diff --git a/TaskService/App_Start/OpenIdConnectCachingSecurityTokenProvider.cs b/TaskService/App_Start/OpenIdConnectCachingSecurityTokenProvider.cs
index 1af2504..d144112 100644
--- a/TaskService/App_Start/OpenIdConnectCachingSecurityTokenProvider.cs
+++ b/TaskService/App_Start/OpenIdConnectCachingSecurityTokenProvider.cs
@@ -1,91 +1,137 @@
-using Microsoft.IdentityModel.Protocols;
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
-using Microsoft.IdentityModel.Tokens;
-using Microsoft.Owin.Security.Jwt;
-using System.Collections.Generic;
-using System.Threading;
-using System.Threading.Tasks;
-
-namespace TaskService.App_Start
-{
-    // This class is necessary because the OAuthBearer Middleware does not leverage
-    // the OpenID Connect metadata endpoint exposed by the STS by default.
-    public class OpenIdConnectCachingSecurityTokenProvider : IIssuerSecurityKeyProvider
-    {
-        public ConfigurationManager<OpenIdConnectConfiguration> _configManager;
-        private string _issuer;
-        private IEnumerable<SecurityKey> _keys;
-        private readonly string _metadataEndpoint;
-
-        private readonly ReaderWriterLockSlim _synclock = new ReaderWriterLockSlim();
-
-        public OpenIdConnectCachingSecurityTokenProvider(string metadataEndpoint)
-        {
-            _metadataEndpoint = metadataEndpoint;
-            _configManager = new ConfigurationManager<OpenIdConnectConfiguration>(metadataEndpoint, new OpenIdConnectConfigurationRetriever());
-
-            RetrieveMetadata();
-        }
-
-        /// <summary>
-        /// Gets the issuer the credentials are for.
-        /// </summary>
-        /// <value>
-        /// The issuer the credentials are for.
-        /// </value>
-        public string Issuer
-        {
-            get
-            {
-                RetrieveMetadata();
-                _synclock.EnterReadLock();
-                try
-                {
-                    return _issuer;
-                }
-                finally
-                {
-                    _synclock.ExitReadLock();
-                }
-            }
-        }
-
-        /// <summary>
-        /// Gets all known security keys.
-        /// </summary>
-        /// <value>
-        /// All known security keys.
-        /// </value>
-        public IEnumerable<SecurityKey> SecurityKeys
-        {
-            get
-            {
-                RetrieveMetadata();
-                _synclock.EnterReadLock();
-                try
-                {
-                    return _keys;
-                }
-                finally
-                {
-                    _synclock.ExitReadLock();
-                }
-            }
-        }
-
-        private void RetrieveMetadata()
-        {
-            _synclock.EnterWriteLock();
-            try
-            {
-                OpenIdConnectConfiguration config = Task.Run(_configManager.GetConfigurationAsync).Result;
-                _issuer = config.Issuer;
-                _keys = config.SigningKeys;
-            }
-            finally
-            {
-                _synclock.ExitWriteLock();
-            }
-        }
-    }
-}
+using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Microsoft.IdentityModel.Tokens;
+using Microsoft.Owin.Security.Jwt;
+using System;
+using System.Collections.Generic;
+using System.Configuration;
+using System.Net;
+using System.Net.Http;
+using System.Text;
+using System.Threading;
+using System.Threading.Tasks;
+
+namespace TaskService.App_Start
+{
+    // This class is necessary because the OAuthBearer Middleware does not leverage
+    // the OpenID Connect metadata endpoint exposed by the STS by default.
+    public class OpenIdConnectCachingSecurityTokenProvider : IIssuerSecurityKeyProvider
+    {
+        public ConfigurationManager<OpenIdConnectConfiguration> _configManager;
+        private string _issuer;
+        private IEnumerable<SecurityKey> _keys;
+        private readonly string _metadataEndpoint;
+
+        private readonly ReaderWriterLockSlim _synclock = new ReaderWriterLockSlim();
+
+        private static HttpClient _httpClient;
+
+        public class MyProxy : IWebProxy
+        {
+            public ICredentials Credentials
+            {
+                //get { return new NetworkCredential("user", "password"); }
+                get { return new NetworkCredential(ConfigurationManager.AppSettings["ProxyUsername"], ConfigurationManager.AppSettings["ProxyPassword"], ConfigurationManager.AppSettings["ProxyDomain"]); }
+                set { }
+            }
+
+            public Uri GetProxy(Uri destination)
+            {
+                return new Uri(ConfigurationManager.AppSettings["ProxyServerUrl"]);
+            }
+
+            public bool IsBypassed(Uri host)
+            {
+                return false;
+            }
+        }
+
+        private static void CreateHttpClient()
+        {
+            var config = new HttpClientHandler
+            {
+                UseProxy = true,
+                Proxy = new MyProxy()
+            };
+
+            //then you can simply pass the config to HttpClient
+            _httpClient = new HttpClient(config);
+        }
+
+        public OpenIdConnectCachingSecurityTokenProvider(string metadataEndpoint)
+        {
+            if (_httpClient == null)
+            {
+                // It's best* to create a single HttpClient and reuse it                
+                CreateHttpClient();
+            }
+            _metadataEndpoint = metadataEndpoint;
+            //_configManager = new ConfigurationManager<OpenIdConnectConfiguration>(metadataEndpoint, new OpenIdConnectConfigurationRetriever());
+            _configManager = new ConfigurationManager<OpenIdConnectConfiguration>(metadataEndpoint, new OpenIdConnectConfigurationRetriever(), _httpClient);
+           
+
+            RetrieveMetadata();
+        }
+
+        /// <summary>
+        /// Gets the issuer the credentials are for.
+        /// </summary>
+        /// <value>
+        /// The issuer the credentials are for.
+        /// </value>
+        public string Issuer
+        {
+            get
+            {
+                RetrieveMetadata();
+                _synclock.EnterReadLock();
+                try
+                {
+                    return _issuer;
+                }
+                finally
+                {
+                    _synclock.ExitReadLock();
+                }
+            }
+        }
+
+        /// <summary>
+        /// Gets all known security keys.
+        /// </summary>
+        /// <value>
+        /// All known security keys.
+        /// </value>
+        public IEnumerable<SecurityKey> SecurityKeys
+        {
+            get
+            {
+                RetrieveMetadata();
+                _synclock.EnterReadLock();
+                try
+                {
+                    return _keys;
+                }
+                finally
+                {
+                    _synclock.ExitReadLock();
+                }
+            }
+        }
+
+        private void RetrieveMetadata()
+        {
+            _synclock.EnterWriteLock();
+            try
+            {
+                OpenIdConnectConfiguration config = Task.Run(_configManager.GetConfigurationAsync).Result;
+                _issuer = config.Issuer;
+                _keys = config.SigningKeys;
+            }
+            finally
+            {
+                _synclock.ExitWriteLock();
+            }
+        }
+    }
+}
diff --git a/TaskService/Web.config b/TaskService/Web.config
index 20ea15e..9078b5a 100644
--- a/TaskService/Web.config
+++ b/TaskService/Web.config
@@ -19,6 +19,13 @@
     <!-- The following settings is used for requesting access tokens -->
     <add key="api:ReadScope" value="read" />
     <add key="api:WriteScope" value="write" />
+    
+      <!-- Replace the following with your proxy server's settings -->    
+    <add key="ProxyServerUrl" value="http://contoso:8080"/>
+    <add key="ProxyUsername" value="******"/>
+    <add key="ProxyDomain" value="****"/>
+    <add key="ProxyPassword" value="******"/>
+    
   </appSettings>
   <!--
     For a description of web.config changes see http://go.microsoft.com/fwlink/?LinkId=235367.
@@ -104,4 +111,6 @@
       <remove name="TRACEVerbHandler" />
       <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
     </handlers>
-  </system.webServer></configuration>
+  </system.webServer>
+
+</configuration>
diff --git a/TaskWebApp/App_Start/Startup.Auth.cs b/TaskWebApp/App_Start/Startup.Auth.cs
index 2146b10..9e68e9c 100644
--- a/TaskWebApp/App_Start/Startup.Auth.cs
+++ b/TaskWebApp/App_Start/Startup.Auth.cs
@@ -1,148 +1,188 @@
-using System;
-using System.Net;
-using System.Net.Http;
-using System.Security.Claims;
-using System.Threading.Tasks;
-using System.Web.Http;
-using Microsoft.Identity.Client;
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
-using Microsoft.IdentityModel.Tokens;
-using Microsoft.Owin.Host.SystemWeb;
-using Microsoft.Owin.Security;
-using Microsoft.Owin.Security.Cookies;
-using Microsoft.Owin.Security.Notifications;
-using Microsoft.Owin.Security.OpenIdConnect;
-using Owin;
-using TaskWebApp.Utils;
-
-namespace TaskWebApp
-{
-    public partial class Startup
-    {
-        /*
-        * Configure the OWIN middleware
-        */
-
-        public void ConfigureAuth(IAppBuilder app)
-        {
-            // Required for Azure web apps, as by default they force TLS 1.2 and this project attempts 1.0
-            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
-
-            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
-
-            app.UseCookieAuthentication(new CookieAuthenticationOptions
-            {
-                // ASP.NET web host compatible cookie manager
-                CookieManager = new SystemWebChunkingCookieManager()
-            });
-
-            app.UseOpenIdConnectAuthentication(
-                new OpenIdConnectAuthenticationOptions
-                {
-                    // Generate the metadata address using the tenant and policy information
-                    MetadataAddress = String.Format(Globals.WellKnownMetadata, Globals.Tenant, Globals.DefaultPolicy),
-
-                    // These are standard OpenID Connect parameters, with values pulled from web.config
-                    ClientId = Globals.ClientId,
-                    RedirectUri = Globals.RedirectUri,
-                    PostLogoutRedirectUri = Globals.RedirectUri,
-
-                    // Specify the callbacks for each type of notifications
-                    Notifications = new OpenIdConnectAuthenticationNotifications
-                    {
-                        RedirectToIdentityProvider = OnRedirectToIdentityProvider,
-                        AuthorizationCodeReceived = OnAuthorizationCodeReceived,
-                        AuthenticationFailed = OnAuthenticationFailed,
-                    },
-
-                    // Specify the claim type that specifies the Name property.
-                    TokenValidationParameters = new TokenValidationParameters
-                    {
-                        NameClaimType = "name",
-                        ValidateIssuer = false
-                    },
-
-                    // Specify the scope by appending all of the scopes requested into one string (separated by a blank space)
-                    Scope = $"openid profile offline_access {Globals.ReadTasksScope} {Globals.WriteTasksScope}",
-
-                    // ASP.NET web host compatible cookie manager
-                    CookieManager = new SystemWebCookieManager()
-                }
-            );
-        }
-
-        /*
-         *  On each call to Azure AD B2C, check if a policy (e.g. the profile edit or password reset policy) has been specified in the OWIN context.
-         *  If so, use that policy when making the call. Also, don't request a code (since it won't be needed).
-         */
-        private Task OnRedirectToIdentityProvider(RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
-        {
-            var policy = notification.OwinContext.Get<string>("Policy");
-
-            if (!string.IsNullOrEmpty(policy) && !policy.Equals(Globals.DefaultPolicy))
-            {
-                notification.ProtocolMessage.Scope = OpenIdConnectScope.OpenId;
-                notification.ProtocolMessage.ResponseType = OpenIdConnectResponseType.IdToken;
-                notification.ProtocolMessage.IssuerAddress = notification.ProtocolMessage.IssuerAddress.ToLower().Replace(Globals.DefaultPolicy.ToLower(), policy.ToLower());
-            }
-
-            return Task.FromResult(0);
-        }
-
-        /*
-         * Catch any failures received by the authentication middleware and handle appropriately
-         */
-        private Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
-        {
-            notification.HandleResponse();
-
-            // Handle the error code that Azure AD B2C throws when trying to reset a password from the login page
-            // because password reset is not supported by a "sign-up or sign-in policy"
-            if (notification.ProtocolMessage.ErrorDescription != null && notification.ProtocolMessage.ErrorDescription.Contains("AADB2C90118"))
-            {
-                // If the user clicked the reset password link, redirect to the reset password route
-                notification.Response.Redirect("/Account/ResetPassword");
-            }
-            else if (notification.Exception.Message == "access_denied")
-            {
-                notification.Response.Redirect("/");
-            }
-            else
-            {
-                notification.Response.Redirect("/Home/Error?message=" + notification.Exception.Message);
-            }
-
-            return Task.FromResult(0);
-        }
-
-        /*
-         * Callback function when an authorization code is received
-         */
-        private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification notification)
-        {
-            try
-            {
-                /*
-				 The `MSALPerUserMemoryTokenCache` is created and hooked in the `UserTokenCache` used by `IConfidentialClientApplication`.
-				 At this point, if you inspect `ClaimsPrinciple.Current` you will notice that the Identity is still unauthenticated and it has no claims,
-				 but `MSALPerUserMemoryTokenCache` needs the claims to work properly. Because of this sync problem, we are using the constructor that
-				 receives `ClaimsPrincipal` as argument and we are getting the claims from the object `AuthorizationCodeReceivedNotification context`.
-				 This object contains the property `AuthenticationTicket.Identity`, which is a `ClaimsIdentity`, created from the token received from
-				 Azure AD and has a full set of claims.
-				 */
-                IConfidentialClientApplication confidentialClient = MsalAppBuilder.BuildConfidentialClientApplication(new ClaimsPrincipal(notification.AuthenticationTicket.Identity));
-
-                // Upon successful sign in, get & cache a token using MSAL
-                AuthenticationResult result = await confidentialClient.AcquireTokenByAuthorizationCode(Globals.Scopes, notification.Code).ExecuteAsync();
-            }
-            catch (Exception ex)
-            {
-                throw new HttpResponseException(new HttpResponseMessage
-                {
-                    StatusCode = HttpStatusCode.BadRequest,
-                    ReasonPhrase = $"Unable to get authorization code {ex.Message}."
-                });
-            }
-        }
-    }
+using System;
+using System.Configuration;
+using System.Net;
+using System.Net.Http;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using System.Web.Http;
+using Microsoft.Identity.Client;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Microsoft.IdentityModel.Tokens;
+using Microsoft.Owin.Host.SystemWeb;
+using Microsoft.Owin.Security;
+using Microsoft.Owin.Security.Cookies;
+using Microsoft.Owin.Security.Notifications;
+using Microsoft.Owin.Security.OpenIdConnect;
+using Owin;
+using TaskWebApp.Utils;
+
+namespace TaskWebApp
+{
+    public partial class Startup
+    {
+        /*
+        * Configure the OWIN middleware
+        */
+
+       
+        public class MyProxy : IWebProxy
+        {
+            public ICredentials Credentials
+            {
+                //get { return new NetworkCredential("user", "password"); }
+                get { return new NetworkCredential(ConfigurationManager.AppSettings["ProxyUsername"], ConfigurationManager.AppSettings["ProxyPassword"], ConfigurationManager.AppSettings["ProxyDomain"]); }
+                set { }
+            }
+
+            public Uri GetProxy(Uri destination)
+            {
+                return new Uri(ConfigurationManager.AppSettings["ProxyServerUrl"]);
+            }
+
+            public bool IsBypassed(Uri host)
+            {
+                return false;
+            }
+        }
+
+
+            //then you can simply pass the config to HttpClient
+
+
+            private HttpMessageHandler DetermineBackchannelHandler()
+        {             
+
+                return new HttpClientHandler()
+                {
+                    UseProxy = true,
+                    Proxy = new MyProxy()
+                };
+
+            }
+
+        public void ConfigureAuth(IAppBuilder app)
+        {
+            // Required for Azure web apps, as by default they force TLS 1.2 and this project attempts 1.0
+            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
+
+            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
+
+            app.UseCookieAuthentication(new CookieAuthenticationOptions
+            {
+                // ASP.NET web host compatible cookie manager
+                CookieManager = new SystemWebChunkingCookieManager()
+            });
+
+            app.UseOpenIdConnectAuthentication(
+                new OpenIdConnectAuthenticationOptions
+                {
+                    // Generate the metadata address using the tenant and policy information
+                    MetadataAddress = String.Format(Globals.WellKnownMetadata, Globals.Tenant, Globals.DefaultPolicy),
+                    BackchannelHttpHandler = DetermineBackchannelHandler(),
+
+            // These are standard OpenID Connect parameters, with values pulled from web.config
+            ClientId = Globals.ClientId,
+                    RedirectUri = Globals.RedirectUri,
+                    PostLogoutRedirectUri = Globals.RedirectUri,
+
+                    // Specify the callbacks for each type of notifications
+                    Notifications = new OpenIdConnectAuthenticationNotifications
+                    {
+                        RedirectToIdentityProvider = OnRedirectToIdentityProvider,
+                        AuthorizationCodeReceived = OnAuthorizationCodeReceived,
+                        AuthenticationFailed = OnAuthenticationFailed,
+                    },
+
+                    // Specify the claim type that specifies the Name property.
+                    TokenValidationParameters = new TokenValidationParameters
+                    {
+                        NameClaimType = "name",
+                        ValidateIssuer = false
+                    },
+
+                    // Specify the scope by appending all of the scopes requested into one string (separated by a blank space)
+                    Scope = $"openid profile offline_access {Globals.ReadTasksScope} {Globals.WriteTasksScope}",
+
+                    // ASP.NET web host compatible cookie manager
+                    CookieManager = new SystemWebCookieManager()
+                }
+            );
+
+
+        }
+
+        /*
+         *  On each call to Azure AD B2C, check if a policy (e.g. the profile edit or password reset policy) has been specified in the OWIN context.
+         *  If so, use that policy when making the call. Also, don't request a code (since it won't be needed).
+         */
+        private Task OnRedirectToIdentityProvider(RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
+        {
+            var policy = notification.OwinContext.Get<string>("Policy");
+
+            if (!string.IsNullOrEmpty(policy) && !policy.Equals(Globals.DefaultPolicy))
+            {
+                notification.ProtocolMessage.Scope = OpenIdConnectScope.OpenId;
+                notification.ProtocolMessage.ResponseType = OpenIdConnectResponseType.IdToken;
+                notification.ProtocolMessage.IssuerAddress = notification.ProtocolMessage.IssuerAddress.ToLower().Replace(Globals.DefaultPolicy.ToLower(), policy.ToLower());
+            }
+
+            return Task.FromResult(0);
+        }
+
+        /*
+         * Catch any failures received by the authentication middleware and handle appropriately
+         */
+        private Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
+        {
+            notification.HandleResponse();
+
+            // Handle the error code that Azure AD B2C throws when trying to reset a password from the login page
+            // because password reset is not supported by a "sign-up or sign-in policy"
+            if (notification.ProtocolMessage.ErrorDescription != null && notification.ProtocolMessage.ErrorDescription.Contains("AADB2C90118"))
+            {
+                // If the user clicked the reset password link, redirect to the reset password route
+                notification.Response.Redirect("/Account/ResetPassword");
+            }
+            else if (notification.Exception.Message == "access_denied")
+            {
+                notification.Response.Redirect("/");
+            }
+            else
+            {
+                notification.Response.Redirect("/Home/Error?message=" + notification.Exception.Message);
+            }
+
+            return Task.FromResult(0);
+        }
+
+        /*
+         * Callback function when an authorization code is received
+         */
+        private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification notification)
+        {
+            try
+            {
+                /*
+				 The `MSALPerUserMemoryTokenCache` is created and hooked in the `UserTokenCache` used by `IConfidentialClientApplication`.
+				 At this point, if you inspect `ClaimsPrinciple.Current` you will notice that the Identity is still unauthenticated and it has no claims,
+				 but `MSALPerUserMemoryTokenCache` needs the claims to work properly. Because of this sync problem, we are using the constructor that
+				 receives `ClaimsPrincipal` as argument and we are getting the claims from the object `AuthorizationCodeReceivedNotification context`.
+				 This object contains the property `AuthenticationTicket.Identity`, which is a `ClaimsIdentity`, created from the token received from
+				 Azure AD and has a full set of claims.
+				 */
+                IConfidentialClientApplication confidentialClient = MsalAppBuilder.BuildConfidentialClientApplication(new ClaimsPrincipal(notification.AuthenticationTicket.Identity));
+
+                // Upon successful sign in, get & cache a token using MSAL
+                AuthenticationResult result = await confidentialClient.AcquireTokenByAuthorizationCode(Globals.Scopes, notification.Code).ExecuteAsync();
+            }
+            catch (Exception ex)
+            {
+                throw new HttpResponseException(new HttpResponseMessage
+                {
+                    StatusCode = HttpStatusCode.BadRequest,
+                    ReasonPhrase = $"Unable to get authorization code {ex.Message}."
+                });
+            }
+        }
+    }
 }
\ No newline at end of file
diff --git a/TaskWebApp/Controllers/TasksController.cs b/TaskWebApp/Controllers/TasksController.cs
index 62b80dc..b5dd216 100644
--- a/TaskWebApp/Controllers/TasksController.cs
+++ b/TaskWebApp/Controllers/TasksController.cs
@@ -1,181 +1,231 @@
-using Microsoft.Identity.Client;
-using Newtonsoft.Json.Linq;
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Net;
-using System.Net.Http;
-using System.Net.Http.Headers;
-using System.Threading.Tasks;
-using System.Web.Mvc;
-using TaskWebApp.Utils;
-
-namespace TaskWebApp.Controllers
-{
-	[Authorize]
-    public class TasksController : Controller
-    {
-        private readonly string apiEndpoint = Globals.ServiceUrl + "/api/tasks/";
-
-        // GET: Makes a call to the API and retrieves the list of tasks
-        public async Task<ActionResult> Index()
-        {
-            try
-            {
-                // Retrieve the token with the specified scopes
-                var scope = new string[] { Globals.ReadTasksScope };
-                
-                IConfidentialClientApplication cca = MsalAppBuilder.BuildConfidentialClientApplication();
-                var accounts = await cca.GetAccountsAsync();
-				AuthenticationResult result = await cca.AcquireTokenSilent(scope, accounts.FirstOrDefault()).ExecuteAsync();
-                
-                HttpClient client = new HttpClient();
-                HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, apiEndpoint);
-
-                // Add token to the Authorization header and make the request
-                request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
-                HttpResponseMessage response = await client.SendAsync(request);
-
-                // Handle the response
-                switch (response.StatusCode)
-                {
-                    case HttpStatusCode.OK:
-                        string responseString = await response.Content.ReadAsStringAsync();
-                        JArray tasks = JArray.Parse(responseString);
-                        ViewBag.Tasks = tasks;
-                        return View();
-                    case HttpStatusCode.Unauthorized:
-                        return ErrorAction("Please sign in again. " + response.ReasonPhrase);
-                    default:
-                        return ErrorAction("Error. Status code = " + response.StatusCode + ": " + response.ReasonPhrase);
-                }
-            }
-			catch (MsalUiRequiredException ex)
-			{
-				/*
-                    If the tokens have expired or become invalid for any reason, ask the user to sign in again.
-                    Another cause of this exception is when you restart the app using InMemory cache.
-                    It will get wiped out while the user will be authenticated still because of their cookies, requiring the TokenCache to be initialized again
-                    through the sign in flow.
-                */
-				return new RedirectResult("/Account/SignUpSignIn?redirectUrl=/Tasks");
-			}
-			catch (Exception ex)
-            {
-                return ErrorAction("Error reading to do list: " + ex.Message);
-            }
-        }
-
-        // POST: Makes a call to the API to store a new task
-        [HttpPost]
-        public async Task<ActionResult> Create(string description)
-        {
-            try
-            {
-                // Retrieve the token with the specified scopes
-                string accessToken = null;
-                var scope = new string[] { Globals.WriteTasksScope };
-
-				IConfidentialClientApplication cca = MsalAppBuilder.BuildConfidentialClientApplication();
-				var accounts = await cca.GetAccountsAsync();
-				AuthenticationResult result = await cca.AcquireTokenSilent(scope, accounts.FirstOrDefault()).ExecuteAsync();
-				accessToken = result.AccessToken;
-                
-				// Set the content
-                var httpContent = new[] {new KeyValuePair<string, string>("Text", description)};
-
-                // Create the request
-                HttpClient client = new HttpClient();
-                HttpContent content = new FormUrlEncodedContent(httpContent);
-                HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, apiEndpoint);
-                request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
-                request.Content = content;
-                HttpResponseMessage response = await client.SendAsync(request);
-
-                // Handle the response
-                switch (response.StatusCode)
-                {
-                    case HttpStatusCode.OK:
-                    case HttpStatusCode.NoContent:
-                    case HttpStatusCode.Created:
-                        return new RedirectResult("/Tasks");
-                    case HttpStatusCode.Unauthorized:
-                        return ErrorAction("Please sign in again. " + response.ReasonPhrase);
-                    default:
-                        return ErrorAction("Error. Status code = " + response.StatusCode);
-                }
-            }
-			catch (MsalUiRequiredException ex)
-			{
-				/*
-                    If the tokens have expired or become invalid for any reason, ask the user to sign in again.
-                    Another cause of this exception is when you restart the app using InMemory cache.
-                    It will get wiped out while the user will be authenticated still because of their cookies, requiring the TokenCache to be initialized again
-                    through the sign in flow.
-                */
-				return new RedirectResult("/Account/SignUpSignIn?redirectUrl=/Tasks");
-			}
-			catch (Exception ex)
-            {
-                return ErrorAction("Error writing to list: " + ex.Message);
-            }
-        }
-
-        // DELETE: Makes a call to the API to delete an existing task
-        [HttpPost]
-        public async Task<ActionResult> Delete(string id)
-        {
-            try
-            {
-                // Retrieve the token with the specified scopes
-                var scope = new string[] { Globals.WriteTasksScope };
-
-				IConfidentialClientApplication cca = MsalAppBuilder.BuildConfidentialClientApplication();
-				var accounts = await cca.GetAccountsAsync();
-				AuthenticationResult result = await cca.AcquireTokenSilent(scope, accounts.FirstOrDefault()).ExecuteAsync();
-
-				HttpClient client = new HttpClient();
-                HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Delete, apiEndpoint + id);
-
-                // Add token to the Authorization header and send the request
-                request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken); 
-                HttpResponseMessage response = await client.SendAsync(request);
-
-                // Handle the response
-                switch (response.StatusCode)
-                {
-                    case HttpStatusCode.OK:
-                    case HttpStatusCode.NoContent:
-                        return new RedirectResult("/Tasks");
-                    case HttpStatusCode.Unauthorized:
-                        return ErrorAction("Please sign in again. " + response.ReasonPhrase);
-                    default:
-                        return ErrorAction("Error. Status code = " + response.StatusCode);
-                }
-            }
-			catch (MsalUiRequiredException ex)
-			{
-				/*
-                    If the tokens have expired or become invalid for any reason, ask the user to sign in again.
-                    Another cause of this exception is when you restart the app using InMemory cache.
-                    It will get wiped out while the user will be authenticated still because of their cookies, requiring the TokenCache to be initialized again
-                    through the sign in flow.
-                */
-				return new RedirectResult("/Account/SignUpSignIn?redirectUrl=/Tasks");
-			}
-			catch (Exception ex)
-            {
-                return ErrorAction("Error deleting from list: " + ex.Message);
-            }
-        }
-
-        /*
-         * Helper function for returning an error message
-         */
-        private ActionResult ErrorAction(string message)
-        {
-            return new RedirectResult("/Error?message=" + message);
-        }
-
-    }
+using Microsoft.Identity.Client;
+using Newtonsoft.Json.Linq;
+using System;
+using System.Collections.Generic;
+using System.Configuration;
+using System.Linq;
+using System.Net;
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Threading.Tasks;
+using System.Web.Mvc;
+using TaskWebApp.Utils;
+
+namespace TaskWebApp.Controllers
+{
+	[Authorize]
+    public class TasksController : Controller
+    {
+        private static HttpClient client;
+
+        public class MyProxy : IWebProxy
+        {
+            public ICredentials Credentials
+            {
+                //get { return new NetworkCredential("user", "password"); }
+                get { return new NetworkCredential(ConfigurationManager.AppSettings["ProxyUsername"], ConfigurationManager.AppSettings["ProxyPassword"], ConfigurationManager.AppSettings["ProxyDomain"]); }
+                set { }
+            }
+
+            public Uri GetProxy(Uri destination)
+            {
+                return new Uri(ConfigurationManager.AppSettings["ProxyServerUrl"]);
+            }
+
+            public bool IsBypassed(Uri host)
+            {
+                return false;
+            }
+        }
+
+        private static void CreateHttpClient()
+        {
+            var config = new HttpClientHandler
+            {
+                UseProxy = true,
+                Proxy = new MyProxy()
+            };
+
+            //then you can simply pass the config to HttpClient
+            client = new HttpClient(config);
+        }
+
+        private readonly string apiEndpoint = Globals.ServiceUrl + "/api/tasks/";
+
+        // GET: Makes a call to the API and retrieves the list of tasks
+        public async Task<ActionResult> Index()
+        {
+            try
+            {
+                // Retrieve the token with the specified scopes
+                var scope = new string[] { Globals.ReadTasksScope };
+                
+                IConfidentialClientApplication cca = MsalAppBuilder.BuildConfidentialClientApplication();
+                var accounts = await cca.GetAccountsAsync();
+				AuthenticationResult result = await cca.AcquireTokenSilent(scope, accounts.FirstOrDefault()).ExecuteAsync();
+
+                //HttpClient client = new HttpClient();
+                if (client == null)
+                {
+                    // It's best* to create a single HttpClient and reuse it                
+                    CreateHttpClient();
+                }
+                HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, apiEndpoint);
+
+                // Add token to the Authorization header and make the request
+                request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
+                HttpResponseMessage response = await client.SendAsync(request);
+
+                // Handle the response
+                switch (response.StatusCode)
+                {
+                    case HttpStatusCode.OK:
+                        string responseString = await response.Content.ReadAsStringAsync();
+                        JArray tasks = JArray.Parse(responseString);
+                        ViewBag.Tasks = tasks;
+                        return View();
+                    case HttpStatusCode.Unauthorized:
+                        return ErrorAction("Please sign in again. " + response.ReasonPhrase);
+                    default:
+                        return ErrorAction("Error. Status code = " + response.StatusCode + ": " + response.ReasonPhrase);
+                }
+            }
+			catch (MsalUiRequiredException ex)
+			{
+				/*
+                    If the tokens have expired or become invalid for any reason, ask the user to sign in again.
+                    Another cause of this exception is when you restart the app using InMemory cache.
+                    It will get wiped out while the user will be authenticated still because of their cookies, requiring the TokenCache to be initialized again
+                    through the sign in flow.
+                */
+				return new RedirectResult("/Account/SignUpSignIn?redirectUrl=/Tasks");
+			}
+			catch (Exception ex)
+            {
+                return ErrorAction("Error reading to do list: " + ex.Message);
+            }
+        }
+
+        // POST: Makes a call to the API to store a new task
+        [HttpPost]
+        public async Task<ActionResult> Create(string description)
+        {
+            try
+            {
+                // Retrieve the token with the specified scopes
+                string accessToken = null;
+                var scope = new string[] { Globals.WriteTasksScope };
+
+				IConfidentialClientApplication cca = MsalAppBuilder.BuildConfidentialClientApplication();
+				var accounts = await cca.GetAccountsAsync();
+				AuthenticationResult result = await cca.AcquireTokenSilent(scope, accounts.FirstOrDefault()).ExecuteAsync();
+				accessToken = result.AccessToken;
+                
+				// Set the content
+                var httpContent = new[] {new KeyValuePair<string, string>("Text", description)};
+
+                // Create the request
+                //HttpClient client = new HttpClient();
+                if (client == null)
+                {
+                    // It's best* to create a single HttpClient and reuse it                
+                    CreateHttpClient();
+                }
+                HttpContent content = new FormUrlEncodedContent(httpContent);
+                HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, apiEndpoint);
+                request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
+                request.Content = content;
+                HttpResponseMessage response = await client.SendAsync(request);
+
+                // Handle the response
+                switch (response.StatusCode)
+                {
+                    case HttpStatusCode.OK:
+                    case HttpStatusCode.NoContent:
+                    case HttpStatusCode.Created:
+                        return new RedirectResult("/Tasks");
+                    case HttpStatusCode.Unauthorized:
+                        return ErrorAction("Please sign in again. " + response.ReasonPhrase);
+                    default:
+                        return ErrorAction("Error. Status code = " + response.StatusCode);
+                }
+            }
+			catch (MsalUiRequiredException ex)
+			{
+				/*
+                    If the tokens have expired or become invalid for any reason, ask the user to sign in again.
+                    Another cause of this exception is when you restart the app using InMemory cache.
+                    It will get wiped out while the user will be authenticated still because of their cookies, requiring the TokenCache to be initialized again
+                    through the sign in flow.
+                */
+				return new RedirectResult("/Account/SignUpSignIn?redirectUrl=/Tasks");
+			}
+			catch (Exception ex)
+            {
+                return ErrorAction("Error writing to list: " + ex.Message);
+            }
+        }
+
+        // DELETE: Makes a call to the API to delete an existing task
+        [HttpPost]
+        public async Task<ActionResult> Delete(string id)
+        {
+            try
+            {
+                // Retrieve the token with the specified scopes
+                var scope = new string[] { Globals.WriteTasksScope };
+
+				IConfidentialClientApplication cca = MsalAppBuilder.BuildConfidentialClientApplication();
+				var accounts = await cca.GetAccountsAsync();
+				AuthenticationResult result = await cca.AcquireTokenSilent(scope, accounts.FirstOrDefault()).ExecuteAsync();
+
+                // HttpClient client = new HttpClient();
+                if (client == null)
+                {
+                    // It's best* to create a single HttpClient and reuse it                
+                    CreateHttpClient();
+                }
+                HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Delete, apiEndpoint + id);
+
+                // Add token to the Authorization header and send the request
+                request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken); 
+                HttpResponseMessage response = await client.SendAsync(request);
+
+                // Handle the response
+                switch (response.StatusCode)
+                {
+                    case HttpStatusCode.OK:
+                    case HttpStatusCode.NoContent:
+                        return new RedirectResult("/Tasks");
+                    case HttpStatusCode.Unauthorized:
+                        return ErrorAction("Please sign in again. " + response.ReasonPhrase);
+                    default:
+                        return ErrorAction("Error. Status code = " + response.StatusCode);
+                }
+            }
+			catch (MsalUiRequiredException ex)
+			{
+				/*
+                    If the tokens have expired or become invalid for any reason, ask the user to sign in again.
+                    Another cause of this exception is when you restart the app using InMemory cache.
+                    It will get wiped out while the user will be authenticated still because of their cookies, requiring the TokenCache to be initialized again
+                    through the sign in flow.
+                */
+				return new RedirectResult("/Account/SignUpSignIn?redirectUrl=/Tasks");
+			}
+			catch (Exception ex)
+            {
+                return ErrorAction("Error deleting from list: " + ex.Message);
+            }
+        }
+
+        /*
+         * Helper function for returning an error message
+         */
+        private ActionResult ErrorAction(string message)
+        {
+            return new RedirectResult("/Error?message=" + message);
+        }
+
+    }
 }
\ No newline at end of file
diff --git a/TaskWebApp/Utils/MsalAppBuilder.cs b/TaskWebApp/Utils/MsalAppBuilder.cs
index d6ace6d..a78c258 100644
--- a/TaskWebApp/Utils/MsalAppBuilder.cs
+++ b/TaskWebApp/Utils/MsalAppBuilder.cs
@@ -1,83 +1,121 @@
-/************************************************************************************************
-The MIT License (MIT)
-
-Copyright (c) 2015 Microsoft Corporation
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
-***********************************************************************************************/
-
-using Microsoft.Identity.Client;
-using System.Security.Claims;
-using System.Threading.Tasks;
-
-namespace TaskWebApp.Utils
-{
-	public static class MsalAppBuilder
-	{
-		/// <summary>
-		/// Shared method to create an IConfidentialClientApplication from configuration and attach the application's token cache implementation
-		/// </summary>
-		/// <returns></returns>
-		public static IConfidentialClientApplication BuildConfidentialClientApplication()
-		{
-			return BuildConfidentialClientApplication(ClaimsPrincipal.Current);
-		}
-
-		/// <summary>
-		/// Shared method to create an IConfidentialClientApplication from configuration and attach the application's token cache implementation
-		/// </summary>
-		/// <param name="currentUser">The current ClaimsPrincipal</param>
-		public static IConfidentialClientApplication BuildConfidentialClientApplication(ClaimsPrincipal currentUser)
-		{
-			IConfidentialClientApplication clientapp = ConfidentialClientApplicationBuilder.Create(Globals.ClientId)
-				  .WithClientSecret(Globals.ClientSecret)
-				  .WithRedirectUri(Globals.RedirectUri)
-				  .WithB2CAuthority(Globals.B2CAuthority)
-				  .Build();
-
-			MSALPerUserMemoryTokenCache userTokenCache = new MSALPerUserMemoryTokenCache(clientapp.UserTokenCache, currentUser ?? ClaimsPrincipal.Current);
-			return clientapp;
-		}
-
-		/// <summary>
-		/// Common method to remove the cached tokens for the currently signed in user
-		/// </summary>
-		/// <returns></returns>
-		public static async Task ClearUserTokenCache()
-		{
-			IConfidentialClientApplication clientapp = ConfidentialClientApplicationBuilder.Create(Globals.ClientId)
-				.WithB2CAuthority(Globals.B2CAuthority)
-				.WithClientSecret(Globals.ClientSecret)
-				.WithRedirectUri(Globals.RedirectUri)
-				.Build();
-
-			// We only clear the user's tokens.
-			MSALPerUserMemoryTokenCache userTokenCache = new MSALPerUserMemoryTokenCache(clientapp.UserTokenCache);
-			var userAccounts = await clientapp.GetAccountsAsync();
-
-			foreach (var account in userAccounts)
-			{
-				//Remove the users from the MSAL's internal cache
-				await clientapp.RemoveAsync(account);
-			}
-            userTokenCache.Clear();
-
-        }
-    }
+/************************************************************************************************
+The MIT License (MIT)
+
+Copyright (c) 2015 Microsoft Corporation
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+***********************************************************************************************/
+
+using Microsoft.Identity.Client;
+using System;
+using System.Configuration;
+using System.Net;
+using System.Net.Http;
+using System.Security.Claims;
+using System.Threading.Tasks;
+
+namespace TaskWebApp.Utils
+{
+
+
+
+	public static class MsalAppBuilder
+	{
+		/// <summary>
+		/// Shared method to create an IConfidentialClientApplication from configuration and attach the application's token cache implementation
+		/// </summary>
+		/// <returns></returns>
+		public static IConfidentialClientApplication BuildConfidentialClientApplication()
+		{
+			return BuildConfidentialClientApplication(ClaimsPrincipal.Current);
+		}
+
+        public class MyHttpClientFactory : IMsalHttpClientFactory
+        {
+            private static readonly HttpClient s_httpClient;
+
+            static MyHttpClientFactory()
+            {
+                var webProxy = new WebProxy(
+                    new Uri(ConfigurationManager.AppSettings["ProxyServerUrl"]),
+                    BypassOnLocal: false);
+
+                webProxy.Credentials = new NetworkCredential(ConfigurationManager.AppSettings["ProxyUsername"], ConfigurationManager.AppSettings["ProxyPassword"], ConfigurationManager.AppSettings["ProxyDomain"]);                
+
+                var proxyHttpClientHandler = new HttpClientHandler
+                {
+                    Proxy = webProxy,
+                    UseProxy = true,
+                };
+
+                s_httpClient = new HttpClient(proxyHttpClientHandler);
+
+            }
+
+            public HttpClient GetHttpClient()
+            {
+                return s_httpClient;
+            }
+        }
+
+        private static IMsalHttpClientFactory httpClientFactory = new MyHttpClientFactory();        
+
+        /// <summary>
+        /// Shared method to create an IConfidentialClientApplication from configuration and attach the application's token cache implementation
+        /// </summary>
+        /// <param name="currentUser">The current ClaimsPrincipal</param>
+        public static IConfidentialClientApplication BuildConfidentialClientApplication(ClaimsPrincipal currentUser)
+		{
+            IConfidentialClientApplication clientapp = ConfidentialClientApplicationBuilder.Create(Globals.ClientId)
+                  .WithClientSecret(Globals.ClientSecret)
+                  .WithRedirectUri(Globals.RedirectUri)
+                  .WithB2CAuthority(Globals.B2CAuthority)
+                  .WithHttpClientFactory(httpClientFactory)
+				  .Build();
+
+			MSALPerUserMemoryTokenCache userTokenCache = new MSALPerUserMemoryTokenCache(clientapp.UserTokenCache, currentUser ?? ClaimsPrincipal.Current);
+			return clientapp;
+		}
+
+		/// <summary>
+		/// Common method to remove the cached tokens for the currently signed in user
+		/// </summary>
+		/// <returns></returns>
+		public static async Task ClearUserTokenCache()
+		{
+			IConfidentialClientApplication clientapp = ConfidentialClientApplicationBuilder.Create(Globals.ClientId)
+				.WithB2CAuthority(Globals.B2CAuthority)
+				.WithClientSecret(Globals.ClientSecret)
+				.WithRedirectUri(Globals.RedirectUri)
+				.Build();
+
+			// We only clear the user's tokens.
+			MSALPerUserMemoryTokenCache userTokenCache = new MSALPerUserMemoryTokenCache(clientapp.UserTokenCache);
+			var userAccounts = await clientapp.GetAccountsAsync();
+
+			foreach (var account in userAccounts)
+			{
+				//Remove the users from the MSAL's internal cache
+				await clientapp.RemoveAsync(account);
+			}
+            userTokenCache.Clear();
+
+        }
+    }
 }
\ No newline at end of file
diff --git a/TaskWebApp/Web.config b/TaskWebApp/Web.config
index 96ff288..1f935c1 100644
--- a/TaskWebApp/Web.config
+++ b/TaskWebApp/Web.config
@@ -28,6 +28,13 @@
     <add key="api:ApiIdentifier" value="https://fabrikamb2c.onmicrosoft.com/tasks/" />
     <add key="api:ReadScope" value="read" />
     <add key="api:WriteScope" value="write" />
+    <!-- Replace the following with your proxy server's settings -->    
+    <add key="ProxyServerUrl" value="http://contoso:8080"/>
+    <add key="ProxyUsername" value="******"/>
+    <add key="ProxyDomain" value="****"/>
+    <add key="ProxyPassword" value="******"/>
+
+
   </appSettings>
   <!--
     For a description of web.config changes see http://go.microsoft.com/fwlink/?LinkId=235367.
@@ -108,5 +115,7 @@
       <remove name="TRACEVerbHandler" />
       <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
     </handlers>
-  </system.webServer>
+  </system.webServer> 
+  
+  
 </configuration>