Where(d => d.Name.EndsWith(file.FileName)).FirstOrDefault();
             if (document is null)
@@ -315,13 +342,13 @@ internal async Task ModifyRazorFile(CodeFile file, CodeAnalysis.Project project,
                 return;
             }
 
-            var razorChanges = file.RazorChanges.Where(cc => ProjectModifierHelper.FilterOptions(cc.Options, toolOptions));
-            if (!razorChanges.Any())
+            var replacements = file.Replacements.Where(cc => ProjectModifierHelper.FilterOptions(cc.Options, toolOptions));
+            if (!replacements.Any())
             {
                 return;
             }
 
-            var editedDocument = await ProjectModifierHelper.ModifyDocumentText(document, razorChanges);
+            var editedDocument = await ProjectModifierHelper.ModifyDocumentText(document, replacements);
             if (editedDocument != null)
             {
                 await ProjectModifierHelper.UpdateDocument(editedDocument, _consoleLogger);
diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/MicrosoftIdentityPlatform/AppSettingsModifier.cs b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/MicrosoftIdentityPlatform/AppSettingsModifier.cs
new file mode 100644
index 000000000..2309184ca
--- /dev/null
+++ b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/MicrosoftIdentityPlatform/AppSettingsModifier.cs
@@ -0,0 +1,308 @@
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using Microsoft.DotNet.MSIdentity.AuthenticationParameters;
+using Microsoft.DotNet.MSIdentity.Tool;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.DotNet.MSIdentity.MicrosoftIdentityPlatform
+{
+    internal class AppSettingsModifier
+    {
+        internal static string AppSettingsFileName = "appsettings.json";
+
+        internal static Dictionary<string, string?>? _propertiesDictionary;
+        internal static Dictionary<string, string?> PropertiesDictionary => _propertiesDictionary ??= new Dictionary<string, string?>(
+            typeof(DefaultProperties).GetFields().ToDictionary(x => x.Name, x => x.GetValue(x) as string));
+
+        public AppSettingsModifier(ProvisioningToolOptions provisioningToolOptions)
+        {
+            _provisioningToolOptions = provisioningToolOptions;
+        }
+
+        private readonly ProvisioningToolOptions _provisioningToolOptions;
+
+        /// <summary>
+        /// Adds 'AzureAd', 'MicrosoftGraph' or 'DownstreamAPI' sections as appropriate. Fills them with default values if empty. 
+        /// </summary>
+        /// <param name="applicationParameters"></param>
+        public void ModifyAppSettings(ApplicationParameters applicationParameters, IEnumerable<string> files)
+        {
+            // Default values can be found https://github.com/dotnet/aspnetcore/tree/main/src/ProjectTemplates/Web.ProjectTemplates/content
+            // waiting for https://github.com/dotnet/runtime/issues/29690 + https://github.com/dotnet/runtime/issues/31068 to switch over to System.Text.Json
+
+            /** TODO: 
+             *       string jsonText = Encoding.UTF8.GetString(fileContent);
+             * 
+             *      return JsonSerializer.Deserialize<ProjectDescription>(jsonText, serializerOptionsWithComments);
+             *      static readonly JsonSerializerOptions serializerOptionsWithComments = new JsonSerializerOptions()
+             *      {
+             *       ReadCommentHandling = JsonCommentHandling.Skip
+             *      };
+             */
+
+            _provisioningToolOptions.AppSettingsFilePath = GetAppSettingsFilePath(files);
+
+            JObject appSettings;
+            try
+            {
+                appSettings = JObject.Parse(System.IO.File.ReadAllText(_provisioningToolOptions.AppSettingsFilePath)) ?? new JObject();
+            }
+            catch
+            {
+                appSettings = new JObject();
+            }
+
+            var modifiedAppSettings = GetModifiedAppSettings(appSettings, applicationParameters);
+
+            // TODO: save comments somehow, only write to appsettings.json if changes are made
+            if (modifiedAppSettings != null)
+            {
+                System.IO.File.WriteAllText(_provisioningToolOptions.AppSettingsFilePath, modifiedAppSettings.ToString());
+            }
+        }
+
+        /// <summary>
+        /// First checks if default appsettings file exists, if not searches for the file.
+        /// If the file does not exist anywhere, it will be created later.
+        /// </summary>
+        private string GetAppSettingsFilePath(IEnumerable<string> files)
+        {
+            if (File.Exists(_provisioningToolOptions.AppSettingsFilePath))
+            {
+                return _provisioningToolOptions.AppSettingsFilePath!;
+            }
+
+            // In the majority of cases, this will give the correct appsettings file path
+            if (File.Exists(DefaultAppSettingsPath))
+            {
+                return DefaultAppSettingsPath;
+            }
+
+            // If default appsettings file does not exist, try to find it elsewhere
+            var filePath = files.Where(f => f.Contains(AppSettingsFileName)).FirstOrDefault();
+
+            // If not found, it will be created in the default location
+            return filePath ?? DefaultAppSettingsPath;
+        }
+
+        private string DefaultAppSettingsPath => _provisioningToolOptions.IsBlazorWasm
+        ? Path.Combine(_provisioningToolOptions.ProjectPath, "wwwroot", AppSettingsFileName)
+        : Path.Combine(_provisioningToolOptions.ProjectPath, AppSettingsFileName);
+
+        /// <summary>
+        /// Modifies AppSettings.json if necessary, helper method for testing
+        /// </summary>
+        /// <param name="appSettings"></param>
+        /// <param name="applicationParameters"></param>
+        /// <returns>appSettings JObject if changes were made, else null</returns>
+        internal JObject? GetModifiedAppSettings(JObject appSettings, ApplicationParameters applicationParameters)
+        {
+            bool changesMade = false;
+
+            // update Azure AD Block
+            var updatedAzureAdBlock = GetModifiedAzureAdBlock(appSettings, applicationParameters);
+            if (updatedAzureAdBlock != null)
+            {
+                changesMade = true;
+                appSettings["AzureAd"] = updatedAzureAdBlock;
+            }
+
+            if (_provisioningToolOptions.CallsGraph) // TODO blazor
+            {
+                // update MicrosoftGraph Block
+                var microsoftGraphBlock = GetModifiedMicrosoftGraphBlock(appSettings);
+                if (microsoftGraphBlock != null)
+                {
+                    changesMade = true;
+                    appSettings["MicrosoftGraph"] = microsoftGraphBlock;
+                }
+            }
+
+            if (_provisioningToolOptions.CallsDownstreamApi) // TODO blazor
+            {
+                // update DownstreamAPI Block
+                var updatedDownstreamApiBlock = GetModifiedDownstreamApiBlock(appSettings);
+                if (updatedDownstreamApiBlock != null)
+                {
+                    changesMade = true;
+                    appSettings["DownstreamApi"] = updatedDownstreamApiBlock;
+                }
+            }
+
+            return changesMade ? appSettings : null;
+        }
+
+        /// <summary>
+        /// 
+        /// </summary>
+        /// <param name="appSettings"></param>
+        /// <param name="applicationParameters"></param>
+        /// <returns></returns>
+        private JToken? GetModifiedAzureAdBlock(JObject appSettings, ApplicationParameters applicationParameters)
+        {
+            if (!appSettings.TryGetValue("AzureAd", out var azureAdToken))
+            {
+                // Create and return AzureAd block if none exists, differs for Blazor apps
+                return DefaultAzureAdBlock(applicationParameters);
+            }
+
+            bool changesMade = ModifyAppSettingsToken(azureAdToken, AzureAdBlock(applicationParameters));
+
+            if (_provisioningToolOptions.CallsGraph || _provisioningToolOptions.CallsDownstreamApi)
+            {
+                changesMade |= ModifyCredentials(azureAdToken);
+            }
+
+            return changesMade ? azureAdToken : null;
+        }
+
+        /// <summary>
+        /// Create and return AzureAd block when none exists, fields differ for Blazor apps
+        /// </summary>
+        /// <param name="applicationParameters"></param>
+        /// <param name="isBlazorWasm"></param>
+        /// <returns></returns>
+        private JToken DefaultAzureAdBlock(ApplicationParameters applicationParameters)
+        {
+            return applicationParameters.IsBlazorWasm ? JToken.FromObject(new
+            {
+                Authority = applicationParameters.Authority ?? DefaultProperties.Authority,
+                ClientId = applicationParameters.ClientId ?? DefaultProperties.ClientId,
+                DefaultProperties.ValidateAuthority
+            }) : JToken.FromObject(new
+            {
+                Domain = applicationParameters.Domain ?? DefaultProperties.Domain,
+                TenantId = applicationParameters.TenantId ?? DefaultProperties.TenantId,
+                ClientId = applicationParameters.ClientId ?? DefaultProperties.ClientId,
+                Instance = applicationParameters.Instance ?? DefaultProperties.Instance,
+                CallbackPath = applicationParameters.CallbackPath ?? DefaultProperties.CallbackPath
+            });
+        }
+
+        // TODO: Consider using objects rather than dictionaries
+        Dictionary<string, string?> AzureAdBlock(ApplicationParameters parameters) =>
+           parameters.IsBlazorWasm ? new Dictionary<string, string?>
+           {
+                { PropertyNames.Authority,  $"{DefaultProperties.Instance}{parameters.TenantId}" },
+                { PropertyNames.ClientId, parameters.ClientId },
+                { PropertyNames.ValidateAuthority, DefaultProperties.ValidateAuthority.ToString() },
+           } : new Dictionary<string, string?>
+           {
+                { PropertyNames.Domain,  parameters.Domain },
+                { PropertyNames.TenantId, parameters.TenantId },
+                { PropertyNames.ClientId, parameters.ClientId },
+                { PropertyNames.Instance, parameters.Instance },
+                { PropertyNames.CallbackPath, parameters.CallbackPath }
+           };
+
+        private bool ModifyAppSettingsToken(JToken token, Dictionary<string, string?> inputProperties)
+        {
+            bool changesMade = false;
+            foreach ((string propertyName, string? newValue) in inputProperties)
+            {
+                changesMade |= UpdateIfNecessary(token, propertyName, newValue);
+            }
+
+            return changesMade;
+        }
+
+        private bool ModifyCredentials(JToken azureAdToken)
+        {
+            bool changesMade = false;
+            if (azureAdToken[PropertyNames.ClientSecret] == null)
+            {
+                changesMade = true;
+                azureAdToken[PropertyNames.ClientSecret] = DefaultProperties.ClientSecret;
+            }
+            if (azureAdToken[PropertyNames.ClientCertificates] == null)
+            {
+                changesMade = true;
+                azureAdToken[PropertyNames.ClientCertificates] = new JArray();
+            }
+
+            return changesMade;
+        }
+
+        private JToken? GetModifiedMicrosoftGraphBlock(JObject appSettings)
+        {
+            if (!appSettings.TryGetValue("MicrosoftGraph", out var microsoftGraphToken))
+            {
+                return DefaultApiBlock;
+            }
+
+            var inputParameters = new Dictionary<string, string?>
+            {
+                { PropertyNames.Scopes, DefaultProperties.MicrosoftGraphScopes },
+                { PropertyNames.BaseUrl, DefaultProperties.MicrosoftGraphBaseUrl }
+            };
+
+            return ModifyAppSettingsToken(microsoftGraphToken, inputParameters) ? microsoftGraphToken : null;
+        }
+
+        private JToken? GetModifiedDownstreamApiBlock(JObject appSettings)
+        {
+            if (!appSettings.TryGetValue("DownstreamApi", out var downstreamApiToken))
+            {
+                return DefaultApiBlock;
+            }
+
+            var inputParameters = new Dictionary<string, string?>
+            {
+                { PropertyNames.Scopes, string.Empty }, // Only update if a value is not already present
+                { PropertyNames.BaseUrl, string.Empty }
+            };
+
+            return ModifyAppSettingsToken(downstreamApiToken, inputParameters) ? downstreamApiToken : null;
+        }
+
+        private JToken DefaultApiBlock => JToken.FromObject(new
+        {
+            BaseUrl = DefaultProperties.MicrosoftGraphBaseUrl,
+            Scopes = DefaultProperties.MicrosoftGraphScopes
+        });
+
+        /// <summary>
+        /// Updates property in appSettings block when either there is no existing property or the existing property does not match
+        /// </summary>
+        /// <param name="token"></param>
+        /// <param name="propertyName"></param>
+        /// <param name="newValue"></param>
+        /// <returns></returns>
+        private bool UpdateIfNecessary(JToken token, string propertyName, string? newValue)
+        {
+            var existingValue = token[propertyName]?.ToString();
+            var update = GetUpdatedValue(propertyName, existingValue, newValue);
+            if (update != null)
+            {
+                token[propertyName] = update;
+                return true;
+            }
+
+            return false;
+        }
+
+        /// <summary>
+        /// Helper method for unit tests
+        /// </summary>
+        /// <param name="inputProperty"></param>
+        /// <param name="existingProperties"></param>
+        /// <returns></returns>
+        internal static string? GetUpdatedValue(string propertyName, string? existingValue, string? newValue)
+        {
+            // If there is no existing property, update 
+            if (string.IsNullOrEmpty(existingValue))
+            {
+                return string.IsNullOrEmpty(newValue) ? PropertiesDictionary.GetValueOrDefault(propertyName) : newValue;
+            }
+
+            // If newValue exists and it differs from the existing property, update value
+            if (!string.IsNullOrEmpty(newValue) && !newValue.Equals(existingValue))
+            {
+                return newValue;
+            }
+
+            return null; // No updates necessary
+        }
+    }
+}
diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/MicrosoftIdentityPlatform/MicrosoftIdentityPlatformApplicationManager.cs b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/MicrosoftIdentityPlatform/MicrosoftIdentityPlatformApplicationManager.cs
index dbc0a8dbd..e226dc549 100644
--- a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/MicrosoftIdentityPlatform/MicrosoftIdentityPlatformApplicationManager.cs
+++ b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/MicrosoftIdentityPlatform/MicrosoftIdentityPlatformApplicationManager.cs
@@ -58,7 +58,7 @@ public class MicrosoftIdentityPlatformApplicationManager
             {
                 AddWebAppPlatform(application, applicationParameters);
             }
-            else if (applicationParameters.IsBlazorWasm.GetValueOrDefault())
+            else if (applicationParameters.IsBlazorWasm)
             {
                 // In .NET Core 3.1, Blazor uses MSAL.js 1.x (web redirect URIs)
                 // whereas in .NET 5.0 and .NET 6.0, Blazor uses MSAL.js 2.x (SPA redirect URIs)
@@ -114,7 +114,7 @@ await AddAdminConsentToApiPermissions(
                 await ExposeScopes(graphServiceClient, createdApplication);
 
                 // Blazorwasm hosted: add permission to server web API from client SPA
-                if (applicationParameters.IsBlazorWasm.GetValueOrDefault())
+                if (applicationParameters.IsBlazorWasm)
                 {
                     await AddApiPermissionFromBlazorwasmHostedSpaToServerApi(
                         graphServiceClient,
@@ -254,7 +254,7 @@ internal async Task<JsonResponse> UpdateApplication(
             var updatedApp = new Application
             {
                 Web = existingApplication.Web ?? new WebApplication(),
-                Spa = toolOptions.IsBlazorWasm ? existingApplication.Spa ?? new SpaApplication() : existingApplication.Spa 
+                Spa = toolOptions.IsBlazorWasm ? existingApplication.Spa ?? new SpaApplication() : existingApplication.Spa
             };
 
             // Make updates if necessary
@@ -605,7 +605,7 @@ private static void AddWebAppPlatform(Application application, ApplicationParame
 
             // Explicit usage of MicrosoftGraph openid and offline_access in the case of Azure AD B2C.
             if (applicationParameters.IsB2C &&
-                (applicationParameters.IsWebApp.GetValueOrDefault() || applicationParameters.IsBlazorWasm.GetValueOrDefault()))
+                (applicationParameters.IsWebApp.GetValueOrDefault() || applicationParameters.IsBlazorWasm))
             {
                 applicationParameters.CalledApiScopes ??= string.Empty;
                 if (!applicationParameters.CalledApiScopes.Contains("openid"))
@@ -633,7 +633,6 @@ private async Task AddPermission(
             List<RequiredResourceAccess> apiRequests,
             IGrouping<string, ResourceAndScope> g)
         {
-
             var spsWithScopes = await graphServiceClient.ServicePrincipals
                 .Request()
                 .Filter($"servicePrincipalNames/any(t: t eq '{g.Key}')")
@@ -793,18 +792,17 @@ private ApplicationParameters GetEffectiveApplicationParameters(
                 IsAAD = !isB2C,
                 IsB2C = isB2C,
                 HasAuthentication = true,
-                IsWebApi = application.Api != null
-                        && (application.Api.Oauth2PermissionScopes != null && application.Api.Oauth2PermissionScopes.Any())
-                        || (application.AppRoles != null && application.AppRoles.Any()),
-                IsWebApp = application.Web != null,
-                IsBlazorWasm = application.Spa != null, // TODO: note that just because an app registration has SPA does not imply that we are currently in a blazor wasm project
+                IsWebApi = application.Api?.Oauth2PermissionScopes?.Any() is true || application.AppRoles?.Any() is true,
                 TenantId = tenant.Id,
-                Domain = tenant.VerifiedDomains.FirstOrDefault(v => v.IsDefault.HasValue && v.IsDefault.Value)?.Name,
+                Domain = tenant.VerifiedDomains.FirstOrDefault(v => v.IsDefault.GetValueOrDefault())?.Name,
                 CallsMicrosoftGraph = application.RequiredResourceAccess.Any(r => r.ResourceAppId == MicrosoftGraphAppId) && !isB2C,
                 CallsDownstreamApi = application.RequiredResourceAccess.Any(r => r.ResourceAppId != MicrosoftGraphAppId),
                 LogoutUrl = application.Web?.LogoutUrl,
                 GraphEntityId = application.Id,
+
                 // Parameters that cannot be infered from the registered app
+                IsWebApp = originalApplicationParameters.IsWebApp, // TODO
+                IsBlazorWasm = originalApplicationParameters.IsBlazorWasm,
                 SusiPolicy = originalApplicationParameters.SusiPolicy,
                 SecretsId = originalApplicationParameters.SecretsId,
                 TargetFramework = originalApplicationParameters.TargetFramework,
diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescription/MatchesForProjectType.cs b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescription/MatchesForProjectType.cs
index c16c7e05e..1ce4373dc 100644
--- a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescription/MatchesForProjectType.cs
+++ b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescription/MatchesForProjectType.cs
@@ -1,4 +1,4 @@
-﻿// Copyright (c) Microsoft Corporation. All rights reserved.
+// Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
 using System.Globalization;
@@ -17,10 +17,13 @@ public string? FileRelativePath
         private string? _fileRelativePath;
 
         public string[]? MatchAny { get; set; }
+
         public string? Sets { get; set; }
 
         public string? FolderRelativePath { get; set; }
 
+        public string? FileExtension { get; set; }
+
         /// <summary>
         /// Either FileRelativePath is defined, along with MatchAny
         /// Or FolderRelativePath is defined
diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescription/ProjectDescription.cs b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescription/ProjectDescription.cs
index 6bd6b9a39..8555cec80 100644
--- a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescription/ProjectDescription.cs
+++ b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescription/ProjectDescription.cs
@@ -49,21 +49,27 @@ public bool IsValid()
         }
 
         public ConfigurationProperties[]? ConfigurationProperties { get; set; }
-        
-        public MatchesForProjectType[]? MatchesForProjectType { get;set; }
+
+        public MatchesForProjectType[]? MatchesForProjectType { get; set; }
 
         public ProjectDescription? GetBasedOnProject(IEnumerable<ProjectDescription> projects)
         {
+            if (string.IsNullOrEmpty(BasedOnProjectDescription))
+            {
+                return null;
+            }
+
             if (projects is null)
             {
                 throw new ArgumentNullException(nameof(projects));
             }
 
             ProjectDescription? baseProject = projects.FirstOrDefault(p => p.Identifier == BasedOnProjectDescription);
-            if (!string.IsNullOrEmpty(BasedOnProjectDescription) && baseProject == null)
+            if (baseProject == null)
             {
-                throw new FormatException($"In Project {ProjectRelativeFolder} BasedOn = {BasedOnProjectDescription} could not be found. ");
+                throw new FormatException($"BasedOnProjectDescription = {BasedOnProjectDescription} could not be found in project {ProjectRelativeFolder} . ");
             }
+
             return baseProject;
         }
 
@@ -96,9 +102,8 @@ public IEnumerable<ConfigurationProperties> GetMergedConfigurationProperties(IEn
         /// <returns></returns>
         public IEnumerable<MatchesForProjectType> GetMergedMatchesForProjectType(IEnumerable<ProjectDescription> projects)
         {
-            IEnumerable<MatchesForProjectType> configurationProperties = GetBasedOnProject(projects)?.GetMergedMatchesForProjectType(projects) ?? new MatchesForProjectType[0];
-            IEnumerable<MatchesForProjectType> allConfigurationProperties = MatchesForProjectType != null ? configurationProperties.Union(MatchesForProjectType) : configurationProperties;
-            return allConfigurationProperties;
+            var configurationProperties = GetBasedOnProject(projects)?.GetMergedMatchesForProjectType(projects) ?? new MatchesForProjectType[0];
+            return MatchesForProjectType?.Union(configurationProperties) ?? configurationProperties;
         }
     }
 }
diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescription/ProjectDescriptionReader.cs b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescription/ProjectDescriptionReader.cs
index 8b102070b..3e4ff8653 100644
--- a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescription/ProjectDescriptionReader.cs
+++ b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescription/ProjectDescriptionReader.cs
@@ -13,27 +13,31 @@ namespace Microsoft.DotNet.MSIdentity.Project
 {
     public class ProjectDescriptionReader
     {
-        public List<ProjectDescription> projectDescriptions { get; private set; } = new List<ProjectDescription>();
+        private const string ProjectTypeIdSuffix = "dotnet-";
 
-        public ProjectDescription? GetProjectDescription(string projectTypeIdentifier, string projectPath)
+        private readonly IEnumerable<string> _files;
+        public List<ProjectDescription> ProjectDescriptions { get; }
+
+        public ProjectDescriptionReader(IEnumerable<string> files)
+        {
+            _files = files;
+            ProjectDescriptions = InitializeProjectDescriptions();
+        }
+
+        public ProjectDescription? GetProjectDescription(string projectTypeIdentifier)
         {
             string? projectTypeId = projectTypeIdentifier;
-            if (string.IsNullOrEmpty(projectTypeId) || projectTypeId == "dotnet-")
+            if (string.IsNullOrEmpty(projectTypeId) || projectTypeId == ProjectTypeIdSuffix)
             {
-                projectTypeId = InferProjectType(projectPath);
+                projectTypeId = InferProjectType();
             }
 
             return projectTypeId != null ? ReadProjectDescription(projectTypeId) : null;
         }
 
-        private ProjectDescription? ReadProjectDescription(string projectTypeIdentifier)
-        {
-            ReadProjectDescriptions();
+        private ProjectDescription? ReadProjectDescription(string identifier) => ProjectDescriptions.FirstOrDefault(p => p.Identifier == identifier);
 
-            return projectDescriptions.FirstOrDefault(projectDescription => projectDescription.Identifier == projectTypeIdentifier);
-        }
-
-        static JsonSerializerOptions serializerOptionsWithComments = new JsonSerializerOptions()
+        static readonly JsonSerializerOptions serializerOptionsWithComments = new JsonSerializerOptions
         {
             ReadCommentHandling = JsonCommentHandling.Skip
         };
@@ -44,83 +48,94 @@ public class ProjectDescriptionReader
             return JsonSerializer.Deserialize<ProjectDescription>(jsonText, serializerOptionsWithComments);
         }
 
-        private string? InferProjectType(string projectPath)
+        private string? InferProjectType()
         {
-            ReadProjectDescriptions();
-
             // TODO: could be both a Web app and WEB API.
-            foreach (ProjectDescription projectDescription in projectDescriptions.Where(p => p.GetMergedMatchesForProjectType(projectDescriptions) != null))
+            foreach (ProjectDescription projectDescription in ProjectDescriptions)
             {
-                var matchesForProjectTypes = projectDescription.GetMergedMatchesForProjectType(projectDescriptions);
-                if (projectDescription.MatchesForProjectType != null)
+                var mergedMatches = projectDescription.GetMergedMatchesForProjectType(ProjectDescriptions);
+                var foundMatches = mergedMatches.Where(matches => HasMatch(matches));
+                if (foundMatches.Any())
                 {
-                    foreach (MatchesForProjectType matchesForProjectType in matchesForProjectTypes)
-                    {
-                        if (!string.IsNullOrEmpty(matchesForProjectType.FileRelativePath))
-                        {
-                            IEnumerable<string> files;
-
-                            try
-                            {
-                                files = Directory.EnumerateFiles(projectPath, matchesForProjectType.FileRelativePath);
-                            }
-                            catch (DirectoryNotFoundException)
-                            {
-                                files = new string[0];
-                            }
-                            foreach (string filePath in files)
-                            {
-                                // If there are matches, one at least needs to match
-                                if (matchesForProjectType.MatchAny != null)
-                                {
-                                    string fileContent = File.ReadAllText(filePath);
-                                    foreach (string match in matchesForProjectType.MatchAny!) // Valid project => 
-                                    {
-                                        if (fileContent.Contains(match))
-                                        {
-                                            return projectDescription.Identifier!;
-                                        }
-                                    }
-                                }
-
-                                // If MatchAny is null, then the presence of a file is enough
-                                else
-                                {
-                                    return projectDescription.Identifier!;
-                                }
-                            }
-                        }
-
-                        if (matchesForProjectType.FolderRelativePath != null)
-                        {
-                            try
-                            {
-                                if (Directory.EnumerateDirectories(projectPath, matchesForProjectType.FolderRelativePath).Any())
-                                {
-                                    return projectDescription.Identifier!;
-                                }
-                            }
-                            catch
-                            {
-                                // No folder
-                            }
-                        }
-                    }
+                    return projectDescription.Identifier;
                 }
             }
+
             return null;
         }
 
-        private void ReadProjectDescriptions()
+        /// <summary>
+        /// Checks for a match given a list of matches and a list of files
+        /// </summary>
+        /// <param name="matches"></param>
+        /// <returns></returns>
+        private bool HasMatch(MatchesForProjectType matches)
+        {
+            if (string.IsNullOrEmpty(matches.FileRelativePath))
+            {
+                return HasMatchingDirectory(matches.FolderRelativePath, matches.FileExtension, matches.MatchAny);
+            }
+
+            return HasFileWithMatch(matches.FileRelativePath, matches.FolderRelativePath, matches.MatchAny);
+        }
+
+        private bool HasMatchingDirectory(string? folderRelativePath, string? fileExtension, string[]? matchAny)
+        {
+            if (string.IsNullOrEmpty(folderRelativePath))
+            {
+                return false;
+            }
+
+            var matchingPaths = _files.Where(file => DirectoryMatches(file, folderRelativePath, fileExtension));
+
+            return AnyFileContainsMatch(matchAny, matchingPaths);
+        }
+
+        private bool HasFileWithMatch(string fileRelativePath, string? folderRelativePath, string[]? matchAny)
         {
-            if (projectDescriptions.Any())
+            var matchingFilePaths = _files.Where(filePath => Path.GetFileName(filePath).Equals(fileRelativePath, StringComparison.OrdinalIgnoreCase));
+
+            if (!string.IsNullOrEmpty(folderRelativePath))
             {
-                return;
+                matchingFilePaths = matchingFilePaths.Where(filePath => DirectoryMatches(filePath, folderRelativePath));
             }
 
+            return AnyFileContainsMatch(matchAny, matchingFilePaths);
+        }
+
+        private bool DirectoryMatches(string filePath, string folderRelativePath, string? fileExtension = null)
+        {
+            var directoryPath = Path.GetDirectoryName(filePath);
+            var folderFound = directoryPath?.Contains(folderRelativePath, StringComparison.OrdinalIgnoreCase) ?? false;
+            var extensionMatches = fileExtension?.Equals(Path.GetExtension(filePath)) ?? true; // If extension is null, no need to match
+
+            return folderFound && extensionMatches;
+        }
+
+        private bool AnyFileContainsMatch(string[]? matchAny, IEnumerable<string> matchingPaths)
+        {
+            if (matchAny is null)
+            {
+                return matchingPaths.Any();
+            }
+
+            var matchingFiles = matchingPaths.Where(filePath => FileMatches(filePath, matchAny));
+            return matchingFiles.Any(); // If MatchAny is not null, at least file needs to contain a match
+        }
+
+        private bool FileMatches(string filePath, string[] matchAny)
+        {
+            var fileContent = File.ReadAllText(filePath);
+            var fileMatches = matchAny.Where(match => fileContent.Contains(match, StringComparison.OrdinalIgnoreCase));
+            return fileMatches.Any();
+        }
+
+        public List<ProjectDescription> InitializeProjectDescriptions()
+        {
+            var projectDescriptions = new List<ProjectDescription>();
             foreach (PropertyInfo propertyInfo in AppProvisioningTool.Properties)
             {
-                if (!(propertyInfo.Name.StartsWith("cm") || propertyInfo.Name.StartsWith("add"))) 
+                if (!(propertyInfo.Name.StartsWith("cm") || propertyInfo.Name.StartsWith("add")))
                 {
                     byte[] content = (propertyInfo.GetValue(null) as byte[])!;
                     ProjectDescription? projectDescription = ReadDescriptionFromFileContent(content);
@@ -133,12 +148,14 @@ private void ReadProjectDescriptions()
                     {
                         throw new FormatException($"Resource file {propertyInfo.Name} is missing Identitier or ProjectRelativeFolder is null. ");
                     }
+
                     projectDescriptions.Add(projectDescription);
                 }
             }
 
-            // TODO: provide an extension mechanism to add such files outside the tool.
-            // In that case the validation would not be an exception? but would need to provide error messages
+            return projectDescriptions;
+            //  TODO: provide an extension mechanism to add such files outside the tool.
+            //     In that case the validation would not be an exception? but would need to provide error messages
         }
     }
 }
diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescriptions/dotnet_blazorwasm.json b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescriptions/dotnet_blazorwasm.json
index 16f92f559..a21eeb03e 100644
--- a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescriptions/dotnet_blazorwasm.json
+++ b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescriptions/dotnet_blazorwasm.json
@@ -2,6 +2,18 @@
   "Identifier": "dotnet-blazorwasm",
   "ProjectRelativeFolder": "",
   "BasedOnProjectDescription": "",
+  "MatchesForProjectType": [
+    {
+      "FileRelativePath": "Program.cs",
+      "MatchAny": [ "WebAssemblyHostBuilder.CreateDefault" ],
+      "Sets": "IsBlazorWasm"
+    },
+    {
+      "FolderRelativePath": "Pages",
+      "FileExtension": ".razor",
+      "Sets": "IsBlazorWasm"
+    }
+  ],
   "ConfigurationProperties": [
     {
       "FileRelativePath": "wwwroot\\appsettings.json",
@@ -145,11 +157,7 @@
       ]
     }
   ],
-  "MatchesForProjectType": [
-    {
-      "FileRelativePath": "Program.cs",
-      "MatchAny": [ "WebAssemblyHostBuilder.CreateDefault" ],
-      "Sets": "IsBlazorWasm"
-    }
+  "CommonPackages": [
+    "Microsoft.Authentication.WebAssembly.Msal"
   ]
 }
diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescriptions/dotnet_blazorwasm_hosted.json b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescriptions/dotnet_blazorwasm_hosted.json
index 8ac701e37..53bbac13a 100644
--- a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescriptions/dotnet_blazorwasm_hosted.json
+++ b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescriptions/dotnet_blazorwasm_hosted.json
@@ -6,12 +6,14 @@
   ],
   "MatchesForProjectType": [
     {
-      "FileRelativePath": "Client\\Program.cs",
+      "FileRelativePath": "Program.cs",
+      "FolderRelativePath": "Client",
       "MatchAny": [ "WebAssemblyHostBuilder.CreateDefault" ],
       "Sets": "IsBlazorWasm"
     },
     {
-      "FileRelativePath": "Server\\Controllers\\*.cs",
+      "FolderRelativePath":"Server\\Controllers",
+      "FileExtension": ".cs",
       "MatchAny": [ "[ApiController]" ],
       "Sets": "IsWebApi"
     }
diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescriptions/dotnet_webapi.json b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescriptions/dotnet_webapi.json
index 86fe0975b..9c77f887c 100644
--- a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescriptions/dotnet_webapi.json
+++ b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescriptions/dotnet_webapi.json
@@ -4,13 +4,18 @@
   "BasedOnProjectDescription": "dotnet-web",
   "MatchesForProjectType": [
     {
-      "FileRelativePath": "Controllers\\*.cs",
+      "FolderRelativePath": "Controllers",
+      "FileExtension":".cs",
       "MatchAny": [ "[ApiController]" ],
       "Sets": "IsWebApi"
     },
     {
       "FileRelativePath": "Startup.cs",
       "MatchAny": [ ".AddAzureAdBearer", ".AddMicrosoftIdentityWebApi", ".AddMicrosoftIdentityWebApiAuthentication" ]
+    },
+    {
+      "FileRelativePath": "Program.cs",
+      "MatchAny": [ ".AddAzureAdBearer", ".AddMicrosoftIdentityWebApi", ".AddMicrosoftIdentityWebApiAuthentication" ]
     }
   ],
   "ConfigurationProperties": [
diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescriptions/dotnet_webapp.json b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescriptions/dotnet_webapp.json
index 321583f01..1bd53f642 100644
--- a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescriptions/dotnet_webapp.json
+++ b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/ProjectDescriptions/dotnet_webapp.json
@@ -12,7 +12,8 @@
       "Sets": "IsWebApp"
     },
     {
-      "FileRelativePath": "Pages\\*.cshtml",
+      "FolderRelativePath": "Pages",
+      "FileExtension": ".cshtml",
       "Sets": "IsWebApp"
     }
   ],
diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/Properties/Resources.Designer.cs b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/Properties/Resources.Designer.cs
index d97cddfac..2f9e85757 100644
--- a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/Properties/Resources.Designer.cs
+++ b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/Properties/Resources.Designer.cs
@@ -63,9 +63,9 @@ internal Resources() {
         /// <summary>
         ///   Looks up a localized resource of type System.Byte[].
         /// </summary>
-        internal static byte[] add_CallWebApi_razor {
+        internal static byte[] add_dotnet_blazorserver_CallWebApi_razor {
             get {
-                object obj = ResourceManager.GetObject("add_CallWebApi_razor", resourceCulture);
+                object obj = ResourceManager.GetObject("add_dotnet_blazorserver_CallWebApi_razor", resourceCulture);
                 return ((byte[])(obj));
             }
         }
@@ -73,9 +73,9 @@ internal static byte[] add_CallWebApi_razor {
         /// <summary>
         ///   Looks up a localized resource of type System.Byte[].
         /// </summary>
-        internal static byte[] add_LoginDisplay_razor {
+        internal static byte[] add_dotnet_blazorserver_LoginDisplay_razor {
             get {
-                object obj = ResourceManager.GetObject("add_LoginDisplay_razor", resourceCulture);
+                object obj = ResourceManager.GetObject("add_dotnet_blazorserver_LoginDisplay_razor", resourceCulture);
                 return ((byte[])(obj));
             }
         }
@@ -83,9 +83,39 @@ internal static byte[] add_LoginDisplay_razor {
         /// <summary>
         ///   Looks up a localized resource of type System.Byte[].
         /// </summary>
-        internal static byte[] add_ShowProfile_razor {
+        internal static byte[] add_dotnet_blazorserver_ShowProfile_razor {
             get {
-                object obj = ResourceManager.GetObject("add_ShowProfile_razor", resourceCulture);
+                object obj = ResourceManager.GetObject("add_dotnet_blazorserver_ShowProfile_razor", resourceCulture);
+                return ((byte[])(obj));
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized resource of type System.Byte[].
+        /// </summary>
+        internal static byte[] add_dotnet_blazorwasm_Authentication_razor {
+            get {
+                object obj = ResourceManager.GetObject("add_dotnet_blazorwasm_Authentication_razor", resourceCulture);
+                return ((byte[])(obj));
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized resource of type System.Byte[].
+        /// </summary>
+        internal static byte[] add_dotnet_blazorwasm_LoginDisplay_razor {
+            get {
+                object obj = ResourceManager.GetObject("add_dotnet_blazorwasm_LoginDisplay_razor", resourceCulture);
+                return ((byte[])(obj));
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized resource of type System.Byte[].
+        /// </summary>
+        internal static byte[] add_dotnet_blazorwasm_RedirectToLogin_razor {
+            get {
+                object obj = ResourceManager.GetObject("add_dotnet_blazorwasm_RedirectToLogin_razor", resourceCulture);
                 return ((byte[])(obj));
             }
         }
diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/Properties/Resources.resx b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/Properties/Resources.resx
index 91c30ca5f..68e2bab30 100644
--- a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/Properties/Resources.resx
+++ b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/Properties/Resources.resx
@@ -124,15 +124,24 @@
     <value>Adding package {0} . . .</value>
   </data>
   <assembly alias="System.Windows.Forms" name="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
-  <data name="add_CallWebApi_razor" type="System.Resources.ResXFileRef, System.Windows.Forms">
+  <data name="add_dotnet_blazorserver_CallWebApi_razor" type="System.Resources.ResXFileRef, System.Windows.Forms">
     <value>..\CodeReaderWriter\CodeFiles\Blazor\Server\CallWebApi.razor;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </data>
-  <data name="add_LoginDisplay_razor" type="System.Resources.ResXFileRef, System.Windows.Forms">
+  <data name="add_dotnet_blazorserver_LoginDisplay_razor" type="System.Resources.ResXFileRef, System.Windows.Forms">
     <value>..\CodeReaderWriter\CodeFiles\Blazor\Server\LoginDisplay.razor;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </data>
-  <data name="add_ShowProfile_razor" type="System.Resources.ResXFileRef, System.Windows.Forms">
+  <data name="add_dotnet_blazorserver_ShowProfile_razor" type="System.Resources.ResXFileRef, System.Windows.Forms">
     <value>..\CodeReaderWriter\CodeFiles\Blazor\Server\ShowProfile.razor;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </data>
+  <data name="add_dotnet_blazorwasm_Authentication_razor" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>..\CodeReaderWriter\CodeFiles\Blazor\wasm\Authentication.razor;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </data>
+  <data name="add_dotnet_blazorwasm_LoginDisplay_razor" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>..\CodeReaderWriter\CodeFiles\Blazor\wasm\LoginDisplay.razor;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </data>
+  <data name="add_dotnet_blazorwasm_RedirectToLogin_razor" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>..\CodeReaderWriter\CodeFiles\Blazor\wasm\RedirectToLogin.razor;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </data>
   <data name="AuthNotEnabled" xml:space="preserve">
     <value>Authentication is not enabled yet in this project. An app registration will be created, but the tool does not add the code yet (work in progress).</value>
   </data>
diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/Tool/AppProvisioningTool.cs b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/Tool/AppProvisioningTool.cs
index fce5b0722..0aeef1832 100644
--- a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/Tool/AppProvisioningTool.cs
+++ b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/Tool/AppProvisioningTool.cs
@@ -10,13 +10,13 @@
 using Microsoft.DotNet.MSIdentity.AuthenticationParameters;
 using Microsoft.DotNet.MSIdentity.CodeReaderWriter;
 using Microsoft.DotNet.MSIdentity.DeveloperCredentials;
+using Microsoft.DotNet.MSIdentity.MicrosoftIdentityPlatform;
 using Microsoft.DotNet.MSIdentity.MicrosoftIdentityPlatformApplication;
 using Microsoft.DotNet.MSIdentity.Project;
 using Microsoft.DotNet.MSIdentity.Properties;
 using Microsoft.DotNet.MSIdentity.Shared;
 using Microsoft.DotNet.MSIdentity.Tool;
 using Microsoft.Graph;
-using Newtonsoft.Json.Linq;
 using Directory = System.IO.Directory;
 using ProjectDescription = Microsoft.DotNet.MSIdentity.Project.ProjectDescription;
 
@@ -27,19 +27,26 @@ namespace Microsoft.DotNet.MSIdentity
     /// </summary>
     public class AppProvisioningTool : IMsAADTool
     {
-        internal IConsoleLogger ConsoleLogger { get; }
-
         private ProvisioningToolOptions ProvisioningToolOptions { get; set; }
-
         private string CommandName { get; }
-
         private MicrosoftIdentityPlatformApplicationManager MicrosoftIdentityPlatformApplicationManager { get; } = new MicrosoftIdentityPlatformApplicationManager();
+        internal AppSettingsModifier AppSettingsModifier { get => new AppSettingsModifier(ProvisioningToolOptions); }
 
         internal static PropertyInfo[]? _properties;
         internal static PropertyInfo[] Properties => _properties ??= typeof(Resources).GetProperties(BindingFlags.Static | BindingFlags.NonPublic)
             .Where(p => p.PropertyType == typeof(byte[])).ToArray();
 
-        private ProjectDescriptionReader ProjectDescriptionReader { get; } = new ProjectDescriptionReader();
+        internal IEnumerable<string>? _files;
+        internal IEnumerable<string> Files => _files ??=
+            Directory.EnumerateFiles(ProvisioningToolOptions.ProjectPath, "*.cs", SearchOption.AllDirectories)
+            .Concat(Directory.EnumerateFiles(ProvisioningToolOptions.ProjectPath, "*.cshtml", SearchOption.AllDirectories))
+            .Concat(Directory.EnumerateFiles(ProvisioningToolOptions.ProjectPath, "*.razor", SearchOption.AllDirectories))
+            .Concat(Directory.EnumerateFiles(ProvisioningToolOptions.ProjectPath, "*.html", SearchOption.AllDirectories));
+
+        internal IConsoleLogger ConsoleLogger { get; }
+
+        private ProjectDescriptionReader? _projectDescriptionReader;
+        private ProjectDescriptionReader ProjectDescriptionReader => _projectDescriptionReader ??= new ProjectDescriptionReader(Files);
 
         public AppProvisioningTool(string commandName, ProvisioningToolOptions provisioningToolOptions)
         {
@@ -50,41 +57,30 @@ public AppProvisioningTool(string commandName, ProvisioningToolOptions provision
 
         public async Task<ApplicationParameters?> Run()
         {
-            //get csproj file path
+            // Get csproj file path if it is not input from the tool
             if (string.IsNullOrEmpty(ProvisioningToolOptions.ProjectFilePath))
             {
+                // Enumerate all files because we do not yet know the correct ProjectPath, later we cache all files and pass the list around
                 var csProjfiles = Directory.EnumerateFiles(ProvisioningToolOptions.ProjectPath, "*.csproj");
-                if (csProjfiles.Any())
+                if (csProjfiles is null || csProjfiles.Count() != 1)
                 {
-                    if (csProjfiles.Count() > 1)
-                    {
-                        ConsoleLogger.LogJsonMessage(new JsonResponse(CommandName, State.Fail, Resources.ProjectPathError));
-                        ConsoleLogger.LogMessage(Resources.ProjectPathError, LogMessageType.Error);
-                        return null;
-                    }
-                    var filePath = csProjfiles.First();
-                    ProvisioningToolOptions.ProjectFilePath = filePath;
+                    ConsoleLogger.LogJsonMessage(new JsonResponse(CommandName, State.Fail, Resources.ProjectPathError));
+                    ConsoleLogger.LogMessage(Resources.ProjectPathError, LogMessageType.Error);
+                    return null;
                 }
-            }
 
-            string currentDirectory = Directory.GetCurrentDirectory();
-            //if its current directory, update it using the ProjectPath
-            if (ProvisioningToolOptions.ProjectPath.Equals(currentDirectory, StringComparison.OrdinalIgnoreCase))
-            {
-                ProvisioningToolOptions.ProjectPath = Path.GetDirectoryName(ProvisioningToolOptions.ProjectFilePath) ?? currentDirectory;
+                ProvisioningToolOptions.ProjectFilePath = csProjfiles.First();
             }
 
-            //get appsettings.json file path
-            var appSettingsFile = Directory.EnumerateFiles(ProvisioningToolOptions.ProjectPath, "appsettings.json");
-            if (appSettingsFile.Any())
+            // Update the ProjectPath if necessary
+            if (ProvisioningToolOptions.ProjectPath.Equals(Directory.GetCurrentDirectory(), StringComparison.OrdinalIgnoreCase)
+                && Path.GetDirectoryName(ProvisioningToolOptions.ProjectFilePath) is string actualProjectPath)
             {
-                var filePath = appSettingsFile.First();
-                ProvisioningToolOptions.AppSettingsFilePath = filePath;
+                ProvisioningToolOptions.ProjectPath = actualProjectPath;
             }
 
-            ProjectDescription? projectDescription = ProjectDescriptionReader.GetProjectDescription(
-                ProvisioningToolOptions.ProjectTypeIdentifier,
-                ProvisioningToolOptions.ProjectPath);
+            var projectDescription = ProjectDescriptionReader.GetProjectDescription(
+                ProvisioningToolOptions.ProjectTypeIdentifier);
 
             if (projectDescription == null)
             {
@@ -93,16 +89,12 @@ public AppProvisioningTool(string commandName, ProvisioningToolOptions provision
             else
             {
                 ConsoleLogger.LogMessage(string.Format(Resources.DetectedProjectType, projectDescription.Identifier));
-                if (!string.IsNullOrEmpty(projectDescription.Identifier))
-                {
-                    string projectType = projectDescription.Identifier.Replace("dotnet-", "");
-                    ProvisioningToolOptions.ProjectType ??= projectType;
-                }
+                ProvisioningToolOptions.ProjectType ??= projectDescription.Identifier?.Replace("dotnet-", "");
             }
 
             ProjectAuthenticationSettings projectSettings = InferApplicationParameters(
                 ProvisioningToolOptions,
-                ProjectDescriptionReader.projectDescriptions,
+                ProjectDescriptionReader.ProjectDescriptions,
                 projectDescription);
 
             // Get developer credentials
@@ -110,20 +102,17 @@ public AppProvisioningTool(string commandName, ProvisioningToolOptions provision
                 ProvisioningToolOptions,
                 ProvisioningToolOptions.TenantId ?? projectSettings.ApplicationParameters.EffectiveTenantId ?? projectSettings.ApplicationParameters.EffectiveDomain);
 
-            //for now, update project command is handlded seperately.
-            //TODO: switch case to handle all the different commands.
-            ApplicationParameters? applicationParameters = null;
-
             // Case of a blazorwasm hosted application. We need to create two applications:
             // - the hosted web API
             // - the SPA.
-            if (projectSettings.ApplicationParameters.IsBlazorWasm.HasValue && projectSettings.ApplicationParameters.IsBlazorWasm.Value
-                && projectSettings.ApplicationParameters.IsWebApi.HasValue && projectSettings.ApplicationParameters.IsWebApi.Value)
+            if (projectSettings.ApplicationParameters.IsBlazorWasm
+                && projectSettings.ApplicationParameters.IsWebApi.GetValueOrDefault())
             {
                 // Processes the hosted web API
                 ProvisioningToolOptions provisioningToolOptionsBlazorServer = ProvisioningToolOptions.Clone();
                 provisioningToolOptionsBlazorServer.ProjectPath = Path.Combine(ProvisioningToolOptions.ProjectPath, "Server");
-                provisioningToolOptionsBlazorServer.AppDisplayName = string.Concat(provisioningToolOptionsBlazorServer.AppDisplayName ?? projectSettings.ApplicationParameters.ApplicationDisplayName, "-Server");
+                provisioningToolOptionsBlazorServer.AppDisplayName = string.Concat(
+                    provisioningToolOptionsBlazorServer.AppDisplayName ?? projectSettings.ApplicationParameters.ApplicationDisplayName, "-Server");
                 provisioningToolOptionsBlazorServer.ProjectType = string.Empty;
                 provisioningToolOptionsBlazorServer.ClientId = ProvisioningToolOptions.WebApiClientId;
                 provisioningToolOptionsBlazorServer.WebApiClientId = null;
@@ -133,7 +122,8 @@ public AppProvisioningTool(string commandName, ProvisioningToolOptions provision
                 /// Processes the Blazorwasm client
                 ProvisioningToolOptions provisioningToolOptionsBlazorClient = ProvisioningToolOptions.Clone();
                 provisioningToolOptionsBlazorClient.ProjectPath = Path.Combine(ProvisioningToolOptions.ProjectPath, "Client");
-                provisioningToolOptionsBlazorClient.AppDisplayName = string.Concat(provisioningToolOptionsBlazorClient.AppDisplayName ?? projectSettings.ApplicationParameters.ApplicationDisplayName, "-Client");
+                provisioningToolOptionsBlazorClient.AppDisplayName = string.Concat(
+                    provisioningToolOptionsBlazorClient.AppDisplayName ?? projectSettings.ApplicationParameters.ApplicationDisplayName, "-Client");
                 provisioningToolOptionsBlazorClient.ProjectType = string.Empty;
                 provisioningToolOptionsBlazorClient.WebApiClientId = applicationParametersServer?.ClientId;
                 provisioningToolOptionsBlazorClient.AppIdUri = applicationParametersServer?.AppIdUri;
@@ -142,6 +132,9 @@ public AppProvisioningTool(string commandName, ProvisioningToolOptions provision
                 return await appProvisioningToolBlazorClient.Run();
             }
 
+
+            //for now, update project command is handlded seperately.
+            ApplicationParameters? applicationParameters;
             switch (CommandName)
             {
                 case Commands.UPDATE_PROJECT_COMMAND:
@@ -235,132 +228,10 @@ await WriteApplicationRegistration(
                     ConsoleLogger.LogMessage(failMessage, LogMessageType.Error);
                 }
             }
+
             return resultAppParameters;
         }
 
-        // add 'AzureAd', 'MicrosoftGraph' or 'DownstreamAPI' sections as appropriate. Fill them default values if empty.
-        // Default values can be found https://github.com/dotnet/aspnetcore/tree/main/src/ProjectTemplates/Web.ProjectTemplates/content
-        private void ModifyAppSettings(ApplicationParameters applicationParameters)
-        {
-            string? filePath = ProvisioningToolOptions.AppSettingsFilePath;
-            if (!string.IsNullOrEmpty(filePath))
-            {
-                bool changesMade = false;
-                //waiting for https://github.com/dotnet/runtime/issues/29690 + https://github.com/dotnet/runtime/issues/31068 to switch over to System.Text.Json
-                JObject appSettings = JObject.Parse(System.IO.File.ReadAllText(filePath));
-                if (appSettings != null)
-                {
-                    var azureAdToken = appSettings["AzureAd"];
-                    if (azureAdToken != null)
-                    {
-                        var azureAdProperty = azureAdToken.ToObject<AzureAdProperties>();
-                        if (azureAdProperty != null)
-                        {
-                            // if property exists, and if suggested value is not already there.
-                            if (!string.IsNullOrEmpty(azureAdProperty.Domain) &&
-                                !azureAdProperty.Domain.Equals(applicationParameters.Domain, StringComparison.OrdinalIgnoreCase))
-                            {
-                                changesMade = true;
-                                azureAdToken["Domain"] = applicationParameters.Domain ?? AzureAdDefaultProperties.Domain;
-                            }
-
-                            if (!string.IsNullOrEmpty(azureAdProperty.TenantId) &&
-                                !azureAdProperty.TenantId.Equals(applicationParameters.TenantId, StringComparison.OrdinalIgnoreCase))
-                            {
-                                changesMade = true;
-                                azureAdToken["TenantId"] = applicationParameters.TenantId ?? AzureAdDefaultProperties.TenantId;
-                            }
-
-                            if (!string.IsNullOrEmpty(azureAdProperty.ClientId) &&
-                                !azureAdProperty.ClientId.Equals(applicationParameters.ClientId, StringComparison.OrdinalIgnoreCase))
-                            {
-                                changesMade = true;
-                                azureAdToken["ClientId"] = applicationParameters.ClientId ?? AzureAdDefaultProperties.ClientId;
-                            }
-
-                            if (!string.IsNullOrEmpty(azureAdProperty.Instance) &&
-                                !azureAdProperty.Instance.Equals(applicationParameters.Instance, StringComparison.OrdinalIgnoreCase))
-                            {
-                                changesMade = true;
-                                azureAdToken["Instance"] = applicationParameters.Instance ?? AzureAdDefaultProperties.Instance;
-                            }
-
-                            if (!string.IsNullOrEmpty(azureAdProperty.CallbackPath) &&
-                                !azureAdProperty.CallbackPath.Equals(applicationParameters.CallbackPath, StringComparison.OrdinalIgnoreCase))
-                            {
-                                changesMade = true;
-                                azureAdToken["CallbackPath"] = applicationParameters.CallbackPath ?? AzureAdDefaultProperties.CallbackPath;
-                            }
-                        }
-                    }
-                    else
-                    {
-                        changesMade = true;
-                        appSettings.Add("AzureAd", JObject.FromObject(new
-                        {
-                            Instance = applicationParameters.Instance ?? AzureAdDefaultProperties.Instance,
-                            Domain = applicationParameters.Domain ?? AzureAdDefaultProperties.Domain,
-                            TenantId = applicationParameters.TenantId ?? AzureAdDefaultProperties.TenantId,
-                            ClientId = applicationParameters.ClientId ?? AzureAdDefaultProperties.ClientId,
-                            CallbackPath = applicationParameters.CallbackPath ?? AzureAdDefaultProperties.CallbackPath
-                        }));
-                    }
-
-                    if (ProvisioningToolOptions.CallsGraph || ProvisioningToolOptions.CallsDownstreamApi)
-                    {
-
-                        if (azureAdToken != null)
-                        {
-                            if (azureAdToken["ClientSecret"] == null)
-                            {
-                                changesMade = true;
-                                azureAdToken["ClientSecret"] = "Client secret from app-registration. Check user secrets/azure portal.";
-                            }
-
-                            if (azureAdToken["ClientCertificates"] == null)
-                            {
-                                changesMade = true;
-                                azureAdToken["ClientCertificates"] = new JArray();
-                            }
-                        }
-
-                        if (ProvisioningToolOptions.CallsDownstreamApi)
-                        {
-                            if (appSettings["DownstreamApi"] == null)
-                            {
-                                changesMade = true;
-                                string apiURL = !string.IsNullOrEmpty(ProvisioningToolOptions.CalledApiUrl) ? ProvisioningToolOptions.CalledApiUrl : "API_URL_HERE";
-                                appSettings.Add("DownstreamApi", JObject.FromObject(new
-                                {
-                                    BaseUrl = apiURL,
-                                    Scopes = "user.read"
-                                }));
-                            }
-                        }
-
-                        if (ProvisioningToolOptions.CallsGraph)
-                        {
-                            if (appSettings["MicrosoftGraph"] == null)
-                            {
-                                changesMade = true;
-                                appSettings.Add("MicrosoftGraph", JObject.FromObject(new
-                                {
-                                    BaseUrl = "https://graph.microsoft.com/v1.0",
-                                    Scopes = "user.read"
-                                }));
-                            }
-                        }
-                    }
-                }
-
-
-                //save comments somehow, only write to appsettings.json if changes are made
-                if (appSettings != null && changesMade)
-                {
-                    System.IO.File.WriteAllText(filePath, appSettings.ToString());
-                }
-            }
-        }
         /// <summary>
         /// Converts an AAD application to a B2C application
         /// </summary>
@@ -380,7 +251,7 @@ private ProjectAuthenticationSettings ConvertAadApplicationToB2CApplication(Proj
                 string updatedContent = fileContent.Replace("AzureAd", "AzureAdB2C");
 
                 // Add the policies to the appsettings.json
-                if (filePath.EndsWith("appsettings.json"))
+                if (filePath.EndsWith(AppSettingsModifier.AppSettingsFileName))
                 {
                     // Insert the policies
                     int indexCallbackPath = updatedContent.IndexOf("\"CallbackPath\"");
@@ -402,7 +273,7 @@ private ProjectAuthenticationSettings ConvertAadApplicationToB2CApplication(Proj
             // reevaulate the project settings
             projectSettings = InferApplicationParameters(
                 ProvisioningToolOptions,
-                ProjectDescriptionReader.projectDescriptions,
+                ProjectDescriptionReader.ProjectDescriptions,
                 projectDescription);
             return projectSettings;
         }
@@ -455,7 +326,9 @@ private bool Reconciliate(ApplicationParameters applicationParameters, Applicati
             ApplicationParameters applicationParameters)
         {
             ApplicationParameters? currentApplicationParameters = null;
-            if (!string.IsNullOrEmpty(applicationParameters.EffectiveClientId) || (!string.IsNullOrEmpty(applicationParameters.ClientId) && !AzureAdDefaultProperties.ClientId.Equals(applicationParameters.ClientId, StringComparison.OrdinalIgnoreCase)))
+            if (!string.IsNullOrEmpty(applicationParameters.EffectiveClientId)
+                || (!string.IsNullOrEmpty(applicationParameters.ClientId)
+                && !DefaultProperties.ClientId.Equals(applicationParameters.ClientId, StringComparison.OrdinalIgnoreCase)))
             {
                 currentApplicationParameters = await MicrosoftIdentityPlatformApplicationManager.ReadApplication(tokenCredential, applicationParameters);
                 if (currentApplicationParameters == null)
@@ -463,6 +336,7 @@ private bool Reconciliate(ApplicationParameters applicationParameters, Applicati
                     ConsoleLogger.LogMessage($"Couldn't find app {applicationParameters.EffectiveClientId} in tenant {applicationParameters.EffectiveTenantId}. ", LogMessageType.Error);
                 }
             }
+
             return currentApplicationParameters;
         }
 
@@ -471,7 +345,8 @@ private bool Reconciliate(ApplicationParameters applicationParameters, Applicati
             ApplicationParameters applicationParameters)
         {
             ApplicationParameters? currentApplicationParameters = null;
-            if (!string.IsNullOrEmpty(applicationParameters.EffectiveClientId) || (!string.IsNullOrEmpty(applicationParameters.ClientId) && !AzureAdDefaultProperties.ClientId.Equals(applicationParameters.ClientId, StringComparison.OrdinalIgnoreCase)))
+
+            if (!string.IsNullOrEmpty(applicationParameters.EffectiveClientId) || (!string.IsNullOrEmpty(applicationParameters.ClientId) && !DefaultProperties.ClientId.Equals(applicationParameters.ClientId, StringComparison.OrdinalIgnoreCase)))
             {
                 currentApplicationParameters = await MicrosoftIdentityPlatformApplicationManager.ReadApplication(tokenCredential, applicationParameters);
                 if (currentApplicationParameters == null)
@@ -500,23 +375,22 @@ private ProjectAuthenticationSettings InferApplicationParameters(
             IEnumerable<ProjectDescription> projectDescriptions,
             ProjectDescription? projectDescription = null)
         {
-            CodeReader reader = new CodeReader();
-            ProjectAuthenticationSettings projectSettings = new ProjectAuthenticationSettings();
-            if (projectDescription != null)
-            {
-                projectSettings = reader.ReadFromFiles(provisioningToolOptions.ProjectPath, projectDescription, projectDescriptions);
-            }
+            var projectSettings = projectDescription != null
+                ? new CodeReader().ReadFromFiles(projectDescription, projectDescriptions, Files)
+                : new ProjectAuthenticationSettings();
 
             // Override with the tools options
             projectSettings.ApplicationParameters.ApplicationDisplayName ??= !string.IsNullOrEmpty(provisioningToolOptions.AppDisplayName) ? provisioningToolOptions.AppDisplayName : Path.GetFileName(provisioningToolOptions.ProjectPath);
             projectSettings.ApplicationParameters.ClientId = !string.IsNullOrEmpty(provisioningToolOptions.ClientId) ? provisioningToolOptions.ClientId : projectSettings.ApplicationParameters.ClientId;
             projectSettings.ApplicationParameters.TenantId = !string.IsNullOrEmpty(provisioningToolOptions.TenantId) ? provisioningToolOptions.TenantId : projectSettings.ApplicationParameters.TenantId;
             projectSettings.ApplicationParameters.CalledApiScopes = !string.IsNullOrEmpty(provisioningToolOptions.CalledApiScopes) ? provisioningToolOptions.CalledApiScopes : projectSettings.ApplicationParameters.CalledApiScopes;
+            projectSettings.ApplicationParameters.IsBlazorWasm = provisioningToolOptions.IsBlazorWasm;
 
-            //there can mutliple project types
+            // there can mutliple project types
             if (!string.IsNullOrEmpty(provisioningToolOptions.ProjectType))
             {
-                if (provisioningToolOptions.ProjectType.Equals("webapp", StringComparison.OrdinalIgnoreCase))
+                if (provisioningToolOptions.ProjectType.Equals("webapp", StringComparison.OrdinalIgnoreCase)
+                    || provisioningToolOptions.ProjectType.Equals("blazorserver", StringComparison.OrdinalIgnoreCase))
                 {
                     projectSettings.ApplicationParameters.IsWebApp = projectSettings.ApplicationParameters.IsWebApp ?? true;
                 }
@@ -524,19 +398,16 @@ private ProjectAuthenticationSettings InferApplicationParameters(
                 {
                     projectSettings.ApplicationParameters.IsWebApi = projectSettings.ApplicationParameters.IsWebApi ?? true;
                 }
-                if (provisioningToolOptions.ProjectType.Equals("blazorwasm", StringComparison.OrdinalIgnoreCase))
-                {
-                    projectSettings.ApplicationParameters.IsBlazorWasm = projectSettings.ApplicationParameters.IsBlazorWasm ?? true;
-                }
                 if (provisioningToolOptions.ProjectType.Equals("blazorwasm-hosted", StringComparison.OrdinalIgnoreCase))
                 {
-                    projectSettings.ApplicationParameters.IsBlazorWasm = projectSettings.ApplicationParameters.IsBlazorWasm ?? true;
+                    projectSettings.ApplicationParameters.IsBlazorWasm = true;
                 }
             }
             if (!string.IsNullOrEmpty(provisioningToolOptions.AppIdUri))
             {
                 projectSettings.ApplicationParameters.AppIdUri = provisioningToolOptions.AppIdUri;
             }
+
             return projectSettings;
         }
 
@@ -651,17 +522,20 @@ private async Task UpdateProject(TokenCredential tokenCredential, ApplicationPar
                 ConsoleLogger.LogMessage("=============================================");
                 ConsoleLogger.LogMessage(Resources.UpdatingAppSettingsJson);
                 ConsoleLogger.LogMessage("=============================================\n");
-                //dotnet user secrets init
+                // dotnet user secrets init
                 CodeWriter.InitUserSecrets(ProvisioningToolOptions.ProjectPath, ConsoleLogger);
 
-                //modify appsettings.json. 
-                ModifyAppSettings(applicationParameters);
+                // modify appsettings.json if not updated from Code Update
+                if (!ProvisioningToolOptions.CodeUpdate)
+                {
+                    AppSettingsModifier.ModifyAppSettings(applicationParameters, Files);
+                }
 
-                //Add ClientSecret if the app wants to call graph/a downstream api.
+                // Add ClientSecret if the app wants to call graph/a downstream api.
                 if (ProvisioningToolOptions.CallsGraph || ProvisioningToolOptions.CallsDownstreamApi)
                 {
                     var graphServiceClient = MicrosoftIdentityPlatformApplicationManager.GetGraphServiceClient(tokenCredential);
-                    //need ClientId and Microsoft.Graph.Application.Id(GraphEntityId)
+                    // need ClientId and Microsoft.Graph.Application.Id(GraphEntityId)
                     if (graphServiceClient != null && !string.IsNullOrEmpty(applicationParameters.ClientId) && !string.IsNullOrEmpty(applicationParameters.GraphEntityId))
                     {
                         await MicrosoftIdentityPlatformApplicationManager.AddPasswordCredentialsAsync(
@@ -671,7 +545,7 @@ await MicrosoftIdentityPlatformApplicationManager.AddPasswordCredentialsAsync(
                             ConsoleLogger);
 
                         string? password = applicationParameters.PasswordCredentials.LastOrDefault();
-                        //if user wants to update user secrets
+                        // if user wants to update user secrets
                         if (!string.IsNullOrEmpty(password) && ProvisioningToolOptions.UpdateUserSecrets)
                         {
                             CodeWriter.AddUserSecrets(applicationParameters.IsB2C, ProvisioningToolOptions.ProjectPath, password, ConsoleLogger);
@@ -715,7 +589,7 @@ await MicrosoftIdentityPlatformApplicationManager.AddPasswordCredentialsAsync(
                             {
                                 foreach (var packageToInstall in packages)
                                 {
-                                    //if package doesn't exist, add it.
+                                    // if package doesn't exist, add it.
                                     if (!tfm.Dependencies.Where(x => x.Name.Equals(packageToInstall)).Any())
                                     {
                                         CodeWriter.AddPackage(packageToInstall, shortTfm, ConsoleLogger);
@@ -732,14 +606,13 @@ await MicrosoftIdentityPlatformApplicationManager.AddPasswordCredentialsAsync(
                 ConsoleLogger.LogMessage("=============================================");
                 ConsoleLogger.LogMessage(Resources.UpdatingProjectFiles);
                 ConsoleLogger.LogMessage("=============================================\n");
-                //if project is not setup for auth, add updates to Startup.cs, .csproj.
-                ProjectModifier startupModifier = new ProjectModifier(ProvisioningToolOptions, ConsoleLogger);
+                // if project is not setup for auth, add updates to Startup.cs, .csproj.
+                ProjectModifier startupModifier = new ProjectModifier(ProvisioningToolOptions, Files, ConsoleLogger);
                 await startupModifier.AddAuthCodeAsync();
+
+                // modify appsettings.json.
+                AppSettingsModifier.ModifyAppSettings(applicationParameters, Files);
             }
         }
-
-        //Layout.cshtml
-        //LoginPartial.cshtml
-        //launchsettings.json --> update
     }
 }
diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/Tool/ProvisioningToolOptions.cs b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/Tool/ProvisioningToolOptions.cs
index c88efa347..3b6fbe231 100644
--- a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/Tool/ProvisioningToolOptions.cs
+++ b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/Tool/ProvisioningToolOptions.cs
@@ -16,7 +16,7 @@ public class ProvisioningToolOptions : IDeveloperCredentialsOptions
 
         /// <summary>
         /// Path to appsettings.json file
-        /// </summary>
+        /// </summary>   
         public string? AppSettingsFilePath { get; set; }
 
         ///<summary>
diff --git a/src/Shared/Microsoft.DotNet.Scaffolding.Shared/CodeModifier/CodeAnalysisHelper.cs b/src/Shared/Microsoft.DotNet.Scaffolding.Shared/CodeModifier/CodeAnalysisHelper.cs
index 6c0434001..ef0247a99 100644
--- a/src/Shared/Microsoft.DotNet.Scaffolding.Shared/CodeModifier/CodeAnalysisHelper.cs
+++ b/src/Shared/Microsoft.DotNet.Scaffolding.Shared/CodeModifier/CodeAnalysisHelper.cs
@@ -1,3 +1,4 @@
+using System.Collections.Generic;
 using System.Threading.Tasks;
 using Microsoft.CodeAnalysis.MSBuild;
 
@@ -7,11 +8,13 @@ namespace Microsoft.DotNet.Scaffolding.Shared.CodeModifier
     public static class CodeAnalysisHelper
     {
         //helps create a CodeAnalysis.Project with project files given a project path.
-        public static async Task<CodeAnalysis.Project> LoadCodeAnalysisProjectAsync(string projectFilePath)
+        public static async Task<CodeAnalysis.Project> LoadCodeAnalysisProjectAsync(
+            string projectFilePath,
+            IEnumerable<string> files)
         {
             var workspace = MSBuildWorkspace.Create();
             var project = await workspace.OpenProjectAsync(projectFilePath);
-            var projectWithFiles = project.WithAllSourceFiles();
+            var projectWithFiles = project.WithAllSourceFiles(files);
             project = projectWithFiles ?? project;
             return project;
         }        
diff --git a/src/Shared/Microsoft.DotNet.Scaffolding.Shared/CodeModifier/CodeChange/CodeFile.cs b/src/Shared/Microsoft.DotNet.Scaffolding.Shared/CodeModifier/CodeChange/CodeFile.cs
index 10dc40f11..7471e5c89 100644
--- a/src/Shared/Microsoft.DotNet.Scaffolding.Shared/CodeModifier/CodeChange/CodeFile.cs
+++ b/src/Shared/Microsoft.DotNet.Scaffolding.Shared/CodeModifier/CodeChange/CodeFile.cs
@@ -5,11 +5,12 @@ namespace Microsoft.DotNet.Scaffolding.Shared.CodeModifier.CodeChange
     public class CodeFile
     {
         public Dictionary<string, Method> Methods { get; set; }
-        public CodeSnippet[] RazorChanges { get; set; }
+        public CodeSnippet[] Replacements { get; set; }
         public string AddFilePath { get; set; }
         public string[] Usings { get; set; }
         public CodeBlock[] UsingsWithOptions { get; set; }
         public string FileName { get; set; }
+        public string Extension => FileName.Substring(FileName.LastIndexOf('.') + 1);
         public CodeBlock[] ClassProperties { get; set; }
         public CodeBlock[] ClassAttributes { get; set; }
         public string[] GlobalVariables { get; set; }
diff --git a/src/Shared/Microsoft.DotNet.Scaffolding.Shared/CodeModifier/ProjectExtensions.cs b/src/Shared/Microsoft.DotNet.Scaffolding.Shared/CodeModifier/ProjectExtensions.cs
index 1ebd83e79..bd6d7a05d 100644
--- a/src/Shared/Microsoft.DotNet.Scaffolding.Shared/CodeModifier/ProjectExtensions.cs
+++ b/src/Shared/Microsoft.DotNet.Scaffolding.Shared/CodeModifier/ProjectExtensions.cs
@@ -1,43 +1,18 @@
 using System.Collections.Generic;
 using System.IO;
-using System.Linq;
 
 namespace Microsoft.DotNet.Scaffolding.Shared.CodeModifier
 {
     internal static class ProjectExtensions
     {
-        public static CodeAnalysis.Project AddDocuments(this CodeAnalysis.Project project, IEnumerable<string> files)
+        public static CodeAnalysis.Project WithAllSourceFiles(this CodeAnalysis.Project project, IEnumerable<string> files)
         {
             foreach (string file in files)
             {
                 project = project.AddDocument(file, File.ReadAllText(file)).Project;
             }
-            return project;
-        }
-
-        public static CodeAnalysis.Project WithAllSourceFiles(this CodeAnalysis.Project project)
-        {
-            if (!string.IsNullOrEmpty(project.FilePath))
-            {
-                string projectDirectory = Directory.GetParent(project.FilePath)?.FullName;
-                if (!string.IsNullOrEmpty(projectDirectory))
-                {
-                    var files = GetAllSourceFiles(projectDirectory);
-                    var newProject = project.AddDocuments(files);
-                    return newProject;
-                }
-            }
-            return null;
-        }
 
-        private static IEnumerable<string> GetAllSourceFiles(string directoryPath)
-        {
-            var filePaths = Directory.EnumerateFiles(directoryPath, "*.cs", SearchOption.AllDirectories)
-                .Concat(Directory.EnumerateFiles(directoryPath, "*.cshtml", SearchOption.AllDirectories))
-                .Concat(Directory.EnumerateFiles(directoryPath, "*.razor", SearchOption.AllDirectories));
-               
-            return filePaths;
+            return project;
         }
-
     }
 }
diff --git a/src/Shared/Microsoft.DotNet.Scaffolding.Shared/Project/ProjectModifierHelper.cs b/src/Shared/Microsoft.DotNet.Scaffolding.Shared/Project/ProjectModifierHelper.cs
index c5567231a..77e5d0e9e 100644
--- a/src/Shared/Microsoft.DotNet.Scaffolding.Shared/Project/ProjectModifierHelper.cs
+++ b/src/Shared/Microsoft.DotNet.Scaffolding.Shared/Project/ProjectModifierHelper.cs
@@ -426,7 +426,7 @@ internal static async Task UpdateDocument(Document document, IConsoleLogger cons
             var classFileTxt = await document.GetTextAsync();
 
             // Note: Here, document.Name is the full filepath
-            File.WriteAllText(document.Name, classFileTxt.ToString());
+            File.WriteAllText(document.Name, classFileTxt.ToString(), new UTF8Encoding(false));
             consoleLogger.LogMessage($"Modified {document.Name}.\n");
         }
 
diff --git a/test/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity.Tests/ProjectDescriptionReaderTests.cs b/test/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity.Tests/ProjectDescriptionReaderTests.cs
index bad4d898f..aefcc33ec 100644
--- a/test/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity.Tests/ProjectDescriptionReaderTests.cs
+++ b/test/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity.Tests/ProjectDescriptionReaderTests.cs
@@ -1,12 +1,12 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
-using Microsoft.DotNet.MSIdentity.CodeReaderWriter;
-using Microsoft.DotNet.MSIdentity.Project;
 using System;
 using System.Globalization;
 using System.IO;
 using System.Runtime.InteropServices;
+using Microsoft.DotNet.MSIdentity.CodeReaderWriter;
+using Microsoft.DotNet.MSIdentity.Project;
 using Xunit;
 using Xunit.Abstractions;
 
@@ -21,7 +21,6 @@ public ProjectDescriptionReaderTests(ITestOutputHelper output)
             _testOutput = output;
         }
 
-        readonly ProjectDescriptionReader _projectDescriptionReader = new ProjectDescriptionReader();
         readonly CodeReader _codeReader = new CodeReader();
 
         [InlineData(@"blazorserver\blazorserver-b2c", "dotnet new blazorserver --auth IndividualB2C --aad-b2c-instance https://fabrikamb2c.b2clogin.com --client-id fdb91ff5-5ce6-41f3-bdbd-8267c817015d --domain fabrikamb2c.onmicrosoft.com", "dotnet-webapp", true)]
@@ -43,20 +42,22 @@ public ProjectDescriptionReaderTests(ITestOutputHelper output)
         [InlineData(@"webapp\webapp-singleorg", "dotnet new webapp --auth SingleOrg --client-id 86699d80-dd21-476a-bcd1-7c1a3d471f75 --domain msidentitysamplestesting.onmicrosoft.com", "dotnet-webapp")]
         [InlineData(@"webapp\webapp-singleorg-callsgraph", "dotnet new webapp --auth SingleOrg --client-id 86699d80-dd21-476a-bcd1-7c1a3d471f75 --domain msidentitysamplestesting.onmicrosoft.com --calls-graph", "dotnet-webapp")]
         [InlineData(@"webapp\webapp-singleorg-callswebapi", "dotnet new webapp --auth SingleOrg --client-id 86699d80-dd21-476a-bcd1-7c1a3d471f75 --domain msidentitysamplestesting.onmicrosoft.com --called-api-url \"https://graph.microsoft.com/beta/me\" --called-api-scopes \"user.read\"", "dotnet-webapp")]
-        [Theory(Skip="Test gets stuck on macOS and Linux. Tracking https://github.com/dotnet/Scaffolding/issues/1598 for fix.")]
+        [Theory(Skip = "Test gets stuck on macOS and Linux. Tracking https://github.com/dotnet/Scaffolding/issues/1598 for fix.")]
         public void TestProjectDescriptionReader(string folderPath, string command, string expectedProjectType, bool isB2C = false)
         {
             string createdProjectFolder = CreateProjectIfNeeded(folderPath, command, "ProjectDescriptionReaderTests");
+            var files = Directory.EnumerateFiles(createdProjectFolder);
+            var projectDescriptionReader = new ProjectDescriptionReader(files);
 
-            var projectDescription = _projectDescriptionReader.GetProjectDescription(string.Empty, createdProjectFolder);
+            var projectDescription = projectDescriptionReader.GetProjectDescription(string.Empty);
 
             Assert.NotNull(projectDescription);
             Assert.Equal(expectedProjectType, projectDescription.Identifier);
 
             var authenticationSettings = _codeReader.ReadFromFiles(
-                createdProjectFolder,
                 projectDescription,
-                _projectDescriptionReader.projectDescriptions);
+                projectDescriptionReader.ProjectDescriptions,
+                files);
 
             bool callsGraph = folderPath.Contains(TestConstants.CallsGraph);
             bool callsWebApi = folderPath.Contains(TestConstants.CallsWebApi) || callsGraph;
@@ -87,20 +88,23 @@ public void TestProjectDescriptionReader(string folderPath, string command, stri
 
         [InlineData(@"blazorwasm\blazorwasm-b2c", "dotnet new blazorwasm --framework net5.0 --auth IndividualB2C --client-id fdb91ff5-5ce6-41f3-bdbd-8267c817015d --domain fabrikamb2c.onmicrosoft.com", "dotnet-blazorwasm", true)]
         [InlineData(@"blazorwasm\blazorwasm-singleorg", "dotnet new blazorwasm --framework net5.0 --auth SingleOrg --client-id 86699d80-dd21-476a-bcd1-7c1a3d471f75", "dotnet-blazorwasm")]
-        [Theory(Skip="The newly created test project wants new packages that don't exist on official feeds. Will rework for next update.")]
+        [Theory(Skip = "The newly created test project wants new packages that don't exist on official feeds. Will rework for next update.")]
         public void TestProjectDescriptionReader_TemplatesWithBlazorWasm(string folderPath, string command, string expectedProjectType, bool isB2C = false)
         {
             string createdProjectFolder = CreateProjectIfNeeded(folderPath, command, "ProjectDescriptionReaderTests");
+            var files = Directory.EnumerateFiles(createdProjectFolder);
+
+            var projectDescriptionReader = new ProjectDescriptionReader(files);
 
-            var projectDescription = _projectDescriptionReader.GetProjectDescription(string.Empty, createdProjectFolder);
+            var projectDescription = projectDescriptionReader.GetProjectDescription(string.Empty);
 
             Assert.NotNull(projectDescription);
             Assert.Equal(expectedProjectType, projectDescription.Identifier);
 
             var authenticationSettings = _codeReader.ReadFromFiles(
-                createdProjectFolder,
                 projectDescription,
-                _projectDescriptionReader.projectDescriptions);
+                projectDescriptionReader.ProjectDescriptions,
+                files);
 
             if (isB2C)
             {
@@ -122,20 +126,22 @@ public void TestProjectDescriptionReader_TemplatesWithBlazorWasm(string folderPa
         //[InlineData(@"blazorwasm\blazorwasm-singleorg-callsgraph-hosted", "dotnet new blazorwasm --auth SingleOrg --api-client-id 86699d80-dd21-476a-bcd1-7c1a3d471f75 --domain msidentitysamplestesting.onmicrosoft.com --calls-graph --hosted", "dotnet-blazorwasm-hosted")]
         //[InlineData(@"blazorwasm\blazorwasm-singleorg-callswebapi-hosted", "dotnet new blazorwasm --auth SingleOrg --api-client-id 86699d80-dd21-476a-bcd1-7c1a3d471f75 --domain msidentitysamplestesting.onmicrosoft.com --called-api-url \"https://graph.microsoft.com/beta/me\" --called-api-scopes \"user.read\" --hosted", "dotnet-blazorwasm-hosted")]
         [InlineData(@"blazorwasm\blazorwasm-singleorg-hosted", "dotnet new blazorwasm --auth SingleOrg --api-client-id 86699d80-dd21-476a-bcd1-7c1a3d471f75 --domain msidentitysamplestesting.onmicrosoft.com  --hosted", "dotnet-blazorwasm-hosted")]
-        [Theory(Skip="Test gets stuck on macOS and Linux. Tracking https://github.com/dotnet/Scaffolding/issues/1598 for fix.")]
+        [Theory(Skip = "Test gets stuck on macOS and Linux. Tracking https://github.com/dotnet/Scaffolding/issues/1598 for fix.")]
         public void TestProjectDescriptionReader_TemplatesWithBlazorWasmHosted(string folderPath, string command, string expectedProjectType)
         {
             string createdProjectFolder = CreateProjectIfNeeded(folderPath, command, "ProjectDescriptionReaderTests");
+            var files = Directory.EnumerateFiles(createdProjectFolder);
+            var projectDescriptionReader = new ProjectDescriptionReader(files);
 
-            var projectDescription = _projectDescriptionReader.GetProjectDescription(string.Empty, createdProjectFolder);
+            var projectDescription = projectDescriptionReader.GetProjectDescription(string.Empty);
 
             Assert.NotNull(projectDescription);
             Assert.Equal(expectedProjectType, projectDescription.Identifier);
 
             var authenticationSettings = _codeReader.ReadFromFiles(
-                createdProjectFolder,
-                projectDescription,
-                _projectDescriptionReader.projectDescriptions);
+                           projectDescription,
+                           projectDescriptionReader.ProjectDescriptions,
+                           files);
 
             // Blazorwasm now delegates twice (once to the Client [Blazor], and once to the
             // Server [Web API]
@@ -152,15 +158,17 @@ public void TestProjectDescriptionReader_TemplatesWithBlazorWasmHosted(string fo
         public void TestProjectDescriptionReader_TemplatesWithNoAuth(string folderPath, string command, string expectedProjectType)
         {
             string createdProjectFolder = CreateProjectIfNeeded(folderPath, command, "NoAuthTests");
+            var files = Directory.EnumerateFiles(createdProjectFolder); // TODO cache
+            var projectDescriptionReader = new ProjectDescriptionReader(files);
 
-            var projectDescription = _projectDescriptionReader.GetProjectDescription(string.Empty, createdProjectFolder);
+            var projectDescription = projectDescriptionReader.GetProjectDescription(string.Empty);
             Assert.NotNull(projectDescription);
             Assert.Equal(expectedProjectType, projectDescription.Identifier);
 
             var authenticationSettings = _codeReader.ReadFromFiles(
-                createdProjectFolder,
                 projectDescription,
-                _projectDescriptionReader.projectDescriptions);
+                projectDescriptionReader.ProjectDescriptions,
+                files);
 
             Assert.False(authenticationSettings.ApplicationParameters.HasAuthentication);
             Assert.Empty(authenticationSettings.ApplicationParameters.ApiPermissions);
@@ -181,9 +189,9 @@ private void AssertAuthSettings(ProjectAuthenticationSettings authenticationSett
         {
             bool IsWebApi = authenticationSettings.ApplicationParameters.IsWebApi.HasValue && authenticationSettings.ApplicationParameters.IsWebApi.Value;
             bool IsWebApp = authenticationSettings.ApplicationParameters.IsWebApp.HasValue && authenticationSettings.ApplicationParameters.IsWebApp.Value;
-            bool IsBlazorWasm = authenticationSettings.ApplicationParameters.IsBlazorWasm.HasValue && authenticationSettings.ApplicationParameters.IsBlazorWasm.Value;
+            bool IsBlazorWasm = authenticationSettings.ApplicationParameters.IsBlazorWasm;
             Assert.True(IsWebApi || IsWebApp || IsBlazorWasm);
-            
+
             if (isB2C)
             {
                 Assert.True(authenticationSettings.ApplicationParameters.HasAuthentication);
@@ -219,7 +227,7 @@ private string CreateProjectIfNeeded(string projectFolderName, string command, s
             // Create the folder
             string parentFolder = Path.Combine(tempFolder, "Provisioning", testName);
             string createdProjectFolder = Path.Combine(
-                parentFolder, 
+                parentFolder,
                 projectFolderName.Replace("\\", Path.DirectorySeparatorChar.ToString(CultureInfo.InvariantCulture)));
 
             if (!Directory.Exists(createdProjectFolder))
diff --git a/test/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity.UnitTests.Tests/AppProvisioningToolTests.cs b/test/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity.UnitTests.Tests/AppProvisioningToolTests.cs
new file mode 100644
index 000000000..5b06d5960
--- /dev/null
+++ b/test/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity.UnitTests.Tests/AppProvisioningToolTests.cs
@@ -0,0 +1,227 @@
+using Microsoft.DotNet.MSIdentity.AuthenticationParameters;
+using Microsoft.DotNet.MSIdentity.MicrosoftIdentityPlatform;
+using Newtonsoft.Json.Linq;
+using Xunit;
+
+namespace Microsoft.DotNet.MSIdentity.UnitTests.Tests
+{
+    public class AppProvisioningToolTests
+    {
+        const string existingDomain = "existing domain";
+        const string existingTenantId = "existing tenant Id";
+        const string existingClientId = "existing client Id";
+        const string existingInstance = "existing Instance";
+        const string existingCallbackPath = "existing Callback Path";
+
+        const string inputDomain = "input domain";
+        const string inputTenantId = "input tenant Id";
+        const string inputClientId = "input client Id";
+        const string inputInstance = "input Instance";
+        const string inputCallbackPath = "input Callback Path";
+
+        [Fact]
+        public void ModifyAppSettings_NoInput_DefaultOutput()
+        {
+            var modifier = new AppSettingsModifier(new Tool.ProvisioningToolOptions());
+            var appSettings = new Newtonsoft.Json.Linq.JObject();
+            var parameters = new AuthenticationParameters.ApplicationParameters();
+
+            var expected = JToken.FromObject(new
+            {
+                DefaultProperties.Domain,
+                DefaultProperties.TenantId,
+                DefaultProperties.ClientId,
+                DefaultProperties.Instance,
+                DefaultProperties.CallbackPath
+            }).ToString();
+
+            var modifications = modifier.GetModifiedAppSettings(appSettings, parameters)["AzureAd"].ToString();
+
+            Assert.Equal(expected, modifications);
+        }
+
+        [Fact]
+        public void ModifyAppSettings_NoInput_Blazor_DefaultOutput()
+        {
+            var modifier = new AppSettingsModifier(new Tool.ProvisioningToolOptions());
+            var appSettings = new Newtonsoft.Json.Linq.JObject();
+            var parameters = new AuthenticationParameters.ApplicationParameters { IsBlazorWasm = true };
+
+            var expected = JObject.FromObject(new
+            {
+                DefaultProperties.Authority,
+                DefaultProperties.ClientId,
+                DefaultProperties.ValidateAuthority
+            }).ToString();
+
+            var modifications = modifier.GetModifiedAppSettings(appSettings, parameters)["AzureAd"].ToString();
+
+            Assert.Equal(expected, modifications);
+        }
+
+        [Fact]
+        public void ModifyAppSettings_HasInput_NoExistingProperties()
+        {
+            var modifier = new AppSettingsModifier(new Tool.ProvisioningToolOptions());
+            var appSettings = new Newtonsoft.Json.Linq.JObject();
+
+            var expected = JObject.FromObject(new
+            {
+                Domain = inputDomain,
+                TenantId = inputTenantId,
+                ClientId = inputClientId,
+                Instance = inputInstance,
+                CallbackPath = inputCallbackPath
+            }).ToString();
+
+            var parameters = new AuthenticationParameters.ApplicationParameters
+            {
+                Domain = inputDomain,
+                TenantId = inputTenantId,
+                ClientId = inputClientId,
+                Instance = inputInstance,
+                CallbackPath = inputCallbackPath
+            };
+
+            var modifications = modifier.GetModifiedAppSettings(appSettings, parameters)["AzureAd"].ToString();
+
+            Assert.Equal(expected, modifications);
+        }
+
+        [Fact]
+        public void ModifyAppSettings_HasAllInputParameters_ExistingPropertiesDiffer()
+        {
+            var modifier = new AppSettingsModifier(new Tool.ProvisioningToolOptions());
+            var appSettings = new Newtonsoft.Json.Linq.JObject
+            {
+                {
+                    "AzureAd",
+                    JToken.FromObject(new
+                    {
+                        Domain = existingDomain,
+                        TenantId = existingTenantId,
+                        ClientId = existingClientId,
+                        Instance = existingInstance,
+                        CallbackPath = existingCallbackPath
+                    })
+                }
+            };
+
+            var parameters = new AuthenticationParameters.ApplicationParameters
+            {
+                Domain = inputDomain,
+                TenantId = inputTenantId,
+                ClientId = inputClientId,
+                Instance = inputInstance,
+                CallbackPath = inputCallbackPath
+            };
+
+            var expected = JObject.FromObject(new
+            {
+                Domain = inputDomain,
+                TenantId = inputTenantId,
+                ClientId = inputClientId,
+                Instance = inputInstance,
+                CallbackPath = inputCallbackPath
+            }).ToString();
+
+            var modifications = modifier.GetModifiedAppSettings(appSettings, parameters)["AzureAd"].ToString();
+
+            Assert.Equal(expected, modifications);
+        }
+
+        [Fact]
+        public void ModifyAppSettings_HasSomeInputParameters_ExistingPropertiesDiffer()
+        {
+            var modifier = new AppSettingsModifier(new Tool.ProvisioningToolOptions());
+
+            var appSettings = new Newtonsoft.Json.Linq.JObject
+            {
+                {
+                    "AzureAd",
+                    JToken.FromObject(new
+                    {
+                        Domain = existingDomain,
+                        TenantId = existingTenantId,
+                        ClientId = existingClientId,
+                        Instance = existingInstance,
+                        CallbackPath = existingCallbackPath
+                    })
+                }
+            };
+
+            var parameters = new AuthenticationParameters.ApplicationParameters
+            {
+                Domain = inputDomain
+            };
+
+            var expected = JObject.FromObject(new
+            {
+                Domain = inputDomain,
+                TenantId = existingTenantId,
+                ClientId = existingClientId,
+                Instance = existingInstance,
+                CallbackPath = existingCallbackPath
+            }).ToString();
+
+            var modifications = modifier.GetModifiedAppSettings(appSettings, parameters)["AzureAd"].ToString();
+
+            Assert.Equal(expected, modifications);
+        }
+
+        [Fact]
+        public void ModifyAppSettings_HasEmptyInputParameter_ExistingPropertiesNotModified()
+        {
+            var modifier = new AppSettingsModifier(new Tool.ProvisioningToolOptions());
+
+            var appSettings = new Newtonsoft.Json.Linq.JObject
+            {
+                {
+                    "AzureAd",
+                    JToken.FromObject(new
+                    {
+                        Domain = existingDomain,
+                        TenantId = existingTenantId,
+                        ClientId = existingClientId,
+                        Instance = existingInstance,
+                        CallbackPath = existingCallbackPath
+                    })
+                }
+            };
+
+            var parameters = new AuthenticationParameters.ApplicationParameters
+            {
+                Domain = inputDomain,
+                TenantId = "",
+                ClientId = ""
+            };
+
+            var expected = JObject.FromObject(new
+            {
+                Domain = inputDomain,
+                TenantId = existingTenantId,
+                ClientId = existingClientId,
+                Instance = existingInstance,
+                CallbackPath = existingCallbackPath
+            }).ToString();
+
+            var modifications = modifier.GetModifiedAppSettings(appSettings, parameters)["AzureAd"].ToString();
+
+            Assert.Equal(expected, modifications);
+        }
+
+        [Theory]
+        [InlineData(PropertyNames.Domain, "", "newValue", "newValue")]
+        [InlineData(PropertyNames.Domain, "ExistingDomain", "", null)]
+        [InlineData(PropertyNames.Domain, "", "", DefaultProperties.Domain)]
+        [InlineData(PropertyNames.Domain, null, "newValue", "newValue")]
+        [InlineData(PropertyNames.Domain, "ExistingDomain", null, null)]
+        [InlineData(PropertyNames.Domain, null, null, DefaultProperties.Domain)]
+        public void UpdatePropertyIfNecessary(string propertyName, string existingValue, string newValue, string expected)
+        {
+            var update = AppSettingsModifier.GetUpdatedValue(propertyName, existingValue, newValue);
+
+            Assert.Equal(update, expected);
+        }
+    }
+}
diff --git a/tools/dotnet-msidentity/README.md b/tools/dotnet-msidentity/README.md
index d86ce8a99..4268de955 100644
--- a/tools/dotnet-msidentity/README.md
+++ b/tools/dotnet-msidentity/README.md
@@ -10,7 +10,7 @@ This command will download the specified NuGet package, and then install the too
 in preview, you will need to specify the `--version` parameter when calling `dotnet tool install`. To install the latest version of the tool, run the following.
 
 ```Shell
-  dotnet tool install Microsoft.dotnet-msidentity -g --version "1.0.0-preview.2.21253.1"
+  dotnet tool install Microsoft.dotnet-msidentity -g --version "1.0.2"
 ```
 
 To install a different version of the tool, you can find the available versions at https://www.nuget.org/packages/Microsoft.dotnet-msidentity.
