diff --git a/src/Bootstrap/dist/css/bootstrap-theme.css b/src/Bootstrap/dist/css/bootstrap-theme.css
index ae926ac6d0..2e49bcaecc 100644
--- a/src/Bootstrap/dist/css/bootstrap-theme.css
+++ b/src/Bootstrap/dist/css/bootstrap-theme.css
@@ -87,21 +87,9 @@ body h3 {
   height: auto;
   padding-bottom: 75px;
 }
-.main-container .page-subheading {
-  color: #777;
-}
 .navbar-logo {
   margin: 8px 20px 0 0;
 }
-.navbar-seperated .seperator {
-  display: block;
-  padding: 11px 0;
-  font-weight: 100;
-  color: #fff;
-}
-.navbar-seperated .seperator > span::after {
-  content: " | ";
-}
 .dropdown-menu {
   padding-top: 20px;
   padding-bottom: 20px;
@@ -613,6 +601,26 @@ img.reserved-indicator-icon {
 .page-account-settings .form-group + .form-group .btn {
   margin-top: 20px;
 }
+.page-account-settings .login-account-row {
+  display: -webkit-box;
+  display: -webkit-flex;
+  display: -ms-flexbox;
+  display:         flex;
+  padding-top: 10px;
+
+  -webkit-box-align: center;
+  -webkit-align-items: center;
+  -ms-flex-align: center;
+          align-items: center;
+  -webkit-box-pack: justify;
+  -webkit-justify-content: space-between;
+  -ms-flex-pack: justify;
+          justify-content: space-between;
+}
+.page-account-settings .certificates-form {
+  display: inline-block;
+  width: 100%;
+}
 .page-api-keys .example-commands {
   padding: 8px 10px;
   font-family: Consolas, Menlo, Monaco, "Courier New", monospace;
@@ -797,6 +805,15 @@ img.reserved-indicator-icon {
 
   overflow-wrap: break-word;
 }
+.page-package-details .package-details-main .signature-info-cell {
+  max-width: 1em;
+  padding-right: 0;
+  padding-left: 0;
+  cursor: default;
+}
+.page-package-details .package-details-main .signature-info-cell .signature-info {
+  padding-left: 6px;
+}
 .page-package-details .package-details-info .ms-Icon-ul li {
   margin-bottom: 15px;
 }
@@ -1064,35 +1081,33 @@ img.reserved-indicator-icon {
 .page-manage-organizations .form-group + .form-group .btn {
   margin-top: 20px;
 }
+.page-manage-organizations .certificates-form {
+  display: inline-block;
+  width: 100%;
+}
 .manage-members-listing tbody:first-child {
   border-style: hidden;
 }
-.members-list {
-  margin-top: 15px;
-}
 .members-list .manage-members-listing {
   margin-bottom: 0;
 }
-.members-list .manage-members-listing .heading-left {
-  padding-left: 5px;
-}
-.members-list .manage-members-listing .heading-right {
-  padding-right: 5px;
-}
-.members-list .manage-members-listing .icon-left {
-  padding-left: 25px;
-}
-.members-list .manage-members-listing .icon-right {
-  padding-right: 20px;
+.members-list .manage-members-listing .alert-container .alert {
+  margin-top: 0;
 }
 .members-list .manage-members-listing .role-description {
-  margin-top: 15px;
+  margin-top: 25px;
   margin-bottom: 25px;
 }
-.members-list .manage-members-listing .alert {
-  margin-bottom: 5px;
+.members-list .manage-members-listing .member-item hr {
+  margin-top: 8px;
+  margin-bottom: 8px;
 }
-.members-list .manage-members-listing .row-center {
+.members-list .manage-members-listing .member-item .member-column {
+  display: table;
+  height: 36px;
+}
+.members-list .manage-members-listing .member-item .member-column div {
+  display: table-cell;
   vertical-align: middle;
 }
 .page-manage-owners h2 .ms-Icon {
@@ -1135,6 +1150,9 @@ img.reserved-indicator-icon {
 .page-manage-owners .current-owner .remove-owner-disabled .icon-link:hover span {
   text-decoration: none;
 }
+.page-manage-packages .organizations-divider {
+  color: #dbdbdb;
+}
 .page-manage-packages h1 {
   margin-bottom: 0;
 }
@@ -1142,6 +1160,9 @@ img.reserved-indicator-icon {
   margin-top: 0;
   margin-bottom: 10px;
 }
+.page-manage-packages .organizations-empty {
+  margin-top: 60px;
+}
 .page-manage-packages .subtitle {
   margin-top: 33px;
 }
@@ -1169,6 +1190,9 @@ img.reserved-indicator-icon {
   position: relative;
   top: 2px;
 }
+.page-manage-packages .inner-table {
+  margin-bottom: 0;
+}
 .page-delete-package h1 {
   margin-bottom: 0;
 }
@@ -1583,4 +1607,8 @@ img.reserved-indicator-icon {
   color: #ea7918;
   vertical-align: bottom;
 }
+.checkmark-icon {
+  color: green;
+  vertical-align: bottom;
+}
 /*# sourceMappingURL=bootstrap-theme.css.map */
diff --git a/src/Bootstrap/less/theme/base.less b/src/Bootstrap/less/theme/base.less
index 934c451634..304e495fda 100644
--- a/src/Bootstrap/less/theme/base.less
+++ b/src/Bootstrap/less/theme/base.less
@@ -103,29 +103,12 @@ body {
 .main-container {
   padding-bottom: 75px;
   height: auto;
-  
-  .page-subheading {
-    color: #777;
-  }
 }
 
 .navbar-logo {
   margin: 8px 20px 0 0;
 }
 
-.navbar-seperated {
-  .seperator {
-    padding: 11px 0;
-    color: #fff;
-    display: block;
-    font-weight: 100;
-
-    > span::after {
-      content: " | ";
-    }
-  }
-}
-
 .dropdown-menu {
   padding-top: (@padding-large-vertical * 2);
   padding-bottom: (@padding-large-vertical * 2);
diff --git a/src/Bootstrap/less/theme/page-account-settings.less b/src/Bootstrap/less/theme/page-account-settings.less
index f4abe5a381..b0e62de003 100644
--- a/src/Bootstrap/less/theme/page-account-settings.less
+++ b/src/Bootstrap/less/theme/page-account-settings.less
@@ -37,4 +37,16 @@
       margin-top: 20px;
     }
   }
+
+  .login-account-row {
+    padding-top: 10px;
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+  }
+
+  .certificates-form {
+    display: inline-block;
+    width: 100%;
+  }
 }
diff --git a/src/Bootstrap/less/theme/page-display-package.less b/src/Bootstrap/less/theme/page-display-package.less
index b037596f66..2579878f6e 100644
--- a/src/Bootstrap/less/theme/page-display-package.less
+++ b/src/Bootstrap/less/theme/page-display-package.less
@@ -21,6 +21,17 @@
 
   .package-details-main {
     .break-word;
+
+    .signature-info-cell {
+      cursor: default;
+      max-width: 1em;
+      padding-left: 0;
+      padding-right: 0;
+
+      .signature-info {
+        padding-left: 6px;
+      }
+    }
   }
 
   .package-details-info {
diff --git a/src/Bootstrap/less/theme/page-header.less b/src/Bootstrap/less/theme/page-header.less
index c1bac8a888..28579d3df8 100644
--- a/src/Bootstrap/less/theme/page-header.less
+++ b/src/Bootstrap/less/theme/page-header.less
@@ -1,4 +1,9 @@
 .warning-icon {
     vertical-align: bottom; 
     color: #ea7918;
+}
+
+.checkmark-icon {
+    vertical-align: bottom;
+    color: green;
 }
\ No newline at end of file
diff --git a/src/Bootstrap/less/theme/page-manage-organizations.less b/src/Bootstrap/less/theme/page-manage-organizations.less
index 236947fac9..608145d9e3 100644
--- a/src/Bootstrap/less/theme/page-manage-organizations.less
+++ b/src/Bootstrap/less/theme/page-manage-organizations.less
@@ -37,6 +37,11 @@
       margin-top: 20px;
     }
   }
+
+  .certificates-form {
+    display: inline-block;
+    width: 100%;
+  }
 }
 
 .manage-members-listing tbody:first-child {
@@ -44,38 +49,35 @@
 }
 
 .members-list {
-  margin-top: 15px;
-
   .manage-members-listing {
     margin-bottom: 0;
-  
-    .heading-left {
-      padding-left: 5px;
-    }
-  
-    .heading-right {
-      padding-right: 5px;
-    }
-  
-    .icon-left {
-      padding-left: 25px;
-    }
-  
-    .icon-right {
-      padding-right: 20px;
+
+    .alert-container {
+      .alert {
+        margin-top: 0px;
+      }
     }
-  
+
     .role-description {
-      margin-top: 15px;
+      margin-top: 25px;
       margin-bottom: 25px;
     }
 
-    .alert {
-      margin-bottom: 5px;
-    }
+    .member-item {
+      hr {
+        margin-top: 8px;
+        margin-bottom: 8px;
+      }
 
-    .row-center {
-      vertical-align: middle;
+      .member-column {
+        display: table;
+        height: 36px;
+
+        div {
+          display: table-cell;
+          vertical-align: middle;
+        }
+      }
     }
   }
-}
\ No newline at end of file
+}
diff --git a/src/Bootstrap/less/theme/page-manage-packages.less b/src/Bootstrap/less/theme/page-manage-packages.less
index 40ca7eef7f..b3e200baac 100644
--- a/src/Bootstrap/less/theme/page-manage-packages.less
+++ b/src/Bootstrap/less/theme/page-manage-packages.less
@@ -1,6 +1,10 @@
 .page-manage-packages {
   @section-margin-top: 40px;
 
+  .organizations-divider {
+    color: @gray-lighter;
+  }
+
   h1 {
     margin-bottom: 0;
   }
@@ -10,6 +14,10 @@
     margin-top: 0;
   }
 
+  .organizations-empty {
+    margin-top: 60px;
+  }
+
   .subtitle {
     margin-top: 33px;
   }
@@ -42,4 +50,8 @@
       top: 2px;
     }
   }
+
+  .inner-table {
+    margin-bottom: 0px;
+  }
 }
diff --git a/src/NuGetGallery.Core/Auditing/AuditedCertificateAction.cs b/src/NuGetGallery.Core/Auditing/AuditedCertificateAction.cs
new file mode 100644
index 0000000000..16522dbd54
--- /dev/null
+++ b/src/NuGetGallery.Core/Auditing/AuditedCertificateAction.cs
@@ -0,0 +1,12 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace NuGetGallery.Auditing
+{
+    public enum AuditedCertificateAction
+    {
+        Add,
+        Activate,
+        Deactivate
+    }
+}
\ No newline at end of file
diff --git a/src/NuGetGallery.Core/Auditing/AuditedPackageRegistrationAction.cs b/src/NuGetGallery.Core/Auditing/AuditedPackageRegistrationAction.cs
index 18f3ae25cb..0ce132da8c 100644
--- a/src/NuGetGallery.Core/Auditing/AuditedPackageRegistrationAction.cs
+++ b/src/NuGetGallery.Core/Auditing/AuditedPackageRegistrationAction.cs
@@ -8,6 +8,7 @@ public enum AuditedPackageRegistrationAction
         AddOwner,
         RemoveOwner,
         MarkVerified,
-        MarkUnverified
+        MarkUnverified,
+        SetRequiredSigner
     }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery.Core/Auditing/AuditedUserAction.cs b/src/NuGetGallery.Core/Auditing/AuditedUserAction.cs
index 048f1d5686..d12a2edbde 100644
--- a/src/NuGetGallery.Core/Auditing/AuditedUserAction.cs
+++ b/src/NuGetGallery.Core/Auditing/AuditedUserAction.cs
@@ -16,6 +16,11 @@ public enum AuditedUserAction
         ConfirmEmail,
         Login,
         SubscribeToPolicies,
-        UnsubscribeFromPolicies
+        UnsubscribeFromPolicies,
+        AddOrganization,
+        TransformOrganization,
+        AddOrganizationMember,
+        RemoveOrganizationMember,
+        UpdateOrganizationMember
     }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery.Core/Auditing/CertificateAuditRecord.cs b/src/NuGetGallery.Core/Auditing/CertificateAuditRecord.cs
new file mode 100644
index 0000000000..5e70f3ec3f
--- /dev/null
+++ b/src/NuGetGallery.Core/Auditing/CertificateAuditRecord.cs
@@ -0,0 +1,34 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace NuGetGallery.Auditing
+{
+    public sealed class CertificateAuditRecord : AuditRecord<AuditedCertificateAction>
+    {
+        public string Thumbprint { get; }
+        public string HashAlgorithm => "SHA-256";
+
+        public CertificateAuditRecord(AuditedCertificateAction action, string thumbprint)
+            : base(action)
+        {
+            if (string.IsNullOrEmpty(thumbprint))
+            {
+                throw new ArgumentException(CoreStrings.ArgumentCannotBeNullOrEmpty, nameof(thumbprint));
+            }
+
+            if (thumbprint.Length != 64) // Did the thumbprint hash algorithm change?
+            {
+                throw new ArgumentException(CoreStrings.CertificateThumbprintHashAlgorithmChanged, nameof(thumbprint));
+            }
+
+            Thumbprint = thumbprint.ToLowerInvariant();
+        }
+
+        public override string GetPath()
+        {
+            return Thumbprint;
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/NuGetGallery.Core/Auditing/PackageRegistrationAuditRecord.cs b/src/NuGetGallery.Core/Auditing/PackageRegistrationAuditRecord.cs
index 7109234abe..40a3eb2821 100644
--- a/src/NuGetGallery.Core/Auditing/PackageRegistrationAuditRecord.cs
+++ b/src/NuGetGallery.Core/Auditing/PackageRegistrationAuditRecord.cs
@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using NuGetGallery.Auditing.AuditedEntities;
 
 namespace NuGetGallery.Auditing
@@ -10,6 +11,8 @@ public class PackageRegistrationAuditRecord : AuditRecord<AuditedPackageRegistra
         public string Id { get; }
         public AuditedPackageRegistration RegistrationRecord { get; }
         public string Owner { get; }
+        public string PreviousRequiredSigner { get; private set; }
+        public string NewRequiredSigner { get; private set; }
 
         public PackageRegistrationAuditRecord(
             string id, AuditedPackageRegistration registrationRecord, AuditedPackageRegistrationAction action, string owner)
@@ -25,10 +28,31 @@ public PackageRegistrationAuditRecord(
             : this(packageRegistration.Id, AuditedPackageRegistration.CreateFrom(packageRegistration), action, owner)
         {
         }
-        
+
         public override string GetPath()
         {
             return $"{Id}".ToLowerInvariant();
         }
+
+        public static PackageRegistrationAuditRecord CreateForSetRequiredSigner(
+            PackageRegistration registration,
+            string previousRequiredSigner,
+            string newRequiredSigner)
+        {
+            if (registration == null)
+            {
+                throw new ArgumentNullException(nameof(registration));
+            }
+
+            var record = new PackageRegistrationAuditRecord(
+                registration,
+                AuditedPackageRegistrationAction.SetRequiredSigner,
+                owner: null);
+
+            record.PreviousRequiredSigner = previousRequiredSigner;
+            record.NewRequiredSigner = newRequiredSigner;
+
+            return record;
+        }
     }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery.Core/Auditing/UserAuditRecord.cs b/src/NuGetGallery.Core/Auditing/UserAuditRecord.cs
index 337dd490c9..f6e7084684 100644
--- a/src/NuGetGallery.Core/Auditing/UserAuditRecord.cs
+++ b/src/NuGetGallery.Core/Auditing/UserAuditRecord.cs
@@ -15,25 +15,33 @@ public class UserAuditRecord : AuditRecord<AuditedUserAction>
         public string UnconfirmedEmailAddress { get; }
         public string[] Roles { get; }
         public CredentialAuditRecord[] Credentials { get; }
+
+        /// <summary>
+        /// The credential affected by <see cref="AuditRecord{T}.Action"/>.
+        /// </summary>
         public CredentialAuditRecord[] AffectedCredential { get; }
+
+        /// <summary>
+        /// The email address affected by <see cref="AuditRecord{T}.Action"/>.
+        /// </summary>
         public string AffectedEmailAddress { get; }
 
         /// <summary>
-        /// Subset of user policies affected by the action (subscription / unsubscription).
+        /// The username of the member affected by <see cref="AuditRecord{T}.Action"/>.
         /// </summary>
-        public AuditedUserSecurityPolicy[] AffectedPolicies { get; }
+        public string AffectedMemberUsername { get; }
 
-        public UserAuditRecord(User user, AuditedUserAction action)
-            : this(user, action, Enumerable.Empty<Credential>())
-        {
-        }
+        /// <summary>
+        /// Whether or not the member affected by <see cref="AuditRecord{T}.Action"/> is an administrator or not.
+        /// </summary>
+        public bool AffectedMemberIsAdmin { get; }
 
-        public UserAuditRecord(User user, AuditedUserAction action, Credential affected)
-            : this(user, action, SingleEnumerable(affected))
-        {
-        }
+        /// <summary>
+        /// Subset of user policies affected by <see cref="AuditRecord{T}.Action"/>.
+        /// </summary>
+        public AuditedUserSecurityPolicy[] AffectedPolicies { get; }
 
-        public UserAuditRecord(User user, AuditedUserAction action, IEnumerable<Credential> affected)
+        public UserAuditRecord(User user, AuditedUserAction action)
             : base(action)
         {
             if (user == null)
@@ -45,25 +53,45 @@ public UserAuditRecord(User user, AuditedUserAction action, IEnumerable<Credenti
             EmailAddress = user.EmailAddress;
             UnconfirmedEmailAddress = user.UnconfirmedEmailAddress;
             Roles = user.Roles.Select(r => r.Name).ToArray();
+
             Credentials = user.Credentials.Where(CredentialTypes.IsSupportedCredential)
                                           .Select(c => new CredentialAuditRecord(c, removed: false)).ToArray();
 
-            if (affected != null)
-            {
-                AffectedCredential = affected.Select(c => new CredentialAuditRecord(c, action == AuditedUserAction.RemoveCredential)).ToArray();
-            }
+            AffectedCredential = new CredentialAuditRecord[0];
+            AffectedPolicies = new AuditedUserSecurityPolicy[0];
+        }
+
+        public UserAuditRecord(User user, AuditedUserAction action, Credential affected)
+            : this(user, action, new[] { affected })
+        {
+        }
 
-            Action = action;
+        public UserAuditRecord(User user, AuditedUserAction action, IEnumerable<Credential> affected)
+            : this(user, action)
+        {
+            AffectedCredential = affected.Select(c => new CredentialAuditRecord(c, action == AuditedUserAction.RemoveCredential)).ToArray();
         }
-        
+
         public UserAuditRecord(User user, AuditedUserAction action, string affectedEmailAddress)
-            : this(user, action, Enumerable.Empty<Credential>())
+            : this(user, action)
         {
             AffectedEmailAddress = affectedEmailAddress;
         }
 
+        public UserAuditRecord(User user, AuditedUserAction action, User affectedMember, bool affectedMemberIsAdmin)
+            : this(user, action)
+        {
+            AffectedMemberUsername = affectedMember.Username;
+            AffectedMemberIsAdmin = affectedMemberIsAdmin;
+        }
+
+        public UserAuditRecord(User user, AuditedUserAction action, Membership affectedMembership)
+            : this(user, action, affectedMembership.Member, affectedMembership.IsAdmin)
+        {
+        }
+
         public UserAuditRecord(User user, AuditedUserAction action, IEnumerable<UserSecurityPolicy> affectedPolicies)
-            : this(user, action, Enumerable.Empty<Credential>())
+            : this(user, action)
         {
             if (affectedPolicies == null || affectedPolicies.Count() == 0)
             {
@@ -77,10 +105,5 @@ public override string GetPath()
         {
             return Username.ToLowerInvariant();
         }
-
-        private static IEnumerable<Credential> SingleEnumerable(Credential affected)
-        {
-            yield return affected;
-        }
     }
 }
diff --git a/src/NuGetGallery.Core/Authentication/NuGetClaims.cs b/src/NuGetGallery.Core/Authentication/NuGetClaims.cs
index a365457ecb..c081677fca 100644
--- a/src/NuGetGallery.Core/Authentication/NuGetClaims.cs
+++ b/src/NuGetGallery.Core/Authentication/NuGetClaims.cs
@@ -36,5 +36,30 @@ public static class NuGetClaims
         /// The claim url for the claim that stores whether or not the user has an external login.
         /// </summary>
         public const string ExternalLogin = ClaimsDomain + "externallogin";
+
+        /// <summary>
+        /// The claim url for the claim that stores whether or not the user has enabled multi-factor authentication.
+        /// </summary>
+        public const string EnabledMultiFactorAuthentication = ClaimsDomain + "enabledmultifactorauthentication";
+
+        /// <summary>
+        /// The claim url for the claim that stores whether or not the user was multi-factor authenticated for the current session.
+        /// </summary>
+        public const string WasMultiFactorAuthenticated = ClaimsDomain + "wasmultifactorauthenticated";
+
+        /// <summary>
+        /// The claim url for the claim that stores the type of credential used for authentication for the current session.
+        /// </summary>
+        public const string ExternalLoginCredentialType = ClaimsDomain + "externallogincredentialtype";
+
+        /// <summary>
+        /// The class for all possible values for <see cref="ExternalLoginCredentialType"/> claim.
+        /// </summary>
+        public class ExternalLoginCredentialValues
+        {
+            public const string MicrosoftAccount = "msa";
+
+            public const string AzureActiveDirectory = "aad";
+        }
     }
 }
diff --git a/src/NuGetGallery.Core/Certificates/CertificateFile.cs b/src/NuGetGallery.Core/Certificates/CertificateFile.cs
new file mode 100644
index 0000000000..c8627e7da4
--- /dev/null
+++ b/src/NuGetGallery.Core/Certificates/CertificateFile.cs
@@ -0,0 +1,96 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.IO;
+using System.Security.Cryptography;
+
+namespace NuGetGallery
+{
+    public sealed class CertificateFile : IDisposable
+    {
+        private static readonly byte[] EmptyBuffer = new byte[0];
+
+        public string Sha1Thumbprint { get; }
+        public string Sha256Thumbprint { get; }
+        public Stream Stream { get; }
+
+        private CertificateFile(Stream stream, string sha1Thumbprint, string sha256Thumbprint)
+        {
+            Stream = stream;
+            Sha1Thumbprint = sha1Thumbprint;
+            Sha256Thumbprint = sha256Thumbprint;
+        }
+
+        public void Dispose()
+        {
+            Stream.Dispose();
+        }
+
+        public static CertificateFile Create(Stream stream)
+        {
+            if (stream == null)
+            {
+                throw new ArgumentNullException(nameof(stream));
+            }
+
+            var readOnlyStream = CopyAsReadOnly(stream);
+
+            var sha1Thumbprint = GetSha1Thumbprint(readOnlyStream);
+            var thumbprint = GetSha256Thumbprint(readOnlyStream);
+
+            readOnlyStream.Position = 0;
+
+            return new CertificateFile(readOnlyStream, sha1Thumbprint, thumbprint);
+        }
+
+        private static MemoryStream CopyAsReadOnly(Stream source)
+        {
+            var capacity = (int)source.Length;
+
+            using (var destination = new MemoryStream(capacity: capacity))
+            {
+                source.Position = 0;
+                source.CopyTo(destination);
+
+                return new MemoryStream(
+                    destination.GetBuffer(),
+                    index: 0,
+                    count: capacity,
+                    writable: false,
+                    publiclyVisible: true);
+            }
+        }
+
+        private static string GetSha1Thumbprint(MemoryStream stream)
+        {
+            using (var hashAlgorithm = SHA1.Create())
+            {
+                return GetThumbprint(stream, hashAlgorithm);
+            }
+        }
+
+        private static string GetSha256Thumbprint(MemoryStream stream)
+        {
+            using (var hashAlgorithm = SHA256.Create())
+            {
+                return GetThumbprint(stream, hashAlgorithm);
+            }
+        }
+
+        private static string GetThumbprint(MemoryStream stream, HashAlgorithm hashAlgorithm)
+        {
+            var buffer = stream.GetBuffer();
+
+            hashAlgorithm.TransformBlock(buffer, 0, buffer.Length, outputBuffer: null, outputOffset: 0);
+            hashAlgorithm.TransformFinalBlock(EmptyBuffer, inputOffset: 0, inputCount: 0);
+
+            return GetHexString(hashAlgorithm.Hash);
+        }
+
+        private static string GetHexString(byte[] bytes)
+        {
+            return BitConverter.ToString(bytes).Replace("-", "").ToLowerInvariant();
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/NuGetGallery.Core/CoreConstants.cs b/src/NuGetGallery.Core/CoreConstants.cs
index c0ea412777..ccc6003fb3 100644
--- a/src/NuGetGallery.Core/CoreConstants.cs
+++ b/src/NuGetGallery.Core/CoreConstants.cs
@@ -13,6 +13,7 @@ public static class CoreConstants
         public const string PackageFileBackupSavePathTemplate = "{0}/{1}/{2}.{3}";
 
         public const string NuGetPackageFileExtension = ".nupkg";
+        public const string CertificateFileExtension = ".cer";
 
         public const string Sha512HashAlgorithmId = "SHA512";
 
@@ -20,11 +21,12 @@ public static class CoreConstants
         public const string OctetStreamContentType = "application/octet-stream";
         public const string TextContentType = "text/plain";
 
+        public const string UserCertificatesFolderName = "user-certificates";
         public const string ContentFolderName = "content";
         public const string DownloadsFolderName = "downloads";
         public const string PackageBackupsFolderName = "package-backups";
         public const string PackageReadMesFolderName = "readmes";
-        public const string PackagesFolderName = "packages";        
+        public const string PackagesFolderName = "packages";
         public const string UploadsFolderName = "uploads";
         public const string ValidationFolderName = "validation";
     }
diff --git a/src/NuGetGallery.Core/CoreStrings.Designer.cs b/src/NuGetGallery.Core/CoreStrings.Designer.cs
index b60a3e63ea..d2d4bcd9a8 100644
--- a/src/NuGetGallery.Core/CoreStrings.Designer.cs
+++ b/src/NuGetGallery.Core/CoreStrings.Designer.cs
@@ -60,6 +60,33 @@ internal CoreStrings() {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to The argument cannot be null or empty..
+        /// </summary>
+        public static string ArgumentCannotBeNullOrEmpty {
+            get {
+                return ResourceManager.GetString("ArgumentCannotBeNullOrEmpty", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to The certificate does not exist..
+        /// </summary>
+        public static string CertificateNotFound {
+            get {
+                return ResourceManager.GetString("CertificateNotFound", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to The thumbprint is expected to be a SHA-256 thumbprint, which is exactly 64 characters in length.  Did the hash algorithm change?.
+        /// </summary>
+        public static string CertificateThumbprintHashAlgorithmChanged {
+            get {
+                return ResourceManager.GetString("CertificateThumbprintHashAlgorithmChanged", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Unable to write audit record: &apos;{0}&apos;. Record already exists..
         /// </summary>
@@ -276,6 +303,15 @@ public static string PackageMetadata_VersionStringInvalid {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to The package does not exist..
+        /// </summary>
+        public static string PackageNotFound {
+            get {
+                return ResourceManager.GetString("PackageNotFound", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Must be a readable stream.
         /// </summary>
diff --git a/src/NuGetGallery.Core/CoreStrings.resx b/src/NuGetGallery.Core/CoreStrings.resx
index 195f5227a4..06d1ab38d8 100644
--- a/src/NuGetGallery.Core/CoreStrings.resx
+++ b/src/NuGetGallery.Core/CoreStrings.resx
@@ -201,4 +201,16 @@
     <value>The package manifest contains invalid metadata elements: '{0}'</value>
     <comment>{0} is a comma-delimited list of invalid metadata element names.</comment>
   </data>
+  <data name="ArgumentCannotBeNullOrEmpty" xml:space="preserve">
+    <value>The argument cannot be null or empty.</value>
+  </data>
+  <data name="PackageNotFound" xml:space="preserve">
+    <value>The package does not exist.</value>
+  </data>
+  <data name="CertificateNotFound" xml:space="preserve">
+    <value>The certificate does not exist.</value>
+  </data>
+  <data name="CertificateThumbprintHashAlgorithmChanged" xml:space="preserve">
+    <value>The thumbprint is expected to be a SHA-256 thumbprint, which is exactly 64 characters in length.  Did the hash algorithm change?</value>
+  </data>
 </root>
\ No newline at end of file
diff --git a/src/NuGetGallery.Core/Entities/Certificate.cs b/src/NuGetGallery.Core/Entities/Certificate.cs
index a6d30d543b..882ff5a982 100644
--- a/src/NuGetGallery.Core/Entities/Certificate.cs
+++ b/src/NuGetGallery.Core/Entities/Certificate.cs
@@ -1,8 +1,12 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
+
 namespace NuGetGallery
 {
+    [DisplayColumn(nameof(Thumbprint))]
     public class Certificate : IEntity
     {
         /// <summary>
@@ -10,11 +14,26 @@ public class Certificate : IEntity
         /// </summary>
         public int Key { get; set; }
 
+        /// <summary>
+        /// Gets or sets the SHA-1 thumbprint of the certificate.
+        /// </summary>
+        public string Sha1Thumbprint { get; set; }
+
         /// <summary>
         /// The SHA-256 thumbprint (fingerprint) that uniquely identifies this certificate. This is a string with
         /// exactly 64 characters and is the hexadecimal encoding of the hash digest. Note that the SQL column that
         /// stores this property allows longer string values to facilitate future hash algorithm changes.
         /// </summary>
         public string Thumbprint { get; set; }
+
+        /// <summary>
+        /// Gets or sets the collection of user certificates.
+        /// </summary>
+        public ICollection<UserCertificate> UserCertificates { get; set; }
+
+        public Certificate()
+        {
+            UserCertificates = new List<UserCertificate>();
+        }
     }
-}
+}
\ No newline at end of file
diff --git a/src/NuGetGallery.Core/Entities/EntitiesContext.cs b/src/NuGetGallery.Core/Entities/EntitiesContext.cs
index 864540d512..3afe276f43 100644
--- a/src/NuGetGallery.Core/Entities/EntitiesContext.cs
+++ b/src/NuGetGallery.Core/Entities/EntitiesContext.cs
@@ -48,6 +48,7 @@ public EntitiesContext(string connectionString, bool readOnly)
         public IDbSet<UserSecurityPolicy> UserSecurityPolicies { get; set; }
         public IDbSet<ReservedNamespace> ReservedNamespaces { get; set; }
         public IDbSet<Certificate> Certificates { get; set; }
+        public IDbSet<UserCertificate> UserCertificates { get; set; }
 
         /// <summary>
         /// User or organization accounts.
@@ -232,6 +233,13 @@ protected override void OnModelCreating(DbModelBuilder modelBuilder)
                            .MapLeftKey("PackageRegistrationKey")
                            .MapRightKey("UserKey"));
 
+            modelBuilder.Entity<PackageRegistration>()
+                .HasMany(pr => pr.RequiredSigners)
+                .WithMany()
+                .Map(c => c.ToTable("PackageRegistrationRequiredSigners")
+                           .MapLeftKey("PackageRegistrationKey")
+                           .MapRightKey("UserKey"));
+
             modelBuilder.Entity<Package>()
                 .HasKey(p => p.Key);
 
@@ -249,7 +257,10 @@ protected override void OnModelCreating(DbModelBuilder modelBuilder)
                 .HasMany<PackageType>(p => p.PackageTypes)
                 .WithRequired(pt => pt.Package)
                 .HasForeignKey(pt => pt.PackageKey);
-            
+
+            modelBuilder.Entity<Package>()
+                .HasOptional(p => p.Certificate);
+
             modelBuilder.Entity<PackageHistory>()
                 .HasKey(pm => pm.Key);
 
@@ -332,6 +343,27 @@ protected override void OnModelCreating(DbModelBuilder modelBuilder)
                             IsUnique = true,
                         }
                     }));
+
+            modelBuilder.Entity<Certificate>()
+                .Property(c => c.Sha1Thumbprint)
+                .HasMaxLength(40)
+                .HasColumnType("varchar")
+                .IsOptional();
+
+            modelBuilder.Entity<UserCertificate>()
+                .HasKey(uc => uc.Key);
+
+            modelBuilder.Entity<User>()
+                .HasMany(u => u.UserCertificates)
+                .WithRequired(uc => uc.User)
+                .HasForeignKey(uc => uc.UserKey)
+                .WillCascadeOnDelete(true); // Deleting a User entity will also delete related UserCertificate entities.
+
+            modelBuilder.Entity<Certificate>()
+                .HasMany(c => c.UserCertificates)
+                .WithRequired(uc => uc.Certificate)
+                .HasForeignKey(uc => uc.CertificateKey)
+                .WillCascadeOnDelete(true); // Deleting a Certificate entity will also delete related UserCertificate entities.
         }
 #pragma warning restore 618
     }
diff --git a/src/NuGetGallery.Core/Entities/IEntitiesContext.cs b/src/NuGetGallery.Core/Entities/IEntitiesContext.cs
index 13cd007ed5..7591f727d2 100644
--- a/src/NuGetGallery.Core/Entities/IEntitiesContext.cs
+++ b/src/NuGetGallery.Core/Entities/IEntitiesContext.cs
@@ -8,6 +8,7 @@ namespace NuGetGallery
 {
     public interface IEntitiesContext
     {
+        IDbSet<Certificate> Certificates { get; set; }
         IDbSet<CuratedFeed> CuratedFeeds { get; set; }
         IDbSet<CuratedPackage> CuratedPackages { get; set; }
         IDbSet<PackageRegistration> PackageRegistrations { get; set; }
@@ -16,6 +17,7 @@ public interface IEntitiesContext
         IDbSet<User> Users { get; set; }
         IDbSet<UserSecurityPolicy> UserSecurityPolicies { get; set; }
         IDbSet<ReservedNamespace> ReservedNamespaces { get; set; }
+        IDbSet<UserCertificate> UserCertificates { get; set; }
 
         Task<int> SaveChangesAsync();
         [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1716:IdentifiersShouldNotMatchKeywords", MessageId = "Set", Justification="This is to match the EF terminology.")]
diff --git a/src/NuGetGallery.Core/Entities/Organization.cs b/src/NuGetGallery.Core/Entities/Organization.cs
index fa054e67c0..94469aa441 100644
--- a/src/NuGetGallery.Core/Entities/Organization.cs
+++ b/src/NuGetGallery.Core/Entities/Organization.cs
@@ -25,6 +25,7 @@ public Organization() : this(null)
         public Organization(string name) : base(name)
         {
             Members = new List<Membership>();
+            MemberRequests = new List<MembershipRequest>();
 
             _administrators = new Lazy<IEnumerable<User>>(
                 () => Members.Where(m => m.IsAdmin).Select(m => m.Member).ToList());
diff --git a/src/NuGetGallery.Core/Entities/Package.cs b/src/NuGetGallery.Core/Entities/Package.cs
index a15906caec..c997e09a56 100644
--- a/src/NuGetGallery.Core/Entities/Package.cs
+++ b/src/NuGetGallery.Core/Entities/Package.cs
@@ -223,5 +223,15 @@ public bool HasReadMe {
         /// The package status key, referring to the <see cref="PackageStatus"/> enum.
         /// </summary>
         public PackageStatus PackageStatusKey { get; set; }
+
+        /// <summary>
+        /// Gets or sets the foreign key of the certificate used to sign the package.
+        /// </summary>
+        public int? CertificateKey { get; set; }
+
+        /// <summary>
+        /// Gets or sets the certificate used to sign the package.
+        /// </summary>
+        public virtual Certificate Certificate { get; set; }
     }
-}
+}
\ No newline at end of file
diff --git a/src/NuGetGallery.Core/Entities/PackageRegistration.cs b/src/NuGetGallery.Core/Entities/PackageRegistration.cs
index 8e5f9be0f2..1ddfde5834 100644
--- a/src/NuGetGallery.Core/Entities/PackageRegistration.cs
+++ b/src/NuGetGallery.Core/Entities/PackageRegistration.cs
@@ -14,6 +14,7 @@ public PackageRegistration()
             Owners = new HashSet<User>();
             Packages = new HashSet<Package>();
             ReservedNamespaces = new HashSet<ReservedNamespace>();
+            RequiredSigners = new HashSet<User>();
         }
 
         [StringLength(CoreConstants.MaxPackageIdLength)]
@@ -30,6 +31,11 @@ public PackageRegistration()
         public virtual ICollection<Package> Packages { get; set; }
         public virtual ICollection<ReservedNamespace> ReservedNamespaces { get; set; }
 
+        /// <summary>
+        /// Gets or sets required signers for this package registration.
+        /// </summary>
+        public virtual ICollection<User> RequiredSigners { get; set; }
+
         public int Key { get; set; }
     }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery.Core/Entities/User.cs b/src/NuGetGallery.Core/Entities/User.cs
index 9f03b1a99b..0ba866f694 100644
--- a/src/NuGetGallery.Core/Entities/User.cs
+++ b/src/NuGetGallery.Core/Entities/User.cs
@@ -51,6 +51,7 @@ public User(string username)
             OrganizationRequests = new List<MembershipRequest>();
             Roles = new List<Role>();
             Username = username;
+            UserCertificates = new List<UserCertificate>();
         }
 
         /// <summary>
@@ -131,6 +132,11 @@ public string LastSavedEmailAddress
 
         public virtual ICollection<UserSecurityPolicy> SecurityPolicies { get; set; }
 
+        /// <summary>
+        /// Gets or sets the collection of user certificates.
+        /// </summary>
+        public virtual ICollection<UserCertificate> UserCertificates { get; set; }
+
         public void ConfirmEmailAddress()
         {
             if (string.IsNullOrEmpty(UnconfirmedEmailAddress))
diff --git a/src/NuGetGallery.Core/Entities/UserCertificate.cs b/src/NuGetGallery.Core/Entities/UserCertificate.cs
new file mode 100644
index 0000000000..4e5879a1d8
--- /dev/null
+++ b/src/NuGetGallery.Core/Entities/UserCertificate.cs
@@ -0,0 +1,40 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.ComponentModel.DataAnnotations.Schema;
+
+namespace NuGetGallery
+{
+    /// <summary>
+    /// Represents a relationship between a user and certificate.
+    /// </summary>
+    public class UserCertificate : IEntity
+    {
+        /// <summary>
+        /// Gets or sets the primary key for the entity.
+        /// </summary>
+        public int Key { get; set; }
+
+        /// <summary>
+        /// Gets or sets the foreign key of the certificate entity.
+        /// </summary>
+        [Index("IX_UserCertificates_CertificateKeyUserKey", IsUnique = true, Order = 0)]
+        public int CertificateKey { get; set; }
+
+        /// <summary>
+        /// Gets or sets the certificate entity.
+        /// </summary>
+        public virtual Certificate Certificate { get; set; }
+
+        /// <summary>
+        /// Gets or sets the foreign key of the user entity.
+        /// </summary>
+        [Index("IX_UserCertificates_CertificateKeyUserKey", IsUnique = true, Order = 1)]
+        public int UserKey { get; set; }
+
+        /// <summary>
+        /// Gets or sets the user entity.
+        /// </summary>
+        public virtual User User { get; set; }
+    }
+}
\ No newline at end of file
diff --git a/src/NuGetGallery.Core/Extensions/PackageRegistrationExtensions.cs b/src/NuGetGallery.Core/Extensions/PackageRegistrationExtensions.cs
new file mode 100644
index 0000000000..e9ef92e27d
--- /dev/null
+++ b/src/NuGetGallery.Core/Extensions/PackageRegistrationExtensions.cs
@@ -0,0 +1,77 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Linq;
+
+namespace NuGetGallery.Extensions
+{
+    public static class PackageRegistrationExtensions
+    {
+        /// <summary>
+        /// Determines if package signing is required for the specified package registration.
+        /// </summary>
+        /// <param name="packageRegistration">A package registration.</param>
+        /// <returns>A flag indicating whether package signing is required.</returns>
+        /// <exception cref="ArgumentNullException">Thrown if <paramref name="packageRegistration" />
+        /// is <c>null</c>.</exception>
+        public static bool IsSigningRequired(this PackageRegistration packageRegistration)
+        {
+            if (packageRegistration == null)
+            {
+                throw new ArgumentNullException(nameof(packageRegistration));
+            }
+
+            var requiredSigner = packageRegistration.RequiredSigners.FirstOrDefault();
+
+            if (requiredSigner == null)
+            {
+                return packageRegistration.Owners.All(HasAnyCertificate);
+            }
+
+            return HasAnyCertificate(requiredSigner);
+        }
+
+        /// <summary>
+        /// Determines if the certificate with specified thumbprint is valid for signing the specified package registration.
+        /// </summary>
+        /// <param name="packageRegistration">A package registration.</param>
+        /// <param name="thumbprint">A certificate thumbprint.</param>
+        /// <returns>A flag indicating whether the certificate is acceptable for signing.</returns>
+        /// <exception cref="ArgumentNullException">Thrown if <paramref name="packageRegistration" />
+        /// is <c>null</c>.</exception>
+        /// <exception cref="ArgumentException">Thrown if <paramref name="thumbprint" /> is <c>null</c>
+        /// or empty.</exception>
+        public static bool IsAcceptableSigningCertificate(this PackageRegistration packageRegistration, string thumbprint)
+        {
+            if (packageRegistration == null)
+            {
+                throw new ArgumentNullException(nameof(packageRegistration));
+            }
+
+            if (string.IsNullOrWhiteSpace(thumbprint))
+            {
+                throw new ArgumentException(CoreStrings.ArgumentCannotBeNullOrEmpty, nameof(thumbprint));
+            }
+
+            var requiredSigner = packageRegistration.RequiredSigners.FirstOrDefault();
+
+            if (requiredSigner == null)
+            {
+                return packageRegistration.Owners.Any(owner => CanUseCertificate(owner, thumbprint));
+            }
+
+            return CanUseCertificate(requiredSigner, thumbprint);
+        }
+
+        private static bool HasAnyCertificate(User user)
+        {
+            return user.UserCertificates.Any();
+        }
+
+        private static bool CanUseCertificate(User user, string thumbprint)
+        {
+            return user.UserCertificates.Any(uc => string.Equals(uc.Certificate.Thumbprint, thumbprint, StringComparison.OrdinalIgnoreCase));
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/NuGetGallery.Core/NuGetGallery.Core.csproj b/src/NuGetGallery.Core/NuGetGallery.Core.csproj
index ecd91e9a93..b88652b6d6 100644
--- a/src/NuGetGallery.Core/NuGetGallery.Core.csproj
+++ b/src/NuGetGallery.Core/NuGetGallery.Core.csproj
@@ -125,7 +125,9 @@
   </ItemGroup>
   <ItemGroup>
     <Compile Include="Auditing\AggregateAuditingService.cs" />
+    <Compile Include="Auditing\AuditedCertificateAction.cs" />
     <Compile Include="Auditing\AuditedDeleteAccountAction.cs" />
+    <Compile Include="Auditing\CertificateAuditRecord.cs" />
     <Compile Include="Auditing\Obfuscation\ObfuscateAttribute.cs" />
     <Compile Include="Auditing\Obfuscation\ObfuscationType.cs" />
     <Compile Include="Auditing\Obfuscation\ObfuscatorJsonConverter.cs" />
@@ -159,6 +161,7 @@
     <Compile Include="Auditing\ScopeAuditRecord.cs" />
     <Compile Include="Auditing\UserAuditRecord.cs" />
     <Compile Include="Authentication\AuthenticationExtensions.cs" />
+    <Compile Include="Certificates\CertificateFile.cs" />
     <Compile Include="Cookies\CookieComplianceServiceBase.cs" />
     <Compile Include="Cookies\CookieConsentMessage.cs" />
     <Compile Include="Cookies\ICookieComplianceService.cs" />
@@ -211,9 +214,11 @@
     <Compile Include="Entities\Role.cs" />
     <Compile Include="Entities\Scope.cs" />
     <Compile Include="Entities\SuspendDbExecutionStrategy.cs" />
+    <Compile Include="Entities\UserCertificate.cs" />
     <Compile Include="Entities\UserSecurityPolicy.cs" />
     <Compile Include="Entities\User.cs" />
     <Compile Include="Extensions\EntitiesContextExtensions.cs" />
+    <Compile Include="Extensions\PackageRegistrationExtensions.cs" />
     <Compile Include="Extensions\UserExtensionsCore.cs" />
     <Compile Include="ICloudStorageStatusDependency.cs" />
     <Compile Include="Infrastructure\AzureEntityList.cs" />
@@ -244,6 +249,7 @@
     <Compile Include="Services\CorePackageFileService.cs" />
     <Compile Include="Services\CorePackageService.cs" />
     <Compile Include="Services\CryptographyService.cs" />
+    <Compile Include="Services\FileAlreadyExistsException.cs" />
     <Compile Include="Services\FileUriPermissions.cs" />
     <Compile Include="Services\IAccessCondition.cs" />
     <Compile Include="Services\ICloudBlobClient.cs" />
diff --git a/src/NuGetGallery.Core/Services/CloudBlobCoreFileStorageService.cs b/src/NuGetGallery.Core/Services/CloudBlobCoreFileStorageService.cs
index 522860f481..dce44e8de1 100644
--- a/src/NuGetGallery.Core/Services/CloudBlobCoreFileStorageService.cs
+++ b/src/NuGetGallery.Core/Services/CloudBlobCoreFileStorageService.cs
@@ -37,7 +37,8 @@ public class CloudBlobCoreFileStorageService : ICoreFileStorageService
             CoreConstants.ContentFolderName,
             CoreConstants.UploadsFolderName,
             CoreConstants.PackageReadMesFolderName,
-            CoreConstants.ValidationFolderName
+            CoreConstants.ValidationFolderName,
+            CoreConstants.UserCertificatesFolderName
         };
 
         protected readonly ICloudBlobClient _client;
@@ -233,7 +234,7 @@ await destBlob.StartCopyAsync(
             }
             catch (StorageException ex) when (ex.RequestInformation?.HttpStatusCode == (int?)HttpStatusCode.Conflict)
             {
-                throw new InvalidOperationException(
+                throw new FileAlreadyExistsException(
                     String.Format(
                         CultureInfo.CurrentCulture,
                         "There is already a blob with name {0} in container {1}.",
@@ -287,7 +288,7 @@ public async Task SaveFileAsync(string folderName, string fileName, Stream packa
             }
             catch (StorageException ex) when (ex.RequestInformation?.HttpStatusCode == (int?)HttpStatusCode.Conflict)
             {
-                throw new InvalidOperationException(
+                throw new FileAlreadyExistsException(
                     String.Format(
                         CultureInfo.CurrentCulture,
                         "There is already a blob with name {0} in container {1}.",
diff --git a/src/NuGetGallery.Core/Services/CoreMessageService.cs b/src/NuGetGallery.Core/Services/CoreMessageService.cs
index 420493f98e..cd0245ed6d 100644
--- a/src/NuGetGallery.Core/Services/CoreMessageService.cs
+++ b/src/NuGetGallery.Core/Services/CoreMessageService.cs
@@ -26,27 +26,15 @@ public CoreMessageService(IMailSender mailSender, ICoreMessageServiceConfigurati
 
         public void SendPackageAddedNotice(Package package, string packageUrl, string packageSupportUrl, string emailSettingsUrl)
         {
-            string subject = "[{0}] Package published - {1} {2}";
-            string body = @"The package [{1} {2}]({3}) was just published on {0}. If this was not intended, please [contact support]({4}).
+            string subject = $"[{CoreConfiguration.GalleryOwner.DisplayName}] Package published - {package.PackageRegistration.Id} {package.Version}";
+            string body = $@"The package [{package.PackageRegistration.Id} {package.Version}]({packageUrl}) was recently published on {CoreConfiguration.GalleryOwner.DisplayName} by {package.User.Username}. If this was not intended, please [contact support]({packageSupportUrl}).
 
 -----------------------------------------------
 <em style=""font-size: 0.8em;"">
-    To stop receiving emails as an owner of this package, sign in to the {0} and
-    [change your email notification settings]({5}).
+    To stop receiving emails as an owner of this package, sign in to the {CoreConfiguration.GalleryOwner.DisplayName} and
+    [change your email notification settings]({emailSettingsUrl}).
 </em>";
 
-            body = string.Format(
-                CultureInfo.CurrentCulture,
-                body,
-                CoreConfiguration.GalleryOwner.DisplayName,
-                package.PackageRegistration.Id,
-                package.Version,
-                packageUrl,
-                packageSupportUrl,
-                emailSettingsUrl);
-
-            subject = string.Format(CultureInfo.CurrentCulture, subject, CoreConfiguration.GalleryOwner.DisplayName, package.PackageRegistration.Id, package.Version);
-
             using (var mailMessage = new MailMessage())
             {
                 mailMessage.Subject = subject;
diff --git a/src/NuGetGallery.Core/Services/CorePackageFileService.cs b/src/NuGetGallery.Core/Services/CorePackageFileService.cs
index 8d8cf665a8..4a9f757709 100644
--- a/src/NuGetGallery.Core/Services/CorePackageFileService.cs
+++ b/src/NuGetGallery.Core/Services/CorePackageFileService.cs
@@ -182,7 +182,7 @@ public async Task StorePackageFileInBackupLocationAsync(Package package, Stream
             {
                 await _fileStorageService.SaveFileAsync(CoreConstants.PackageBackupsFolderName, fileName, packageFile);
             }
-            catch (InvalidOperationException)
+            catch (FileAlreadyExistsException)
             {
                 // If the package file already exists, swallow the exception since we know the content is the same.
                 return;
diff --git a/src/NuGetGallery.Core/Services/CorePackageService.cs b/src/NuGetGallery.Core/Services/CorePackageService.cs
index e0a92ecaf5..bbbbe1c8b2 100644
--- a/src/NuGetGallery.Core/Services/CorePackageService.cs
+++ b/src/NuGetGallery.Core/Services/CorePackageService.cs
@@ -12,11 +12,18 @@ namespace NuGetGallery
 {
     public class CorePackageService : ICorePackageService
     {
+        protected readonly IEntityRepository<Certificate> _certificateRepository;
         protected readonly IEntityRepository<Package> _packageRepository;
-        
-        public CorePackageService(IEntityRepository<Package> packageRepository)
+        protected readonly IEntityRepository<PackageRegistration> _packageRegistrationRepository;
+
+        public CorePackageService(
+            IEntityRepository<Package> packageRepository,
+            IEntityRepository<PackageRegistration> packageRegistrationRepository,
+            IEntityRepository<Certificate> certificateRepository)
         {
             _packageRepository = packageRepository ?? throw new ArgumentNullException(nameof(packageRepository));
+            _packageRegistrationRepository = packageRegistrationRepository ?? throw new ArgumentNullException(nameof(packageRegistrationRepository));
+            _certificateRepository = certificateRepository ?? throw new ArgumentNullException(nameof(certificateRepository));
         }
 
         public virtual async Task UpdatePackageStreamMetadataAsync(
@@ -222,6 +229,61 @@ public virtual Package FindPackageByIdAndVersionStrict(string id, string version
             return package;
         }
 
+        public virtual PackageRegistration FindPackageRegistrationById(string packageId)
+        {
+            if (string.IsNullOrWhiteSpace(packageId))
+            {
+                throw new ArgumentException(CoreStrings.ArgumentCannotBeNullOrEmpty, nameof(packageId));
+            }
+
+            return _packageRegistrationRepository.GetAll()
+                .Include(pr => pr.Owners.Select(o => o.UserCertificates))
+                .Include(pr => pr.RequiredSigners.Select(rs => rs.UserCertificates))
+                .Where(registration => registration.Id == packageId)
+                .SingleOrDefault();
+        }
+
+        public virtual async Task UpdatePackageSigningCertificateAsync(string packageId, string packageVersion, string thumbprint)
+        {
+            if (string.IsNullOrEmpty(packageId))
+            {
+                throw new ArgumentException(CoreStrings.ArgumentCannotBeNullOrEmpty, nameof(packageId));
+            }
+
+            if (string.IsNullOrEmpty(packageVersion))
+            {
+                throw new ArgumentException(CoreStrings.ArgumentCannotBeNullOrEmpty, nameof(packageVersion));
+            }
+
+            if (string.IsNullOrEmpty(thumbprint))
+            {
+                throw new ArgumentException(CoreStrings.ArgumentCannotBeNullOrEmpty, nameof(thumbprint));
+            }
+
+            var package = FindPackageByIdAndVersionStrict(packageId, packageVersion);
+
+            if (package == null)
+            {
+                throw new ArgumentException(CoreStrings.PackageNotFound);
+            }
+
+            var certificate = _certificateRepository.GetAll()
+                .Where(c => c.Thumbprint == thumbprint)
+                .SingleOrDefault();
+
+            if (certificate == null)
+            {
+                throw new ArgumentException(CoreStrings.CertificateNotFound);
+            }
+
+            if (package.CertificateKey != certificate.Key)
+            {
+                package.Certificate = certificate;
+
+                await _packageRepository.CommitChangesAsync();
+            }
+        }
+
         protected IQueryable<Package> GetPackagesByIdQueryable(string id)
         {
             return _packageRepository
@@ -248,4 +310,4 @@ private static Package FindPackage(IQueryable<Package> packages, Func<IQueryable
             return packages.First(pv => pv.Version.Equals(version.OriginalVersion, StringComparison.OrdinalIgnoreCase));
         }
     }
-}
+}
\ No newline at end of file
diff --git a/src/NuGetGallery.Core/Services/FileAlreadyExistsException.cs b/src/NuGetGallery.Core/Services/FileAlreadyExistsException.cs
new file mode 100644
index 0000000000..85941c7d9d
--- /dev/null
+++ b/src/NuGetGallery.Core/Services/FileAlreadyExistsException.cs
@@ -0,0 +1,19 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace NuGetGallery
+{
+    [Serializable]
+    public sealed class FileAlreadyExistsException : Exception
+    {
+        public FileAlreadyExistsException() { }
+        public FileAlreadyExistsException(string message) : base(message) { }
+        public FileAlreadyExistsException(string message, Exception inner) : base(message, inner) { }
+    }
+}
\ No newline at end of file
diff --git a/src/NuGetGallery.Core/Services/ICorePackageService.cs b/src/NuGetGallery.Core/Services/ICorePackageService.cs
index 66799cfd39..370eb1d041 100644
--- a/src/NuGetGallery.Core/Services/ICorePackageService.cs
+++ b/src/NuGetGallery.Core/Services/ICorePackageService.cs
@@ -42,5 +42,27 @@ public interface ICorePackageService
         /// <param name="packageRegistration">The package registration.</param>
         /// <param name="commitChanges">Whether or not to commit the changes to the packages.</param>
         Task UpdateIsLatestAsync(PackageRegistration packageRegistration, bool commitChanges = true);
+
+        /// <summary>
+        /// Updates the <see cref="Package.CertificateKey"/>.
+        /// </summary>
+        /// <param name="packageId">The package key.</param>
+        /// <param name="packageVersion">The package key.</param>
+        /// <param name="thumbprint">The certificate thumbprint.</param>
+        /// <exception cref="ArgumentException">Thrown if <paramref name="packageId" /> is <c>null</c> or empty.</exception>
+        /// <exception cref="ArgumentException">Thrown if <paramref name="packageVersion" /> is <c>null</c> or empty.</exception>
+        /// <exception cref="ArgumentException">Thrown if the package does not exist.</exception>
+        /// <exception cref="ArgumentException">Thrown if <paramref name="thumbprint" /> is <c>null</c> or empty
+        /// or a certificate with the specified thumbprint does not exist.</exception>
+        Task UpdatePackageSigningCertificateAsync(string packageId, string packageVersion, string thumbprint);
+
+        /// <summary>
+        /// Gets the package registration with the specified ID when it exists; otherwise, <c>null</c>.
+        /// </summary>
+        /// <param name="packageId">The package ID.</param>
+        /// <returns>A package registration or <c>null</c>.</returns>
+        /// <exception cref="ArgumentException">Thrown if <paramref name="packageId" /> is <c>null</c>
+        /// or empty.</exception>
+        PackageRegistration FindPackageRegistrationById(string packageId);
     }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery/App_Code/ViewHelpers.cshtml b/src/NuGetGallery/App_Code/ViewHelpers.cshtml
index 08a3606a07..d892142535 100644
--- a/src/NuGetGallery/App_Code/ViewHelpers.cshtml
+++ b/src/NuGetGallery/App_Code/ViewHelpers.cshtml
@@ -1,4 +1,5 @@
 @using System.Web.Mvc
+@using System.Web.Routing
 @using System.Web.Mvc.Html
 @using Microsoft.Web.Helpers
 @using NuGetGallery
@@ -251,7 +252,7 @@
         {
             <i class="ms-Icon ms-Icon--Group" aria-hidden="true"></i>
         }
-        <a href="@url.User(user.Username)">@user.Username</a>
+        <a href="@url.User(user.Username)" title="@user.Username">@user.Username.Abbreviate(15)</a>
     </span>
 }
 
@@ -353,6 +354,7 @@
             var cookieService = DependencyResolver.Current.GetService<ICookieComplianceService>();
             if (cookieService.CanWriteNonEssentialCookies(Request))
             {
+		var obfuscatedRequest = ObfuscationHelper.ObfuscateRequestUrl(new HttpContextWrapper(HttpContext.Current), RouteTable.Routes);
                 <script>
                     (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
                     (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
@@ -360,6 +362,9 @@
                     })(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
 
                     ga('create', '@propertyId', 'auto');
+                    ga('set', 'anonymizeIp', true);
+                    ga('set', 'page', '@obfuscatedRequest');
+                    ga('set', 'title', '');
                     ga('send', 'pageview');
                 </script>
             }
@@ -450,7 +455,7 @@ var hlp = new AccordionHelper(name, formModelStatePrefix, expanded, page);
 
 @helper AjaxAntiForgeryToken(System.Web.Mvc.HtmlHelper html)
 {
-    <form id="AntiForgeryForm">
+    <form aria-hidden="true" id="AntiForgeryForm">
         @html.AntiForgeryToken()
     </form>
 }
@@ -532,7 +537,7 @@ var hlp = new AccordionHelper(name, formModelStatePrefix, expanded, page);
                 @if (!disabled)
                 {
                     <a href="#" role="button" data-toggle="collapse" data-target="#@id-container"
-                        aria-expanded="@expanded" aria-controls="@id-container" id="show-@id-container">
+                        aria-expanded="@(expanded ? "true" : "false")" aria-controls="@id-container" id="show-@id-container">
                         <i class="ms-Icon ms-Icon--@(expanded ? expandedIcon : collapsedIcon)"
                             aria-hidden="@(expanded ? "false" : "true")"></i>
                         <span>@title(MvcHtmlString.Empty)</span>
diff --git a/src/NuGetGallery/App_Start/AppActivator.cs b/src/NuGetGallery/App_Start/AppActivator.cs
index ee94934aea..b916b1f92c 100644
--- a/src/NuGetGallery/App_Start/AppActivator.cs
+++ b/src/NuGetGallery/App_Start/AppActivator.cs
@@ -129,8 +129,7 @@ private static void BundlingPostStart()
                 .Include("~/Scripts/jquery.validate.js")
                 .Include("~/Scripts/jquery.validate.unobtrusive.js")
                 .Include("~/Scripts/jquery.timeago.js")
-                .Include("~/Scripts/nugetgallery.js")
-                .Include("~/Scripts/stats.js");
+                .Include("~/Scripts/nugetgallery.js");
             BundleTable.Bundles.Add(scriptBundle);
 
             // Modernizr needs to be delivered at the top of the page but putting it in a bundle gets us a cache-buster.
@@ -149,6 +148,7 @@ private static void BundlingPostStart()
             {
                 stylesBundle
                     .Include("~/Content/" + filename)
+                    .Include("~/Content/Branding/" + filename)
                     .Include("~/Branding/Content/" + filename);
             }
 
diff --git a/src/NuGetGallery/App_Start/DefaultDependenciesModule.cs b/src/NuGetGallery/App_Start/DefaultDependenciesModule.cs
index 60962cfd63..a6c50718b4 100644
--- a/src/NuGetGallery/App_Start/DefaultDependenciesModule.cs
+++ b/src/NuGetGallery/App_Start/DefaultDependenciesModule.cs
@@ -139,6 +139,11 @@ protected override void Load(ContainerBuilder builder)
                 .As<IEntityRepository<PackageDelete>>()
                 .InstancePerLifetimeScope();
 
+            builder.RegisterType<EntityRepository<Certificate>>()
+                .AsSelf()
+                .As<IEntityRepository<Certificate>>()
+                .InstancePerLifetimeScope();
+
             builder.RegisterType<EntityRepository<AccountDelete>>()
                .AsSelf()
                .As<IEntityRepository<AccountDelete>>()
@@ -198,7 +203,7 @@ protected override void Load(ContainerBuilder builder)
                 .AsSelf()
                 .As<IDeleteAccountService>()
                 .InstancePerLifetimeScope();
-            
+
             builder.RegisterType<PackageOwnerRequestService>()
                 .AsSelf()
                 .As<IPackageOwnerRequestService>()
@@ -251,12 +256,22 @@ protected override void Load(ContainerBuilder builder)
                 .AsSelf()
                 .As<IApiScopeEvaluator>()
                 .InstancePerLifetimeScope();
-            
+
             builder.RegisterType<ContentObjectService>()
                 .AsSelf()
                 .As<IContentObjectService>()
                 .SingleInstance();
 
+            builder.RegisterType<CertificateValidator>()
+                .AsSelf()
+                .As<ICertificateValidator>()
+                .SingleInstance();
+
+            builder.RegisterType<CertificateService>()
+                .AsSelf()
+                .As<ICertificateService>()
+                .InstancePerLifetimeScope();
+
             if (configuration.Current.IsHosted)
             {
                 HostingEnvironment.QueueBackgroundWorkItem(async cancellationToken => await DependencyResolver
@@ -265,8 +280,7 @@ protected override void Load(ContainerBuilder builder)
                     .Refresh());
             }
 
-            var mailSenderThunk = new Lazy<IMailSender>(
-                () =>
+            Func<MailSender> mailSenderFactory = () =>
                 {
                     var settings = configuration;
                     if (settings.Current.SmtpUri != null && settings.Current.SmtpUri.IsAbsoluteUri)
@@ -301,9 +315,9 @@ protected override void Load(ContainerBuilder builder)
 
                         return new MailSender(mailSenderConfiguration);
                     }
-                });
+                };
 
-            builder.Register(c => mailSenderThunk.Value)
+            builder.Register(c => mailSenderFactory())
                 .AsSelf()
                 .As<IMailSender>()
                 .InstancePerLifetimeScope();
diff --git a/src/NuGetGallery/App_Start/Routes.cs b/src/NuGetGallery/App_Start/Routes.cs
index 22d0422e0e..4c4eb11e21 100644
--- a/src/NuGetGallery/App_Start/Routes.cs
+++ b/src/NuGetGallery/App_Start/Routes.cs
@@ -144,6 +144,13 @@ public static void RegisterUIRoutes(RouteCollection routes)
                 "packages/manage/cancel-upload",
                 new { controller = "Packages", action = "CancelUpload" });
 
+            routes.MapRoute(
+                RouteName.SetRequiredSigner,
+                "packages/{id}/required-signer/{username}",
+                new { controller = "Packages", action = RouteName.SetRequiredSigner, username = UrlParameter.Optional },
+                constraints: new { httpMethod = new HttpMethodConstraint("POST") },
+                obfuscationMetadata: new RouteExtensions.ObfuscatedMetadata(3, Obfuscator.DefaultTelemetryUserName) );
+
             routes.MapRoute(
                 RouteName.PackageOwnerConfirmation,
                 "packages/{id}/owners/{username}/confirm/{token}",
@@ -254,6 +261,30 @@ public static void RegisterUIRoutes(RouteCollection routes)
                 new { controller = "Users", action = "Profiles" },
                 new RouteExtensions.ObfuscatedMetadata(1, Obfuscator.DefaultTelemetryUserName));
 
+            routes.MapRoute(
+                RouteName.GetUserCertificate,
+                "account/certificates/{thumbprint}",
+                new { controller = "Users", action = "GetCertificate" },
+                constraints: new { httpMethod = new HttpMethodConstraint("GET") });
+
+            routes.MapRoute(
+                RouteName.DeleteUserCertificate,
+                "account/certificates/{thumbprint}",
+                new { controller = "Users", action = "DeleteCertificate" },
+                constraints: new { httpMethod = new HttpMethodConstraint("DELETE") });
+
+            routes.MapRoute(
+                RouteName.GetUserCertificates,
+                "account/certificates",
+                new { controller = "Users", action = "GetCertificates" },
+                constraints: new { httpMethod = new HttpMethodConstraint("GET") });
+
+            routes.MapRoute(
+                RouteName.AddUserCertificate,
+                "account/certificates",
+                new { controller = "Users", action = "AddCertificate" },
+                constraints: new { httpMethod = new HttpMethodConstraint("POST") });
+
             routes.MapRoute(
                 RouteName.RemovePassword,
                 "account/RemoveCredential/password",
@@ -281,12 +312,17 @@ public static void RegisterUIRoutes(RouteCollection routes)
                 "account/confirm/{accountName}/{token}",
                 new { controller = "Users", action = "Confirm" },
                 new RouteExtensions.ObfuscatedMetadata(2, Obfuscator.DefaultTelemetryUserName));
-            
+
             routes.MapRoute(
                 RouteName.ChangeEmailSubscription,
                 "account/subscription/change",
                 new { controller = "Users", action = "ChangeEmailSubscription" });
 
+            routes.MapRoute(
+                RouteName.ChangeMultiFactorAuthentication,
+                "account/changeMultiFactorAuthentication",
+                new { controller = "Users", action = "ChangeMultiFactorAuthentication" });
+
             routes.MapRoute(
                 RouteName.AdminDeleteAccount,
                 "account/delete/{accountName}",
@@ -335,6 +371,34 @@ public static void RegisterUIRoutes(RouteCollection routes)
                 "organization/add",
                 new { controller = "Organizations", action = "Add" });
 
+            routes.MapRoute(
+                RouteName.GetOrganizationCertificate,
+                "organization/{accountName}/certificates/{thumbprint}",
+                new { controller = "Organizations", action = "GetCertificate" },
+                constraints: new { httpMethod = new HttpMethodConstraint("GET") },
+                obfuscationMetadata: new RouteExtensions.ObfuscatedMetadata(1, Obfuscator.DefaultTelemetryUserName));
+
+            routes.MapRoute(
+                RouteName.DeleteOrganizationCertificate,
+                "organization/{accountName}/certificates/{thumbprint}",
+                new { controller = "Organizations", action = "DeleteCertificate" },
+                constraints: new { httpMethod = new HttpMethodConstraint("DELETE") },
+                obfuscationMetadata: new RouteExtensions.ObfuscatedMetadata(1, Obfuscator.DefaultTelemetryUserName));
+
+            routes.MapRoute(
+                RouteName.GetOrganizationCertificates,
+                "organization/{accountName}/certificates",
+                new { controller = "Organizations", action = "GetCertificates" },
+                constraints: new { httpMethod = new HttpMethodConstraint("GET") },
+                obfuscationMetadata: new RouteExtensions.ObfuscatedMetadata(1, Obfuscator.DefaultTelemetryUserName));
+
+            routes.MapRoute(
+                RouteName.AddOrganizationCertificate,
+                "organization/{accountName}/certificates",
+                new { controller = "Organizations", action = "AddCertificate" },
+                constraints: new { httpMethod = new HttpMethodConstraint("POST") },
+                obfuscationMetadata: new RouteExtensions.ObfuscatedMetadata(1, Obfuscator.DefaultTelemetryUserName));
+
             routes.MapRoute(
                 RouteName.OrganizationMemberAddAjax,
                 "organization/{accountName}/members/add",
diff --git a/src/NuGetGallery/App_Start/StorageDependent.cs b/src/NuGetGallery/App_Start/StorageDependent.cs
index ed621f20b0..c9e31a3ebd 100644
--- a/src/NuGetGallery/App_Start/StorageDependent.cs
+++ b/src/NuGetGallery/App_Start/StorageDependent.cs
@@ -84,6 +84,7 @@ public static IEnumerable<StorageDependent> GetAll(IAppConfiguration configurati
             /// This array must be added to as we implement more services that use <see cref="IFileStorageService"/>.
             var dependents = new[]
             {
+                Create<CertificateService, ICertificateService>(configuration.AzureStorage_UserCertificates_ConnectionString, isSingleInstance: false),
                 Create<ContentService, IContentService>(configuration.AzureStorage_Content_ConnectionString, isSingleInstance: true),
                 Create<PackageFileService, IPackageFileService>(configuration.AzureStorage_Packages_ConnectionString, isSingleInstance: false),
                 Create<UploadFileService, IUploadFileService>(configuration.AzureStorage_Uploads_ConnectionString, isSingleInstance: false),
diff --git a/src/NuGetGallery/Areas/Admin/ViewModels/DeleteUserAccountViewModel.cs b/src/NuGetGallery/Areas/Admin/ViewModels/DeleteAccountAsAdminViewModel.cs
similarity index 55%
rename from src/NuGetGallery/Areas/Admin/ViewModels/DeleteUserAccountViewModel.cs
rename to src/NuGetGallery/Areas/Admin/ViewModels/DeleteAccountAsAdminViewModel.cs
index 4df92987b0..5a79b9dac7 100644
--- a/src/NuGetGallery/Areas/Admin/ViewModels/DeleteUserAccountViewModel.cs
+++ b/src/NuGetGallery/Areas/Admin/ViewModels/DeleteAccountAsAdminViewModel.cs
@@ -5,20 +5,29 @@
 
 namespace NuGetGallery.Areas.Admin.ViewModels
 {
-    public class DeleteUserAccountViewModel : DeleteAccountViewModel
+    public class DeleteAccountAsAdminViewModel
     {
-        public DeleteUserAccountViewModel()
+        public DeleteAccountAsAdminViewModel()
         {
             ShouldUnlist = true;
         }
 
+        public DeleteAccountAsAdminViewModel(IDeleteAccountViewModel model)
+        {
+            AccountName = model.AccountName;
+            HasOrphanPackages = model.HasOrphanPackages;
+        }
+
+        public string AccountName { get; set; }
+
         [Required(ErrorMessage = "Please sign using your name.")]
         [StringLength(1000)]
         [Display(Name = "Signature")]
         public string Signature { get; set; }
 
-        [Display(Name = "Unlist the packages with no other owners.")]
+        [Display(Name = "Unlist any orphaned packages.")]
         public bool ShouldUnlist { get; set; }
-    }
 
+        public bool HasOrphanPackages { get; set; }
+    }
 }
diff --git a/src/NuGetGallery/Areas/Admin/Views/DeleteAccount/DeleteUserAccount.cshtml b/src/NuGetGallery/Areas/Admin/Views/DeleteAccount/DeleteUserAccount.cshtml
index 3eb2563d36..be6f9f7924 100644
--- a/src/NuGetGallery/Areas/Admin/Views/DeleteAccount/DeleteUserAccount.cshtml
+++ b/src/NuGetGallery/Areas/Admin/Views/DeleteAccount/DeleteUserAccount.cshtml
@@ -1,5 +1,5 @@
 @using NuGetGallery
-@model NuGetGallery.Areas.Admin.ViewModels.DeleteUserAccountViewModel
+@model DeleteUserViewModel
 @{
     ViewBag.Title = "Delete Account " + Model.AccountName;
     ViewBag.MdPageColumns = Constants.ColumnsFormMd;
@@ -17,51 +17,17 @@
                 1. Revoke associated API key(s). <br />
                 2. Remove the account as an owner for any child packages.<br />
                 3. Dissociate all previously existent ID prefix reservations with this account.<br />
+                4. Remove the account as a member of any organizations.<br />
             </text>)
 
             <div class="form-group">
-                @{
-                    @Html.Partial("_UserPackagesListForDeletedAccount", new ManagePackagesListViewModel(@Model.Packages, "Packages"))
-                }
+                @Html.Partial("_UserPackagesListForDeletedAccount", Model)
+            </div>
+            <div class="form-group">
+                @Html.Partial("_UserOrganizationsListForDeletedAccount", Model.Organizations)
             </div>
         </div>
-        <div class="form-group danger-zone">
-            @using (Html.BeginForm("Delete", "Users", FormMethod.Post, new { id = "delete-form" }))
-            {
-                @Html.HttpMethodOverride(HttpVerbs.Delete)
-                @Html.AntiForgeryToken()
-                @Html.ValidationSummary(true)
-                <div>
-                    <div class="form-group">
-                        @Html.LabelFor(m => m.Signature)
-                        @Html.EditorFor(m => m.Signature)
-                        @Html.ValidationMessageFor(m => m.Signature)
-                    </div>
-
-                    @if (Model.HasOrphanPackages)
-                    {
-                        <div class="form-group">
-                            @Html.EditorFor(m => m.ShouldUnlist)
-                            <label class="checkbox-inline">
-                                <b>Unlist the packages without any user.</b>
-                            </label>
-                            <p>
-                                One or more packages do not have co-owners. If you choose to proceed without fixing this issue, these packages will be orphaned and a warning message will be displayed under owners on the package page.
-                            </p>
-                        </div>
-                    }
-                </div>
-                <hr />
-                <p>
-                    This action <strong>CANNOT</strong> be undone. This will permanently delete the account <b>@Model.AccountName</b>.
-                </p>
-                <hr />
-                @Html.HiddenFor(m => m.Signature)
-                @Html.HiddenFor(m => m.ShouldUnlist)
-                @Html.HiddenFor(m => m.AccountName)
-                <input id="btn-delete" type="submit" class="btn btn-danger form-control" value="I understand the consequences, delete this account" title="I understand the consequences, delete this account." />
-            }
-        </div>
+        @Html.Partial("_DeleteUserAccountForm", new DeleteAccountAsAdminViewModel(Model))
     </div>
 </section>
 
diff --git a/src/NuGetGallery/Areas/Admin/Views/DeleteAccount/_DeleteUserAccountForm.cshtml b/src/NuGetGallery/Areas/Admin/Views/DeleteAccount/_DeleteUserAccountForm.cshtml
new file mode 100644
index 0000000000..a6d9b90c98
--- /dev/null
+++ b/src/NuGetGallery/Areas/Admin/Views/DeleteAccount/_DeleteUserAccountForm.cshtml
@@ -0,0 +1,39 @@
+@model DeleteAccountAsAdminViewModel
+
+<div class="form-group danger-zone">
+    @using (Html.BeginForm("Delete", "Users", FormMethod.Post, new { id = "delete-form" }))
+    {
+        @Html.HttpMethodOverride(HttpVerbs.Delete)
+        @Html.AntiForgeryToken()
+        @Html.ValidationSummary(true)
+        <div>
+            <div class="form-group">
+                @Html.LabelFor(m => m.Signature)
+                @Html.EditorFor(m => m.Signature)
+                @Html.ValidationMessageFor(m => m.Signature)
+            </div>
+
+            @if (Model.HasOrphanPackages)
+            {
+                <div class="form-group">
+                    @Html.EditorFor(m => m.ShouldUnlist)
+                    <label class="checkbox-inline">
+                        <b>Unlist the packages without any owner.</b>
+                    </label>
+                    <p>
+                        One or more packages do not have co-owners. If you choose to proceed without fixing this issue, these packages will be orphaned and a warning message will be displayed under owners on the package page.
+                    </p>
+                </div>
+            }
+        </div>
+        <hr />
+        <p>
+            This action <strong>CANNOT</strong> be undone. You will not be able to regain access to the account <b>@Model.AccountName</b> or any of its packages.
+        </p>
+        <hr />
+        @Html.HiddenFor(m => m.Signature)
+        @Html.HiddenFor(m => m.ShouldUnlist)
+        @Html.HiddenFor(m => m.AccountName)
+        <input id="btn-delete" type="submit" class="btn btn-danger form-control" value="I understand the consequences, delete this account" title="I understand the consequences, delete this account." />
+    }
+</div>
\ No newline at end of file
diff --git a/src/NuGetGallery/Authentication/AuthenticatedUser.cs b/src/NuGetGallery/Authentication/AuthenticatedUser.cs
index a8d6839e10..3611220fb9 100644
--- a/src/NuGetGallery/Authentication/AuthenticatedUser.cs
+++ b/src/NuGetGallery/Authentication/AuthenticatedUser.cs
@@ -5,6 +5,13 @@
 
 namespace NuGetGallery.Authentication
 {
+    public class LoginUserDetails
+    {
+        public AuthenticatedUser AuthenticatedUser { get; set; }
+
+        public bool UsedMultiFactorAuthentication { get; set; }
+    }
+
     public class AuthenticatedUser
     {
         public User User { get; private set; }
@@ -21,7 +28,7 @@ public AuthenticatedUser(User user, Credential cred)
             {
                 throw new ArgumentNullException(nameof(cred));
             }
-            
+
             User = user;
             CredentialUsed = cred;
         }
diff --git a/src/NuGetGallery/Authentication/AuthenticationService.cs b/src/NuGetGallery/Authentication/AuthenticationService.cs
index e3f8ff2813..aa98a8f132 100644
--- a/src/NuGetGallery/Authentication/AuthenticationService.cs
+++ b/src/NuGetGallery/Authentication/AuthenticationService.cs
@@ -233,10 +233,15 @@ await Auditing.SaveAuditRecordAsync(
             }
         }
 
-        public virtual async Task CreateSessionAsync(IOwinContext owinContext, AuthenticatedUser user)
+        /// <summary>
+        /// Generate the new session for the logged in user. Also, set the appropriate claims for the user in this session.
+        /// The multi-factor authentication setting value can be obtained from external logins(in case of AADv2).
+        /// </summary>
+        /// <returns>Awaitable task</returns>
+        public virtual async Task CreateSessionAsync(IOwinContext owinContext, AuthenticatedUser authenticatedUser, bool wasMultiFactorAuthenticated = false)
         {
             // Create a claims identity for the session
-            ClaimsIdentity identity = CreateIdentity(user.User, AuthenticationTypes.LocalUser, await GetDiscontinuedLoginClaims(user));
+            ClaimsIdentity identity = CreateIdentity(authenticatedUser.User, AuthenticationTypes.LocalUser, await GetUserLoginClaims(authenticatedUser, wasMultiFactorAuthenticated));
 
             // Issue the session token and clean up the external token if present
             owinContext.Authentication.SignIn(identity);
@@ -244,10 +249,10 @@ public virtual async Task CreateSessionAsync(IOwinContext owinContext, Authentic
 
             // Write an audit record
             await Auditing.SaveAuditRecordAsync(
-                new UserAuditRecord(user.User, AuditedUserAction.Login, user.CredentialUsed));
+                new UserAuditRecord(authenticatedUser.User, AuditedUserAction.Login, authenticatedUser.CredentialUsed));
         }
 
-        private async Task<Claim[]> GetDiscontinuedLoginClaims(AuthenticatedUser user)
+        private async Task<Claim[]> GetUserLoginClaims(AuthenticatedUser user, bool wasMultiFactorAuthenticated)
         {
             await _contentObjectService.Refresh();
 
@@ -268,6 +273,18 @@ private async Task<Claim[]> GetDiscontinuedLoginClaims(AuthenticatedUser user)
                 ClaimsExtensions.AddBooleanClaim(claims, NuGetClaims.ExternalLogin);
             }
 
+            if (user.User.EnableMultiFactorAuthentication)
+            {
+                ClaimsExtensions.AddBooleanClaim(claims, NuGetClaims.EnabledMultiFactorAuthentication);
+            }
+
+            if (wasMultiFactorAuthenticated)
+            {
+                ClaimsExtensions.AddBooleanClaim(claims, NuGetClaims.WasMultiFactorAuthenticated);
+            }
+
+            ClaimsExtensions.AddExternalLoginCredentialTypeClaim(claims, user.CredentialUsed.Type);
+
             return claims.ToArray();
         }
 
diff --git a/src/NuGetGallery/Configuration/AppConfiguration.cs b/src/NuGetGallery/Configuration/AppConfiguration.cs
index 8af24ca018..47c4642769 100644
--- a/src/NuGetGallery/Configuration/AppConfiguration.cs
+++ b/src/NuGetGallery/Configuration/AppConfiguration.cs
@@ -38,10 +38,12 @@ public class AppConfiguration : IAppConfiguration
         [TypeConverter(typeof(StringArrayConverter))]
         public string[] ForceSslExclusion { get; set; }
 
-
         [DisplayName("AzureStorage.Auditing.ConnectionString")]
         public string AzureStorage_Auditing_ConnectionString { get; set; }
 
+        [DisplayName("AzureStorage.UserCertificates.ConnectionString")]
+        public string AzureStorage_UserCertificates_ConnectionString { get; set; }
+
         [DisplayName("AzureStorage.Content.ConnectionString")]
         public string AzureStorage_Content_ConnectionString { get; set; }
 
diff --git a/src/NuGetGallery/Configuration/IAppConfiguration.cs b/src/NuGetGallery/Configuration/IAppConfiguration.cs
index 4606365b4c..f8320ac9cd 100644
--- a/src/NuGetGallery/Configuration/IAppConfiguration.cs
+++ b/src/NuGetGallery/Configuration/IAppConfiguration.cs
@@ -44,7 +44,12 @@ public interface IAppConfiguration : ICoreMessageServiceConfiguration
         /// The Azure Storage connection string used for auditing.
         /// </summary>
         string AzureStorage_Auditing_ConnectionString { get; set; }
-        
+
+        /// <summary>
+        /// The Azure Storage connection string used for user certificates.
+        /// </summary>
+        string AzureStorage_UserCertificates_ConnectionString { get; set; }
+
         /// <summary>
         /// The Azure Storage connection string used for static content.
         /// </summary>
diff --git a/src/NuGetGallery/Controllers/AccountsController.cs b/src/NuGetGallery/Controllers/AccountsController.cs
index 5dccc45036..5a97e3fc53 100644
--- a/src/NuGetGallery/Controllers/AccountsController.cs
+++ b/src/NuGetGallery/Controllers/AccountsController.cs
@@ -4,17 +4,19 @@
 using System;
 using System.Linq;
 using System.Net;
-using System.Net.Mail;
 using System.Threading.Tasks;
+using System.Web;
 using System.Web.Mvc;
 using NuGetGallery.Authentication;
 using NuGetGallery.Filters;
+using NuGetGallery.Helpers;
+using NuGetGallery.Security;
 
 namespace NuGetGallery
 {
     public abstract class AccountsController<TUser, TAccountViewModel> : AppController
         where TUser : User
-        where TAccountViewModel : AccountViewModel
+        where TAccountViewModel : AccountViewModel<TUser>
     {
         public class ViewMessages
         {
@@ -29,24 +31,36 @@ public class ViewMessages
 
         public ICuratedFeedService CuratedFeedService { get; }
 
+        public IPackageService PackageService { get; }
+
         public IMessageService MessageService { get; }
 
         public IUserService UserService { get; }
 
         public ITelemetryService TelemetryService { get; }
 
+        public ISecurityPolicyService SecurityPolicyService { get; }
+
+        public ICertificateService CertificateService { get; }
+
         public AccountsController(
             AuthenticationService authenticationService,
             ICuratedFeedService curatedFeedService,
+            IPackageService packageService,
             IMessageService messageService,
             IUserService userService,
-            ITelemetryService telemetryService)
+            ITelemetryService telemetryService,
+            ISecurityPolicyService securityPolicyService,
+            ICertificateService certificateService)
         {
             AuthenticationService = authenticationService ?? throw new ArgumentNullException(nameof(authenticationService));
             CuratedFeedService = curatedFeedService ?? throw new ArgumentNullException(nameof(curatedFeedService));
+            PackageService = packageService ?? throw new ArgumentNullException(nameof(packageService));
             MessageService = messageService ?? throw new ArgumentNullException(nameof(messageService));
             UserService = userService ?? throw new ArgumentNullException(nameof(userService));
             TelemetryService = telemetryService ?? throw new ArgumentNullException(nameof(telemetryService));
+            SecurityPolicyService = securityPolicyService ?? throw new ArgumentNullException(nameof(securityPolicyService));
+            CertificateService = certificateService ?? throw new ArgumentNullException(nameof(certificateService));
         }
 
         public abstract string AccountAction { get; }
@@ -84,7 +98,7 @@ public virtual ActionResult ConfirmationRequiredPost(string accountName = null)
             {
                 return new HttpStatusCodeResult(HttpStatusCode.Forbidden, Strings.Unauthorized);
             }
-            
+
             var alreadyConfirmed = account.UnconfirmedEmailAddress == null;
 
             ConfirmationViewModel model;
@@ -201,14 +215,14 @@ public virtual async Task<ActionResult> ChangeEmail(TAccountViewModel model)
             {
                 return AccountView(account, model);
             }
-            
+
             if (account.HasPasswordCredential())
             {
                 if (!ModelState.IsValidField("ChangeEmail.Password"))
                 {
                     return AccountView(account, model);
                 }
-                
+
                 if (!AuthenticationService.ValidatePasswordCredential(account.Credentials, model.ChangeEmail.Password, out var _))
                 {
                     ModelState.AddModelError("ChangeEmail.Password", Strings.CurrentPasswordIncorrect);
@@ -258,18 +272,40 @@ public virtual async Task<ActionResult> CancelChangeEmail(TAccountViewModel mode
                 return new HttpStatusCodeResult(HttpStatusCode.Forbidden, Strings.Unauthorized);
             }
 
-            if (string.IsNullOrWhiteSpace(account.UnconfirmedEmailAddress))
+            if (!string.IsNullOrWhiteSpace(account.UnconfirmedEmailAddress))
             {
-                return RedirectToAction(AccountAction);
+                await UserService.CancelChangeEmailAddress(account);
+
+                TempData["Message"] = Messages.EmailUpdateCancelled;
             }
 
-            await UserService.CancelChangeEmailAddress(account);
+            return RedirectToAction(AccountAction);
+        }
+
+        [HttpGet]
+        [UIAuthorize]
+        public virtual ActionResult DeleteRequest(string accountName = null)
+        {
+            var accountToDelete = GetAccount(accountName);
 
-            TempData["Message"] = Messages.EmailUpdateCancelled;
+            if (accountToDelete == null || accountToDelete.IsDeleted)
+            {
+                return HttpNotFound();
+            }
 
-            return RedirectToAction(AccountAction);
+            if (ActionsRequiringPermissions.ManageAccount.CheckPermissions(GetCurrentUser(), accountToDelete)
+                    != PermissionsCheckResult.Allowed)
+            {
+                return HttpNotFound();
+            }
+
+            return View("DeleteAccount", GetDeleteAccountViewModel(accountToDelete));
         }
 
+        protected abstract DeleteAccountViewModel<TUser> GetDeleteAccountViewModel(TUser account);
+
+        public abstract Task<ActionResult> RequestAccountDeletion(string accountName = null);
+
         protected virtual TUser GetAccount(string accountName)
         {
             return UserService.FindByUsername(accountName) as TUser;
@@ -285,7 +321,7 @@ protected virtual ActionResult AccountView(TUser account, TAccountViewModel mode
             }
 
             model = model ?? Activator.CreateInstance<TAccountViewModel>();
-            
+
             UpdateAccountViewModel(account, model);
 
             return View(AccountAction, model);
@@ -299,12 +335,14 @@ protected virtual void UpdateAccountViewModel(TUser account, TAccountViewModel m
             model.CanManage = ActionsRequiringPermissions.ManageAccount.CheckPermissions(
                 GetCurrentUser(), account) == PermissionsCheckResult.Allowed;
 
+            model.WasMultiFactorAuthenticated = User.WasMultiFactorAuthenticated();
+
             model.CuratedFeeds = CuratedFeedService
                 .GetFeedsForManager(account.Key)
                 .Select(f => f.Name)
                 .ToList();
 
-            model.HasPassword = account.Credentials.Any(c => c.Type.StartsWith(CredentialTypes.Password.Prefix));
+            model.HasPassword = account.Credentials.Any(c => c.IsPassword());
             model.CurrentEmailAddress = account.UnconfirmedEmailAddress ?? account.EmailAddress;
             model.HasConfirmedEmailAddress = !string.IsNullOrEmpty(account.EmailAddress);
             model.HasUnconfirmedEmailAddress = !string.IsNullOrEmpty(account.UnconfirmedEmailAddress);
@@ -315,5 +353,195 @@ protected virtual void UpdateAccountViewModel(TUser account, TAccountViewModel m
             model.ChangeNotifications.EmailAllowed = account.EmailAllowed;
             model.ChangeNotifications.NotifyPackagePushed = account.NotifyPackagePushed;
         }
+
+        [HttpPost]
+        [UIAuthorize]
+        [ValidateAntiForgeryToken]
+        [RequiresAccountConfirmation("add a certificate")]
+        public virtual async Task<JsonResult> AddCertificate(string accountName, HttpPostedFileBase uploadFile)
+        {
+            if (uploadFile == null)
+            {
+                return Json(HttpStatusCode.BadRequest, new[] { Strings.CertificateFileIsRequired });
+            }
+
+            var currentUser = GetCurrentUser();
+            var account = GetAccount(accountName);
+
+            if (currentUser == null)
+            {
+                return Json(HttpStatusCode.Unauthorized);
+            }
+
+            if (account == null)
+            {
+                return Json(HttpStatusCode.NotFound);
+            }
+
+            if (ActionsRequiringPermissions.ManageAccount.CheckPermissions(currentUser, account)
+                != PermissionsCheckResult.Allowed || !User.WasMultiFactorAuthenticated())
+            {
+                return Json(HttpStatusCode.Forbidden, new { Strings.Unauthorized });
+            }
+
+            Certificate certificate;
+
+            try
+            {
+                using (var uploadStream = uploadFile.InputStream)
+                {
+                    certificate = await CertificateService.AddCertificateAsync(uploadFile);
+                }
+
+                await CertificateService.ActivateCertificateAsync(certificate.Thumbprint, account);
+            }
+            catch (UserSafeException ex)
+            {
+                ex.Log();
+
+                return Json(HttpStatusCode.BadRequest, new[] { ex.Message });
+            }
+
+            var activeCertificateCount = CertificateService.GetCertificates(account).Count();
+
+            if (activeCertificateCount == 1 &&
+                SecurityPolicyService.IsSubscribed(account, AutomaticallyOverwriteRequiredSignerPolicy.PolicyName))
+            {
+                await PackageService.SetRequiredSignerAsync(account);
+            }
+
+            return Json(HttpStatusCode.Created, new { certificate.Thumbprint });
+        }
+
+        [HttpDelete]
+        [UIAuthorize]
+        [ValidateAntiForgeryToken]
+        [RequiresAccountConfirmation("delete a certificate")]
+        public virtual async Task<JsonResult> DeleteCertificate(string accountName, string thumbprint)
+        {
+            if (string.IsNullOrEmpty(thumbprint))
+            {
+                return Json(HttpStatusCode.BadRequest);
+            }
+
+            var currentUser = GetCurrentUser();
+            var account = GetAccount(accountName);
+
+            if (currentUser == null)
+            {
+                return Json(HttpStatusCode.Unauthorized);
+            }
+
+            if (account == null)
+            {
+                return Json(HttpStatusCode.NotFound);
+            }
+
+            if (ActionsRequiringPermissions.ManageAccount.CheckPermissions(currentUser, account)
+                != PermissionsCheckResult.Allowed || !User.WasMultiFactorAuthenticated())
+            {
+                return Json(HttpStatusCode.Forbidden, new { Strings.Unauthorized });
+            }
+
+            await CertificateService.DeactivateCertificateAsync(thumbprint, account);
+
+            return Json(HttpStatusCode.OK);
+        }
+
+        [HttpGet]
+        [UIAuthorize]
+        public virtual JsonResult GetCertificates(string accountName)
+        {
+            var currentUser = GetCurrentUser();
+            var account = GetAccount(accountName);
+
+            if (currentUser == null)
+            {
+                return Json(HttpStatusCode.Unauthorized);
+            }
+
+            if (account == null)
+            {
+                return Json(HttpStatusCode.NotFound);
+            }
+
+            if (ActionsRequiringPermissions.ViewAccount.CheckPermissions(currentUser, account)
+                != PermissionsCheckResult.Allowed)
+            {
+                return Json(HttpStatusCode.Forbidden);
+            }
+
+            var wasMultiFactorAuthenticated = User.WasMultiFactorAuthenticated();
+            var canManage = ActionsRequiringPermissions.ManageAccount.CheckPermissions(currentUser, account)
+                == PermissionsCheckResult.Allowed;
+            var template = GetDeleteCertificateForAccountTemplate(accountName);
+
+            var certificates = CertificateService.GetCertificates(account)
+                .Select(certificate =>
+                {
+                    string deactivateUrl = null;
+
+                    if (wasMultiFactorAuthenticated && canManage)
+                    {
+                        deactivateUrl = template.Resolve(certificate.Thumbprint);
+                    }
+
+                    return new ListCertificateItemViewModel(certificate, deactivateUrl);
+                });
+
+            return Json(HttpStatusCode.OK, certificates, JsonRequestBehavior.AllowGet);
+        }
+
+        [HttpGet]
+        [UIAuthorize]
+        public virtual JsonResult GetCertificate(string accountName, string thumbprint)
+        {
+            if (string.IsNullOrEmpty(thumbprint))
+            {
+                return Json(HttpStatusCode.BadRequest);
+            }
+
+            var currentUser = GetCurrentUser();
+            var account = GetAccount(accountName);
+
+            if (currentUser == null)
+            {
+                return Json(HttpStatusCode.Unauthorized);
+            }
+
+            if (account == null)
+            {
+                return Json(HttpStatusCode.NotFound);
+            }
+
+            if (ActionsRequiringPermissions.ViewAccount.CheckPermissions(currentUser, account)
+                != PermissionsCheckResult.Allowed)
+            {
+                return Json(HttpStatusCode.Forbidden);
+            }
+
+            var wasMultiFactorAuthenticated = User.WasMultiFactorAuthenticated();
+            var canManage = ActionsRequiringPermissions.ManageAccount.CheckPermissions(currentUser, account)
+                == PermissionsCheckResult.Allowed;
+            var template = GetDeleteCertificateForAccountTemplate(accountName);
+
+            var certificates = CertificateService.GetCertificates(account)
+                .Where(certificate => certificate.Thumbprint == thumbprint)
+                .Select(certificate =>
+                {
+                    string deactivateUrl = null;
+
+                    if (wasMultiFactorAuthenticated && canManage)
+                    {
+                        deactivateUrl = template.Resolve(certificate.Thumbprint);
+                    }
+
+                    return new ListCertificateItemViewModel(certificate, deactivateUrl);
+                });
+
+            return Json(HttpStatusCode.OK, certificates, JsonRequestBehavior.AllowGet);
+        }
+
+        protected abstract RouteUrlTemplate<string> GetDeleteCertificateForAccountTemplate(string accountName);
     }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery/Controllers/AppController.cs b/src/NuGetGallery/Controllers/AppController.cs
index 8b11d03611..8d485ede18 100644
--- a/src/NuGetGallery/Controllers/AppController.cs
+++ b/src/NuGetGallery/Controllers/AppController.cs
@@ -66,6 +66,11 @@ protected internal JsonResult Json(HttpStatusCode statusCode, object obj, JsonRe
             return Json(obj, jsonRequestBehavior);
         }
 
+        protected internal JsonResult Json(HttpStatusCode statusCode)
+        {
+            return Json(statusCode, obj: new { }, jsonRequestBehavior: JsonRequestBehavior.DenyGet);
+        }
+
         protected internal JsonResult Json(HttpStatusCode statusCode, object obj)
         {
             return Json(statusCode, obj, JsonRequestBehavior.DenyGet);
diff --git a/src/NuGetGallery/Controllers/AuthenticationController.cs b/src/NuGetGallery/Controllers/AuthenticationController.cs
index 5317db0bef..517e01fdd4 100644
--- a/src/NuGetGallery/Controllers/AuthenticationController.cs
+++ b/src/NuGetGallery/Controllers/AuthenticationController.cs
@@ -166,7 +166,7 @@ public virtual async Task<ActionResult> SignIn(LogOnViewModel model, string retu
             }
 
             var authenticatedUser = authenticationResult.AuthenticatedUser;
-            
+            bool usedMultiFactorAuthentication = false;
             if (linkingAccount)
             {
                 // Verify account has no other external accounts
@@ -180,11 +180,14 @@ public virtual async Task<ActionResult> SignIn(LogOnViewModel model, string retu
                 }
 
                 // Link with an external account
-                authenticatedUser = await AssociateCredential(authenticatedUser);
+                var loginUserDetails = await AssociateCredential(authenticatedUser);
+                authenticatedUser = loginUserDetails?.AuthenticatedUser;
                 if (authenticatedUser == null)
                 {
                     return ExternalLinkExpired();
                 }
+
+                usedMultiFactorAuthentication = loginUserDetails.UsedMultiFactorAuthentication;
             }
 
             // If we are an administrator and Gallery.EnforcedAuthProviderForAdmin is set
@@ -197,7 +200,7 @@ public virtual async Task<ActionResult> SignIn(LogOnViewModel model, string retu
             }
 
             // Create session
-            await _authService.CreateSessionAsync(OwinContext, authenticatedUser);
+            await _authService.CreateSessionAsync(OwinContext, authenticatedUser, usedMultiFactorAuthentication);
 
             TempData["ShowPasswordDeprecationWarning"] = true;
             return SafeRedirect(returnUrl);
@@ -265,6 +268,7 @@ public virtual async Task<ActionResult> Register(LogOnViewModel model, string re
             }
 
             AuthenticatedUser user;
+            var usedMultiFactorAuthentication = false;
             try
             {
                 if (linkingAccount)
@@ -275,6 +279,7 @@ public virtual async Task<ActionResult> Register(LogOnViewModel model, string re
                         return ExternalLinkExpired();
                     }
 
+                    usedMultiFactorAuthentication = result.LoginDetails?.WasMultiFactorAuthenticated ?? false;
                     user = await _authService.Register(
                         model.Register.Username,
                         model.Register.EmailAddress,
@@ -316,7 +321,7 @@ public virtual async Task<ActionResult> Register(LogOnViewModel model, string re
             }
 
             // Create session
-            await _authService.CreateSessionAsync(OwinContext, user);
+            await _authService.CreateSessionAsync(OwinContext, user, usedMultiFactorAuthentication);
             return RedirectFromRegister(returnUrl);
         }
 
@@ -473,7 +478,8 @@ public virtual async Task<ActionResult> LinkOrChangeExternalCredential(string re
 
                 // Authenticate with the new credential after successful replacement
                 var authenticatedUser = await _authService.Authenticate(newCredential);
-                await _authService.CreateSessionAsync(OwinContext, authenticatedUser);
+                var usedMultiFactorAuthentication = result.LoginDetails?.WasMultiFactorAuthenticated ?? false;
+                await _authService.CreateSessionAsync(OwinContext, authenticatedUser, usedMultiFactorAuthentication);
 
                 // Get email address of the new credential for updating success message
                 var newEmailAddress = GetEmailAddressFromExternalLoginResult(result, out string errorReason);
@@ -523,13 +529,27 @@ public virtual async Task<ActionResult> LinkExternalAccount(string returnUrl)
                 {
                     // Invoke the authentication again enforcing multi-factor authentication for the same provider.
                     return ChallengeAuthentication(
-                        Url.LinkExternalAccount(returnUrl), 
-                        result.Authenticator.Name, 
+                        Url.LinkExternalAccount(returnUrl),
+                        result.Authenticator.Name,
                         new AuthenticationPolicy() { Email = result.LoginDetails.EmailUsed, EnforceMultiFactorAuthentication = true });
                 }
 
                 // Create session
-                await _authService.CreateSessionAsync(OwinContext, result.Authentication);
+                await _authService.CreateSessionAsync(OwinContext,
+                    result.Authentication,
+                    wasMultiFactorAuthenticated: result?.LoginDetails?.WasMultiFactorAuthenticated ?? false);
+
+                // Update the 2FA if used during login but user does not have it set on their account. Only for personal microsoft accounts.
+                if (result?.LoginDetails != null
+                    && result.LoginDetails.WasMultiFactorAuthenticated
+                    && !result.Authentication.User.EnableMultiFactorAuthentication
+                    && CredentialTypes.IsMicrosoftAccount(result.Credential.Type))
+                {
+                    await _userService.ChangeMultiFactorAuthentication(result.Authentication.User, enableMultiFactor: true);
+                    OwinContext.AddClaim(NuGetClaims.EnabledMultiFactorAuthentication);
+                    TempData["Message"] = Strings.MultiFactorAuth_LoginUpdate;
+                }
+
                 return SafeRedirect(returnUrl);
             }
             else
@@ -648,7 +668,7 @@ private ActionResult RedirectFromRegister(string returnUrl)
             return RedirectToAction(actionName: "Thanks", controllerName: "Users");
         }
 
-        private async Task<AuthenticatedUser> AssociateCredential(AuthenticatedUser user)
+        private async Task<LoginUserDetails> AssociateCredential(AuthenticatedUser user)
         {
             var result = await _authService.ReadExternalLoginCredential(OwinContext);
             if (result.ExternalIdentity == null)
@@ -669,7 +689,10 @@ private async Task<AuthenticatedUser> AssociateCredential(AuthenticatedUser user
             // Notify the user of the change
             _messageService.SendCredentialAddedNotice(user.User, _authService.DescribeCredential(result.Credential));
 
-            return new AuthenticatedUser(user.User, result.Credential);
+            return new LoginUserDetails {
+                AuthenticatedUser = new AuthenticatedUser(user.User, result.Credential),
+                UsedMultiFactorAuthentication = result.LoginDetails?.WasMultiFactorAuthenticated ?? false
+            };
         }
 
         private List<AuthenticationProviderViewModel> GetProviders()
diff --git a/src/NuGetGallery/Controllers/OrganizationsController.cs b/src/NuGetGallery/Controllers/OrganizationsController.cs
index 4214f511be..b73e464859 100644
--- a/src/NuGetGallery/Controllers/OrganizationsController.cs
+++ b/src/NuGetGallery/Controllers/OrganizationsController.cs
@@ -9,20 +9,37 @@
 using System.Web.Mvc;
 using NuGetGallery.Authentication;
 using NuGetGallery.Filters;
+using NuGetGallery.Helpers;
+using NuGetGallery.Security;
 
 namespace NuGetGallery
 {
     public class OrganizationsController
         : AccountsController<Organization, OrganizationAccountViewModel>
     {
+        public IDeleteAccountService DeleteAccountService { get; }
+
         public OrganizationsController(
             AuthenticationService authService,
             ICuratedFeedService curatedFeedService,
             IMessageService messageService,
             IUserService userService,
-            ITelemetryService telemetryService)
-            : base(authService, curatedFeedService, messageService, userService, telemetryService)
+            ITelemetryService telemetryService,
+            ISecurityPolicyService securityPolicyService,
+            ICertificateService certificateService,
+            IPackageService packageService,
+            IDeleteAccountService deleteAccountService)
+            : base(
+                  authService,
+                  curatedFeedService,
+                  packageService,
+                  messageService,
+                  userService,
+                  telemetryService,
+                  securityPolicyService,
+                  certificateService)
         {
+            DeleteAccountService = deleteAccountService;
         }
 
         public override string AccountAction => nameof(ManageOrganization);
@@ -94,7 +111,7 @@ public async Task<JsonResult> AddMember(string accountName, string memberName, b
             var account = GetAccount(accountName);
 
             if (account == null
-                || ActionsRequiringPermissions.ManageAccount.CheckPermissions(GetCurrentUser(), account)
+                || ActionsRequiringPermissions.ManageMembership.CheckPermissions(GetCurrentUser(), account)
                     != PermissionsCheckResult.Allowed)
             {
                 return Json(HttpStatusCode.Forbidden, Strings.Unauthorized);
@@ -193,7 +210,7 @@ public async Task<JsonResult> CancelMemberRequest(string accountName, string mem
             var account = GetAccount(accountName);
 
             if (account == null
-                || ActionsRequiringPermissions.ManageAccount.CheckPermissions(GetCurrentUser(), account)
+                || ActionsRequiringPermissions.ManageMembership.CheckPermissions(GetCurrentUser(), account)
                     != PermissionsCheckResult.Allowed)
             {
                 return Json(HttpStatusCode.Forbidden, Strings.Unauthorized);
@@ -219,7 +236,7 @@ public async Task<JsonResult> UpdateMember(string accountName, string memberName
             var account = GetAccount(accountName);
 
             if (account == null
-                || ActionsRequiringPermissions.ManageAccount.CheckPermissions(GetCurrentUser(), account)
+                || ActionsRequiringPermissions.ManageMembership.CheckPermissions(GetCurrentUser(), account)
                     != PermissionsCheckResult.Allowed)
             {
                 return Json(HttpStatusCode.Forbidden, Strings.Unauthorized);
@@ -252,9 +269,9 @@ public async Task<JsonResult> DeleteMember(string accountName, string memberName
 
             var currentUser = GetCurrentUser();
 
-            if (account == null || 
-                (currentUser.Username != memberName && 
-                ActionsRequiringPermissions.ManageAccount.CheckPermissions(currentUser, account)
+            if (account == null ||
+                (currentUser.Username != memberName &&
+                ActionsRequiringPermissions.ManageMembership.CheckPermissions(currentUser, account)
                     != PermissionsCheckResult.Allowed))
             {
                 return Json(HttpStatusCode.Forbidden, Strings.Unauthorized);
@@ -277,6 +294,63 @@ public async Task<JsonResult> DeleteMember(string accountName, string memberName
             }
         }
 
+        protected override DeleteAccountViewModel<Organization> GetDeleteAccountViewModel(Organization account)
+        {
+            return GetDeleteOrganizationViewModel(account);
+        }
+
+        private DeleteOrganizationViewModel GetDeleteOrganizationViewModel(Organization account)
+        {
+            return new DeleteOrganizationViewModel(account, GetCurrentUser(), PackageService);
+        }
+
+        [HttpPost]
+        [ValidateAntiForgeryToken]
+        [UIAuthorize]
+        public override async Task<ActionResult> RequestAccountDeletion(string accountName = null)
+        {
+            var account = GetAccount(accountName);
+            var currentUser = GetCurrentUser();
+
+            if (account == null
+                || ActionsRequiringPermissions.ManageAccount.CheckPermissions(GetCurrentUser(), account)
+                    != PermissionsCheckResult.Allowed)
+            {
+                return new HttpNotFoundResult();
+            }
+
+            var model = GetDeleteOrganizationViewModel(account);
+
+            if (model.HasOrphanPackages)
+            {
+                TempData["ErrorMessage"] = "You cannot delete your organization unless you transfer ownership of all of its packages to another account.";
+
+                return RedirectToAction(nameof(DeleteRequest));
+            }
+
+            if (model.HasAdditionalMembers)
+            {
+                TempData["ErrorMessage"] = "You cannot delete your organization unless you remove all other members.";
+
+                return RedirectToAction(nameof(DeleteRequest));
+            }
+
+            var result = await DeleteAccountService.DeleteAccountAsync(account, currentUser, commitAsTransaction: true);
+
+            if (result.Success)
+            {
+                TempData["Message"] = $"Your organization, '{accountName}', was successfully deleted!";
+
+                return RedirectToAction("Organizations", "Users");
+            }
+            else
+            {
+                TempData["ErrorMessage"] = $"There was an issue deleting your organization '{accountName}'. Please contact support for assistance.";
+
+                return RedirectToAction(nameof(DeleteRequest));
+            }
+        }
+
         protected override void UpdateAccountViewModel(Organization account, OrganizationAccountViewModel model)
         {
             base.UpdateAccountViewModel(account, model);
@@ -286,6 +360,15 @@ protected override void UpdateAccountViewModel(Organization account, Organizatio
                 .Concat(account.MemberRequests.Select(m => new OrganizationMemberViewModel(m)));
 
             model.RequiresTenant = account.IsRestrictedToOrganizationTenantPolicy();
+
+            model.CanManageMemberships =
+                ActionsRequiringPermissions.ManageMembership.CheckPermissions(GetCurrentUser(), account)
+                    == PermissionsCheckResult.Allowed;
+        }
+
+        protected override RouteUrlTemplate<string> GetDeleteCertificateForAccountTemplate(string accountName)
+        {
+            return Url.DeleteOrganizationCertificateTemplate(accountName);
         }
     }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery/Controllers/PackagesController.cs b/src/NuGetGallery/Controllers/PackagesController.cs
index e1126ba80c..f78ae0b22c 100644
--- a/src/NuGetGallery/Controllers/PackagesController.cs
+++ b/src/NuGetGallery/Controllers/PackagesController.cs
@@ -1188,6 +1188,7 @@ public virtual async Task<ActionResult> Edit(string id, string version)
                 PackageId = package.PackageRegistration.Id,
                 PackageTitle = package.Title,
                 Version = package.NormalizedVersion,
+                PackageRegistration = package.PackageRegistration,
                 IsLocked = package.PackageRegistration.IsLocked,
             };
 
@@ -1783,7 +1784,45 @@ internal virtual async Task<ActionResult> SetLicenseReportVisibility(string id,
             return Redirect(urlFactory(package, /*relativeUrl:*/ true));
         }
 
-        // this methods exist to make unit testing easier
+        [UIAuthorize]
+        [HttpPost]
+        [ValidateAntiForgeryToken]
+        public virtual async Task<JsonResult> SetRequiredSigner(string id, string username)
+        {
+            var packageRegistration = _packageService.FindPackageRegistrationById(id);
+
+            if (packageRegistration == null)
+            {
+                return Json(HttpStatusCode.NotFound);
+            }
+
+            var currentUser = GetCurrentUser();
+
+            if (ActionsRequiringPermissions.ManagePackageRequiredSigner
+                .CheckPermissionsOnBehalfOfAnyAccount(currentUser, packageRegistration)
+                    != PermissionsCheckResult.Allowed || !User.WasMultiFactorAuthenticated())
+            {
+                return Json(HttpStatusCode.Forbidden);
+            }
+
+            User signer = null;
+
+            if (!string.IsNullOrEmpty(username))
+            {
+                signer = _userService.FindByUsername(username);
+
+                if (signer == null)
+                {
+                    return Json(HttpStatusCode.NotFound);
+                }
+            }
+
+            await _packageService.SetRequiredSignerAsync(packageRegistration, signer);
+
+            return Json(HttpStatusCode.OK);
+        }
+
+        // this method exists to make unit testing easier
         protected internal virtual PackageArchiveReader CreatePackage(Stream stream)
         {
             try
diff --git a/src/NuGetGallery/Controllers/UsersController.cs b/src/NuGetGallery/Controllers/UsersController.cs
index db7deb1107..3d3d055184 100644
--- a/src/NuGetGallery/Controllers/UsersController.cs
+++ b/src/NuGetGallery/Controllers/UsersController.cs
@@ -9,25 +9,25 @@
 using System.Threading.Tasks;
 using System.Web.Mvc;
 using NuGetGallery.Areas.Admin;
-using NuGetGallery.Areas.Admin.Models;
 using NuGetGallery.Areas.Admin.ViewModels;
 using NuGetGallery.Authentication;
 using NuGetGallery.Configuration;
 using NuGetGallery.Filters;
+using NuGetGallery.Helpers;
 using NuGetGallery.Infrastructure.Authentication;
+using NuGetGallery.Security;
 
 namespace NuGetGallery
 {
     public partial class UsersController
         : AccountsController<User, UserAccountViewModel>
     {
-        private readonly IPackageService _packageService;
         private readonly IPackageOwnerRequestService _packageOwnerRequestService;
         private readonly IAppConfiguration _config;
         private readonly ICredentialBuilder _credentialBuilder;
         private readonly IDeleteAccountService _deleteAccountService;
         private readonly ISupportRequestService _supportRequestService;
-        
+
         public UsersController(
             ICuratedFeedService feedsQuery,
             IUserService userService,
@@ -39,17 +39,26 @@ public UsersController(
             ICredentialBuilder credentialBuilder,
             IDeleteAccountService deleteAccountService,
             ISupportRequestService supportRequestService,
-            ITelemetryService telemetryService)
-            : base(authService, feedsQuery, messageService, userService, telemetryService)
+            ITelemetryService telemetryService,
+            ISecurityPolicyService securityPolicyService,
+            ICertificateService certificateService)
+            : base(
+                  authService,
+                  feedsQuery,
+                  packageService,
+                  messageService,
+                  userService,
+                  telemetryService,
+                  securityPolicyService,
+                  certificateService)
         {
-            _packageService = packageService ?? throw new ArgumentNullException(nameof(packageService));
             _packageOwnerRequestService = packageOwnerRequestService ?? throw new ArgumentNullException(nameof(packageOwnerRequestService));
             _config = config ?? throw new ArgumentNullException(nameof(config));
             _credentialBuilder = credentialBuilder ?? throw new ArgumentNullException(nameof(credentialBuilder));
             _deleteAccountService = deleteAccountService ?? throw new ArgumentNullException(nameof(deleteAccountService));
             _supportRequestService = supportRequestService ?? throw new ArgumentNullException(nameof(supportRequestService));
         }
-        
+
         public override string AccountAction => nameof(Account);
 
         protected internal override ViewMessages Messages => new ViewMessages
@@ -83,6 +92,11 @@ protected override User GetAccount(string accountName)
             return null;
         }
 
+        protected override DeleteAccountViewModel<User> GetDeleteAccountViewModel(User account)
+        {
+            return new DeleteUserViewModel(account, GetCurrentUser(), PackageService, _supportRequestService);
+        }
+
         [HttpGet]
         [UIAuthorize]
         public virtual ActionResult Account()
@@ -96,7 +110,7 @@ public virtual ActionResult Account()
         public virtual ActionResult TransformToOrganization()
         {
             var accountToTransform = GetCurrentUser();
-            
+
             string errorReason;
             if (!UserService.CanTransformUserToOrganization(accountToTransform, out errorReason))
             {
@@ -162,7 +176,7 @@ public virtual async Task<ActionResult> TransformToOrganization(TransformAccount
                 Strings.TransformAccount_SignInToConfirm, adminUser.Username, accountToTransform.Username);
             return Redirect(Url.LogOn(returnUrl));
         }
-        
+
         [HttpGet]
         [UIAuthorize(allowDiscontinuedLogins: true)]
         [ActionName(RouteName.TransformToOrganizationConfirmation)]
@@ -243,7 +257,7 @@ public virtual async Task<ActionResult> CancelTransformToOrganization(string tok
         {
             var accountToTransform = GetCurrentUser();
             var adminUser = accountToTransform.OrganizationMigrationRequest?.AdminUser;
-            
+
             if (await UserService.CancelTransformUserToOrganizationRequest(accountToTransform, token))
             {
                 MessageService.SendOrganizationTransformRequestCancelledNotice(accountToTransform, adminUser);
@@ -266,89 +280,66 @@ private ActionResult TransformToOrganizationFailed(string errorMessage)
             return View("TransformToOrganizationFailed", new TransformAccountFailedViewModel(errorMessage));
         }
 
-        [HttpGet]
-        [UIAuthorize]
-        public virtual ActionResult DeleteRequest()
-        {
-            var currentUser = GetCurrentUser();
-
-            if (currentUser == null || currentUser.IsDeleted)
-            {
-                return HttpNotFound("User not found.");
-            }
-
-            var listPackageItems = _packageService
-                 .FindPackagesByAnyMatchingOwner(currentUser, includeUnlisted: true)
-                 .Select(p => new ListPackageItemViewModel(p, currentUser))
-                 .ToList();
-
-            bool hasPendingRequest = _supportRequestService.GetIssues().Where((issue) => (issue.UserKey.HasValue && issue.UserKey.Value == currentUser.Key) && 
-                                                                                 string.Equals(issue.IssueTitle, Strings.AccountDelete_SupportRequestTitle) &&
-                                                                                 issue.Key != IssueStatusKeys.Resolved).Any();
-
-            var model = new DeleteAccountViewModel()
-            {
-                Packages = listPackageItems,
-                User = currentUser,
-                AccountName = currentUser.Username,
-                HasPendingRequests = hasPendingRequest
-            };
-
-            return View("DeleteAccount", model);
-        }
-
         [HttpPost]
         [UIAuthorize]
         [ValidateAntiForgeryToken]
-        public virtual async Task<ActionResult> RequestAccountDeletion()
+        public override async Task<ActionResult> RequestAccountDeletion(string accountName = null)
         {
-            var user = GetCurrentUser();
+            var user = GetAccount(accountName);
 
             if (user == null || user.IsDeleted)
             {
-                return HttpNotFound("User not found.");
+                return HttpNotFound();
+            }
+
+            if (!user.Confirmed)
+            {
+                // Unconfirmed users can be deleted immediately without creating a support request.
+                DeleteUserAccountStatus accountDeleteStatus = await _deleteAccountService.DeleteAccountAsync(userToBeDeleted: user,
+                    userToExecuteTheDelete: user,
+                    signature: user.Username,
+                    orphanPackagePolicy: AccountDeletionOrphanPackagePolicy.UnlistOrphans,
+                    commitAsTransaction: true);
+                if (!accountDeleteStatus.Success)
+                {
+                    TempData["RequestFailedMessage"] = Strings.AccountSelfDelete_Fail;
+                    return RedirectToAction("DeleteRequest");
+                }
+                OwinContext.Authentication.SignOut();
+                return SafeRedirect(Url.Home(false));
             }
 
             var isSupportRequestCreated = await _supportRequestService.TryAddDeleteSupportRequestAsync(user);
-            if (!isSupportRequestCreated)
+            if (await _supportRequestService.TryAddDeleteSupportRequestAsync(user))
+            {
+                MessageService.SendAccountDeleteNotice(user);
+            }
+            else
             {
                 TempData["RequestFailedMessage"] = Strings.AccountDelete_CreateSupportRequestFails;
-                return RedirectToAction("DeleteRequest");
             }
-            MessageService.SendAccountDeleteNotice(user.ToMailAddress(), user.Username);
 
-            return RedirectToAction("DeleteRequest");
+            return RedirectToAction(nameof(DeleteRequest));
         }
 
         [HttpGet]
         [UIAuthorize(Roles = "Admins")]
         public virtual ActionResult Delete(string accountName)
         {
-            var currentUser = GetCurrentUser();
             var user = UserService.FindByUsername(accountName);
             if (user == null || user.IsDeleted || (user is Organization))
             {
-                return HttpNotFound("User not found.");
+                return HttpNotFound();
             }
-
-            var listPackageItems = _packageService
-                 .FindPackagesByAnyMatchingOwner(user, includeUnlisted: true)
-                 .Select(p => new ListPackageItemViewModel(p, currentUser))
-                 .ToList();
-            var model = new DeleteUserAccountViewModel
-            {
-                Packages = listPackageItems,
-                User = user,
-                AccountName = user.Username,
-            };
-            return View("DeleteUserAccount", model);
+            
+            return View("DeleteUserAccount", GetDeleteAccountViewModel(user));
         }
 
         [HttpDelete]
         [UIAuthorize(Roles = "Admins")]
         [RequiresAccountConfirmation("Delete account")]
         [ValidateAntiForgeryToken]
-        public virtual async Task<ActionResult> Delete(DeleteUserAccountViewModel model)
+        public virtual async Task<ActionResult> Delete(DeleteAccountAsAdminViewModel model)
         {
             var user = UserService.FindByUsername(model.AccountName);
             if (user == null || user.IsDeleted)
@@ -363,7 +354,12 @@ public virtual async Task<ActionResult> Delete(DeleteUserAccountViewModel model)
             else
             {
                 var admin = GetCurrentUser();
-                var status = await _deleteAccountService.DeleteGalleryUserAccountAsync(user, admin, model.Signature, model.ShouldUnlist, commitAsTransaction: true);
+                var status = await _deleteAccountService.DeleteAccountAsync(
+                    userToBeDeleted: user,
+                    userToExecuteTheDelete: admin,
+                    signature: model.Signature,
+                    orphanPackagePolicy: model.ShouldUnlist ? AccountDeletionOrphanPackagePolicy.UnlistOrphans : AccountDeletionOrphanPackagePolicy.KeepOrphans,
+                    commitAsTransaction: true);
                 return View("DeleteUserAccountStatus", status);
             }
         }
@@ -410,12 +406,12 @@ private ApiKeyOwnerViewModel CreateApiKeyOwnerViewModel(User currentUser, User a
                 ActionsRequiringPermissions.UploadNewPackageId.IsAllowedOnBehalfOfAccount(currentUser, account),
                 ActionsRequiringPermissions.UploadNewPackageVersion.IsAllowedOnBehalfOfAccount(currentUser, account),
                 ActionsRequiringPermissions.UnlistOrRelistPackage.IsAllowedOnBehalfOfAccount(currentUser, account),
-                packageIds: _packageService.FindPackageRegistrationsByOwner(account)
+                packageIds: PackageService.FindPackageRegistrationsByOwner(account)
                                 .Select(p => p.Id)
                                 .OrderBy(i => i)
                                 .ToList());
         }
-        
+
         [HttpGet]
         [UIAuthorize(allowDiscontinuedLogins: true)]
         public virtual ActionResult Thanks()
@@ -440,14 +436,18 @@ public virtual ActionResult Packages()
                 new ListPackageOwnerViewModel(currentUser)
             }.Concat(currentUser.Organizations.Select(o => new ListPackageOwnerViewModel(o.Organization)));
 
-            var packages = _packageService.FindPackagesByAnyMatchingOwner(currentUser, includeUnlisted: true);
+            var wasMultiFactorAuthenticated = User.WasMultiFactorAuthenticated();
+
+            var packages = PackageService.FindPackagesByAnyMatchingOwner(currentUser, includeUnlisted: true);
             var listedPackages = packages
                 .Where(p => p.Listed)
-                .Select(p => new ListPackageItemViewModel(p, currentUser)).OrderBy(p => p.Id)
+                .Select(p => new ListPackageItemRequiredSignerViewModel(p, currentUser, SecurityPolicyService, wasMultiFactorAuthenticated))
+                .OrderBy(p => p.Id)
                 .ToList();
             var unlistedPackages = packages
                 .Where(p => !p.Listed)
-                .Select(p => new ListPackageItemViewModel(p, currentUser)).OrderBy(p => p.Id)
+                .Select(p => new ListPackageItemRequiredSignerViewModel(p, currentUser, SecurityPolicyService, wasMultiFactorAuthenticated))
+                .OrderBy(p => p.Id)
                 .ToList();
 
             // find all received ownership requests
@@ -464,7 +464,7 @@ public virtual ActionResult Packages()
                 .SelectMany(m => _packageOwnerRequestService.GetPackageOwnershipRequests(requestingOwner: m.Organization));
             var sent = userSent.Union(orgSent);
 
-            var ownerRequests = new OwnerRequestsViewModel(received, sent, currentUser, _packageService);
+            var ownerRequests = new OwnerRequestsViewModel(received, sent, currentUser, PackageService);
 
             var userReservedNamespaces = currentUser.ReservedNamespaces;
             var organizationsReservedNamespaces = currentUser.Organizations.SelectMany(m => m.Organization.ReservedNamespaces);
@@ -473,11 +473,13 @@ public virtual ActionResult Packages()
 
             var model = new ManagePackagesViewModel
             {
+                User = currentUser,
                 Owners = owners,
                 ListedPackages = listedPackages,
                 UnlistedPackages = unlistedPackages,
                 OwnerRequests = ownerRequests,
-                ReservedNamespaces = reservedPrefixes
+                ReservedNamespaces = reservedPrefixes,
+                WasMultiFactorAuthenticated = User.WasMultiFactorAuthenticated()
             };
             return View(model);
         }
@@ -488,7 +490,7 @@ public virtual ActionResult Organizations()
         {
             var currentUser = GetCurrentUser();
 
-            var model = new ManageOrganizationsViewModel(currentUser, _packageService);
+            var model = new ManageOrganizationsViewModel(currentUser, PackageService);
 
             return View(model);
         }
@@ -598,7 +600,7 @@ public virtual async Task<ActionResult> ResetPassword(string username, string to
 
             return RedirectToAction("PasswordChanged");
         }
-        
+
         [HttpGet]
         public virtual ActionResult Profiles(string username, int page = 1)
         {
@@ -609,7 +611,7 @@ public virtual ActionResult Profiles(string username, int page = 1)
                 return HttpNotFound();
             }
 
-            var packages = _packageService.FindPackagesByOwner(user, includeUnlisted: false)
+            var packages = PackageService.FindPackagesByOwner(user, includeUnlisted: false)
                 .OrderByDescending(p => p.PackageRegistration.DownloadCount)
                 .Select(p => new ListPackageItemViewModel(p, currentUser)
                 {
@@ -645,7 +647,7 @@ public virtual async Task<ActionResult> ChangePassword(UserAccountViewModel mode
             }
             else
             {
-                if (!model.ChangePassword.EnablePasswordLogin)
+                if (model.ChangePassword.DisablePasswordLogin)
                 {
                     return await RemovePassword();
                 }
@@ -672,6 +674,33 @@ public virtual async Task<ActionResult> ChangePassword(UserAccountViewModel mode
             }
         }
 
+        [HttpPost]
+        [UIAuthorize]
+        [ValidateAntiForgeryToken]
+        public virtual async Task<ActionResult> ChangeMultiFactorAuthentication(bool enableMultiFactor)
+        {
+            var user = GetCurrentUser();
+
+            await UserService.ChangeMultiFactorAuthentication(user, enableMultiFactor);
+
+            TempData["Message"] = string.Format(
+                enableMultiFactor ? Strings.MultiFactorAuth_Enabled : Strings.MultiFactorAuth_Disabled,
+                _config.Brand);
+
+            if (enableMultiFactor)
+            {
+                // Add the claim to remove the warning indicators for 2FA.
+                OwinContext.AddClaim(NuGetClaims.EnabledMultiFactorAuthentication);
+            }
+            else
+            {
+                // Remove the claim from login to show warning indicators for 2FA.
+                OwinContext.RemoveClaim(NuGetClaims.EnabledMultiFactorAuthentication);
+            }
+
+            return RedirectToAction(AccountAction);
+        }
+
         [HttpPost]
         [UIAuthorize]
         [ValidateAntiForgeryToken]
@@ -777,7 +806,7 @@ public virtual async Task<JsonResult> GenerateApiKey(string description, string
                 Response.StatusCode = (int)HttpStatusCode.BadRequest;
                 return Json(Strings.UserNotFound);
             }
-            
+
             var resolvedScopes = BuildScopes(scopeOwner, scopes, subjects);
             if (!VerifyScopes(resolvedScopes))
             {
@@ -837,6 +866,11 @@ public virtual async Task<JsonResult> EditCredential(string credentialType, int?
             return Json(new ApiKeyViewModel(credentialViewModel));
         }
 
+        protected override RouteUrlTemplate<string> GetDeleteCertificateForAccountTemplate(string accountName)
+        {
+            return Url.DeleteUserCertificateTemplate();
+        }
+
         private async Task<CredentialViewModel> GenerateApiKeyInternal(string description, ICollection<Scope> scopes, TimeSpan? expiration)
         {
             var user = GetCurrentUser();
@@ -861,7 +895,7 @@ private async Task<CredentialViewModel> GenerateApiKeyInternal(string descriptio
             { NuGetScopes.PackageUnlist, new [] { ActionsRequiringPermissions.UnlistOrRelistPackage } },
             { NuGetScopes.PackageVerify, new [] { ActionsRequiringPermissions.VerifyPackage } },
         };
-        
+
         private bool VerifyScopes(IEnumerable<Scope> scopes)
         {
             if (!scopes.Any())
@@ -877,7 +911,7 @@ private bool VerifyScopes(IEnumerable<Scope> scopes)
                     // All scopes must have an allowed action.
                     return false;
                 }
-                
+
                 // Get the list of actions allowed by this scope.
                 var actions = new List<IActionRequiringEntityPermissions>();
                 foreach (var allowedAction in AllowedActionToActionRequiringEntityPermissionsMap.Keys)
@@ -973,6 +1007,12 @@ private async Task<ActionResult> RemoveCredentialInternal(User user, Credential
             {
                 await AuthenticationService.RemoveCredential(user, cred);
 
+                if (cred.IsPassword())
+                {
+                    // Clear the password login claim, to remove warnings.
+                    OwinContext.RemoveClaim(NuGetClaims.PasswordLogin);
+                }
+
                 // Notify the user of the change
                 MessageService.SendCredentialRemovedNotice(user, AuthenticationService.DescribeCredential(cred));
 
@@ -993,7 +1033,7 @@ protected override void UpdateAccountViewModel(User account, UserAccountViewMode
                 .Sum(p => p.Value.Count);
 
             model.ChangePassword = model.ChangePassword ?? new ChangePasswordViewModel();
-            model.ChangePassword.EnablePasswordLogin = model.HasPassword;
+            model.ChangePassword.DisablePasswordLogin = !model.HasPassword;
         }
 
         private Dictionary<CredentialKind, List<CredentialViewModel>> GetCredentialGroups(User user)
diff --git a/src/NuGetGallery/ExtensionMethods.cs b/src/NuGetGallery/ExtensionMethods.cs
index 9e1a3fecb4..d0f6948b30 100644
--- a/src/NuGetGallery/ExtensionMethods.cs
+++ b/src/NuGetGallery/ExtensionMethods.cs
@@ -9,12 +9,14 @@
 using System.Linq.Expressions;
 using System.Security;
 using System.Security.Claims;
+using System.Security.Principal;
 using System.Text;
 using System.Web;
 using System.Web.Mvc;
 using System.Web.Mvc.Html;
 using System.Web.WebPages;
 using Microsoft.Owin;
+using Microsoft.Owin.Security;
 using NuGet.Frameworks;
 using NuGet.Packaging;
 using NuGetGallery.Helpers;
@@ -481,6 +483,57 @@ public static User GetCurrentUser(this IOwinContext self)
             return user;
         }
 
+        /// <summary>
+        /// This method will add the claim to the OwinContext with default value and update the cookie with the updated claims
+        /// </summary>
+        /// <returns>True if successfully adds the claim to the context, false otherwise</returns>
+        public static bool AddClaim(this IOwinContext self, string claimType)
+        {
+            var identity = GetIdentity(self);
+            if (identity == null || !identity.IsAuthenticated)
+            {
+                return false;
+            }
+
+            if (identity.TryAddClaim(claimType))
+            {
+                // Update the cookies for the newly added claim
+                self.Authentication.AuthenticationResponseGrant = new AuthenticationResponseGrant(new ClaimsPrincipal(identity), new AuthenticationProperties() { IsPersistent = true });
+                return true;
+            }
+
+            return false;
+        }
+
+        /// <summary>
+        /// This method will remove the claim from the OwinContext and update the cookie with the updated claims
+        /// </summary>
+        /// <returns>True if successfully removed the claim from context, false otherwise</returns>
+        public static bool RemoveClaim(this IOwinContext self, string claimType)
+        {
+            var identity = GetIdentity(self);
+            if (identity == null || !identity.IsAuthenticated)
+            {
+                return false;
+            }
+
+            if (identity.TryRemoveClaim(claimType))
+            {
+                // Update the cookies for the removed claim
+                self.Authentication.AuthenticationResponseGrant = new AuthenticationResponseGrant(new ClaimsPrincipal(identity), new AuthenticationProperties() { IsPersistent = true });
+                return true;
+            }
+
+            return false;
+        }
+
+        private static IIdentity GetIdentity(IOwinContext context)
+        {
+            var responseGrantIdentity = context.Authentication?.AuthenticationResponseGrant?.Identity;
+            var authenticatedUserIdentity = context.Authentication?.User?.Identity;
+            return responseGrantIdentity ?? authenticatedUserIdentity;
+        }
+
         private static User LoadUser(IOwinContext context)
         {
             var principal = context.Authentication.User;
diff --git a/src/NuGetGallery/Extensions/ClaimsExtensions.cs b/src/NuGetGallery/Extensions/ClaimsExtensions.cs
index f3d50d6fbe..4ddc3f095e 100644
--- a/src/NuGetGallery/Extensions/ClaimsExtensions.cs
+++ b/src/NuGetGallery/Extensions/ClaimsExtensions.cs
@@ -58,5 +58,44 @@ public static bool HasBooleanClaim(ClaimsIdentity identity, string claimType)
                 .Equals(BooleanClaimDefault, StringComparison.OrdinalIgnoreCase)
                 ?? false;
         }
+
+        public static Claim CreateBooleanClaim(string claimType)
+        {
+            return new Claim(claimType, BooleanClaimDefault);
+        }
+
+        public static void AddExternalLoginCredentialTypeClaim(List<Claim> claims, string credentialType)
+        {
+            string claimValue = null;
+            if (CredentialTypes.IsMicrosoftAccount(credentialType))
+            {
+                claimValue = NuGetClaims.ExternalLoginCredentialValues.MicrosoftAccount;
+            }
+            else if (CredentialTypes.IsAzureActiveDirectoryAccount(credentialType))
+            {
+                claimValue = NuGetClaims.ExternalLoginCredentialValues.AzureActiveDirectory;
+            }
+
+            if (!string.IsNullOrEmpty(claimValue))
+            {
+                claims.Add(new Claim(NuGetClaims.ExternalLoginCredentialType, claimValue));
+            }
+        }
+
+        public static bool LoggedInWithMicrosoftAccount(ClaimsIdentity identity)
+        {
+            return identity
+                .GetClaimOrDefault(NuGetClaims.ExternalLoginCredentialType)?
+                .Equals(NuGetClaims.ExternalLoginCredentialValues.MicrosoftAccount, StringComparison.OrdinalIgnoreCase)
+                ?? false;
+        }
+
+        public static bool LoggedInWithAzureActiveDirectory(ClaimsIdentity identity)
+        {
+            return identity
+                .GetClaimOrDefault(NuGetClaims.ExternalLoginCredentialType)?
+                .Equals(NuGetClaims.ExternalLoginCredentialValues.AzureActiveDirectory, StringComparison.OrdinalIgnoreCase)
+                ?? false;
+        }
     }
 }
diff --git a/src/NuGetGallery/Extensions/OrganizationExtensions.cs b/src/NuGetGallery/Extensions/OrganizationExtensions.cs
index 58cea85e08..7627aaea80 100644
--- a/src/NuGetGallery/Extensions/OrganizationExtensions.cs
+++ b/src/NuGetGallery/Extensions/OrganizationExtensions.cs
@@ -10,7 +10,7 @@ public static class OrganizationExtensions
     {
         public static Membership GetMembershipOfUser(this Organization organization, User member)
         {
-            return organization.Members.FirstOrDefault(m => m.Member.MatchesUser(member));
+            return organization?.Members?.FirstOrDefault(m => m.Member.MatchesUser(member));
         }
 
         /// <summary>
diff --git a/src/NuGetGallery/Extensions/PrincipalExtensions.cs b/src/NuGetGallery/Extensions/PrincipalExtensions.cs
index f39ceae760..39c78ea239 100644
--- a/src/NuGetGallery/Extensions/PrincipalExtensions.cs
+++ b/src/NuGetGallery/Extensions/PrincipalExtensions.cs
@@ -87,6 +87,35 @@ public static bool IsAdministrator(this IPrincipal self)
         /// <param name="self">Current user principal.</param>
         /// <returns>True if user has password credential, false otherwise.</returns>
         public static bool HasPasswordLogin(this IPrincipal self)
+        {
+            return HasBooleanClaim(self, NuGetClaims.PasswordLogin);
+        }
+
+        /// <summary>
+        /// Determine if the current user has multi-factor authentication enabled.
+        /// </summary>
+        /// <param name="self">Current user principal.</param>
+        /// <returns>True if user has multi-factor authentication enabled, false otherwise.</returns>
+        public static bool HasMultiFactorAuthenticationEnabled(this IPrincipal self)
+        {
+            return HasBooleanClaim(self, NuGetClaims.EnabledMultiFactorAuthentication);
+        }
+
+        /// <summary>
+        /// Determine if the current user was multi-factor authenticated
+        /// </summary>
+        /// <param name="self">Current user principal.</param>
+        /// <returns>True if user was multi-factor authenticated, false otherwise.</returns>
+        public static bool WasMultiFactorAuthenticated(this IPrincipal self)
+        {
+            return HasBooleanClaim(self, NuGetClaims.WasMultiFactorAuthenticated);
+        }
+
+        /// <summary>
+        /// Determine if the current user logged in with personal microsoft account
+        /// </summary>
+        /// <param name="self">Current user principal.</param>
+        public static bool WasMicrosoftAccountUsedForSignin(this IPrincipal self)
         {
             if (self == null || self.Identity == null)
             {
@@ -94,15 +123,14 @@ public static bool HasPasswordLogin(this IPrincipal self)
             }
 
             var identity = self.Identity as ClaimsIdentity;
-            return ClaimsExtensions.HasBooleanClaim(identity, NuGetClaims.PasswordLogin);
+            return ClaimsExtensions.LoggedInWithMicrosoftAccount(identity);
         }
 
         /// <summary>
-        /// Determine if the current user has an associated external credential.
+        /// Determine if the current user logged in with azure active directory account
         /// </summary>
         /// <param name="self">Current user principal.</param>
-        /// <returns>True if user has password credential, false otherwise.</returns>
-        public static bool HasExternalLogin(this IPrincipal self)
+        public static bool WasAzureActiveDirectoryAccountUsedForSignin(this IPrincipal self)
         {
             if (self == null || self.Identity == null)
             {
@@ -110,7 +138,17 @@ public static bool HasExternalLogin(this IPrincipal self)
             }
 
             var identity = self.Identity as ClaimsIdentity;
-            return ClaimsExtensions.HasBooleanClaim(identity, NuGetClaims.ExternalLogin);
+            return ClaimsExtensions.LoggedInWithAzureActiveDirectory(identity);
+        }
+
+        /// <summary>
+        /// Determine if the current user has an associated external credential.
+        /// </summary>
+        /// <param name="self">Current user principal.</param>
+        /// <returns>True if user has password credential, false otherwise.</returns>
+        public static bool HasExternalLogin(this IPrincipal self)
+        {
+            return HasBooleanClaim(self, NuGetClaims.ExternalLogin);
         }
 
         /// <summary>
@@ -156,7 +194,44 @@ public static bool HasScopeThatAllowsActions(this IIdentity self, params string[
 
             return !self.IsScopedAuthentication() || self.HasExplicitScopeAction(requestedActions);
         }
-        
+
+        /// <summary>
+        /// Try to remove the claim from the identity
+        /// </summary>
+        /// <param name="identity">IIdentity from which the claim is to be removed</param>
+        /// <param name="claimType">The claim type to be removed</param>
+        /// <returns>True if successfully able to remove the claim, false otherwise</returns>
+        public static bool TryRemoveClaim(this IIdentity identity, string claimType)
+        {
+            var claimsIdentity = identity as ClaimsIdentity;
+            var claim = claimsIdentity?.FindFirst(claimType);
+            if (claim != null)
+            {
+                return claimsIdentity.TryRemoveClaim(claim);
+            }
+
+            return false;
+        }
+
+        /// <summary>
+        /// Try to add a new default claim to the identity. It will not replace an existing claim.
+        /// </summary>
+        /// <param name="identity">IIdentity from which the claim is to be removed</param>
+        /// <param name="claimType">The claim type to be added</param>
+        /// <returns>True if successfully able to add the claim, false otherwise</returns>
+        public static bool TryAddClaim(this IIdentity identity, string claimType)
+        {
+            var claimsIdentity = identity as ClaimsIdentity;
+            var existingClaim = claimsIdentity?.FindFirst(claimType);
+            if (existingClaim == null)
+            {
+                claimsIdentity.AddClaim(ClaimsExtensions.CreateBooleanClaim(claimType));
+                return true;
+            }
+
+            return false;
+        }
+
         private static string GetScopeClaim(IIdentity self)
         {
             if (self == null)
@@ -172,5 +247,16 @@ private static bool IsEmptyScopeClaim(string scopeClaim)
         {
             return string.IsNullOrEmpty(scopeClaim) || scopeClaim == "[]";
         }
+
+        private static bool HasBooleanClaim(IPrincipal self, string claimType)
+        {
+            if (self == null || self.Identity == null)
+            {
+                return false;
+            }
+
+            var identity = self.Identity as ClaimsIdentity;
+            return ClaimsExtensions.HasBooleanClaim(identity, claimType);
+        }
     }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery/Extensions/RouteExtensions.cs b/src/NuGetGallery/Extensions/RouteExtensions.cs
index c2e3239b8a..9c5c0fdf23 100644
--- a/src/NuGetGallery/Extensions/RouteExtensions.cs
+++ b/src/NuGetGallery/Extensions/RouteExtensions.cs
@@ -27,6 +27,12 @@ public ObfuscatedMetadata(int obfuscatedSegment, string obfuscateValue)
 
         internal static Dictionary<string, ObfuscatedMetadata[]> ObfuscatedRouteMap = new Dictionary<string, ObfuscatedMetadata[]>();
 
+        public static void MapRoute(this RouteCollection routes, string name, string url, object defaults, object constraints, ObfuscatedMetadata obfuscationMetadata)
+        {
+            routes.MapRoute(name, url, defaults, constraints);
+            if (!ObfuscatedRouteMap.ContainsKey(url)) { ObfuscatedRouteMap.Add(url, new[] { obfuscationMetadata }); }
+        }
+
         public static void MapRoute(this RouteCollection routes, string name, string url, object defaults, ObfuscatedMetadata obfuscationMetadata)
         {
             routes.MapRoute(name, url, defaults, new[] { obfuscationMetadata });
diff --git a/src/NuGetGallery/Helpers/ObfuscationHelper.cs b/src/NuGetGallery/Helpers/ObfuscationHelper.cs
new file mode 100644
index 0000000000..c3dad1bce6
--- /dev/null
+++ b/src/NuGetGallery/Helpers/ObfuscationHelper.cs
@@ -0,0 +1,23 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Web;
+using System.Web.Routing;
+
+namespace NuGetGallery.Helpers
+{
+    public class ObfuscationHelper
+    {
+        public static string ObfuscateRequestUrl(HttpContextBase httpContext, RouteCollection routes)
+        {
+            if (httpContext?.Request?.Url == null || routes == null)
+            {
+                return string.Empty;
+            }
+
+            var route = routes.GetRouteData(httpContext)?.Route as Route;
+            return route == null ? string.Empty : route.ObfuscateUrlPath(httpContext.Request.Url.AbsolutePath.TrimStart('/'));
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/NuGetGallery/Migrations/201804171613337_AddCertificateRegistration.Designer.cs b/src/NuGetGallery/Migrations/201804171613337_AddCertificateRegistration.Designer.cs
new file mode 100644
index 0000000000..b090a05528
--- /dev/null
+++ b/src/NuGetGallery/Migrations/201804171613337_AddCertificateRegistration.Designer.cs
@@ -0,0 +1,29 @@
+// <auto-generated />
+namespace NuGetGallery.Migrations
+{
+    using System.CodeDom.Compiler;
+    using System.Data.Entity.Migrations;
+    using System.Data.Entity.Migrations.Infrastructure;
+    using System.Resources;
+    
+    [GeneratedCode("EntityFramework.Migrations", "6.1.3-40302")]
+    public sealed partial class AddCertificateRegistration : IMigrationMetadata
+    {
+        private readonly ResourceManager Resources = new ResourceManager(typeof(AddCertificateRegistration));
+        
+        string IMigrationMetadata.Id
+        {
+            get { return "201804171613337_AddCertificateRegistration"; }
+        }
+        
+        string IMigrationMetadata.Source
+        {
+            get { return null; }
+        }
+        
+        string IMigrationMetadata.Target
+        {
+            get { return Resources.GetString("Target"); }
+        }
+    }
+}
diff --git a/src/NuGetGallery/Migrations/201804171613337_AddCertificateRegistration.cs b/src/NuGetGallery/Migrations/201804171613337_AddCertificateRegistration.cs
new file mode 100644
index 0000000000..fab4efcf63
--- /dev/null
+++ b/src/NuGetGallery/Migrations/201804171613337_AddCertificateRegistration.cs
@@ -0,0 +1,62 @@
+namespace NuGetGallery.Migrations
+{
+    using System;
+    using System.Data.Entity.Migrations;
+    
+    public partial class AddCertificateRegistration : DbMigration
+    {
+        public override void Up()
+        {
+            CreateTable(
+                "dbo.UserCertificates",
+                c => new
+                    {
+                        Key = c.Int(nullable: false, identity: true),
+                        CertificateKey = c.Int(nullable: false),
+                        UserKey = c.Int(nullable: false),
+                        IsActive = c.Boolean(nullable: false),
+                    })
+                .PrimaryKey(t => t.Key)
+                .ForeignKey("dbo.Users", t => t.UserKey, cascadeDelete: true)
+                .ForeignKey("dbo.Certificates", t => t.CertificateKey, cascadeDelete: true)
+                .Index(t => t.CertificateKey)
+                .Index(t => t.UserKey);
+            
+            CreateTable(
+                "dbo.PackageRegistrationRequiredSigners",
+                c => new
+                    {
+                        PackageRegistrationKey = c.Int(nullable: false),
+                        UserKey = c.Int(nullable: false),
+                    })
+                .PrimaryKey(t => new { t.PackageRegistrationKey, t.UserKey })
+                .ForeignKey("dbo.PackageRegistrations", t => t.PackageRegistrationKey, cascadeDelete: true)
+                .ForeignKey("dbo.Users", t => t.UserKey, cascadeDelete: true)
+                .Index(t => t.PackageRegistrationKey)
+                .Index(t => t.UserKey);
+            
+            AddColumn("dbo.Certificates", "Sha1Thumbprint", c => c.String(maxLength: 40, unicode: false));
+            AddColumn("dbo.Packages", "CertificateKey", c => c.Int());
+            CreateIndex("dbo.Packages", "CertificateKey");
+            AddForeignKey("dbo.Packages", "CertificateKey", "dbo.Certificates", "Key");
+        }
+        
+        public override void Down()
+        {
+            DropForeignKey("dbo.UserCertificates", "CertificateKey", "dbo.Certificates");
+            DropForeignKey("dbo.UserCertificates", "UserKey", "dbo.Users");
+            DropForeignKey("dbo.PackageRegistrationRequiredSigners", "UserKey", "dbo.Users");
+            DropForeignKey("dbo.PackageRegistrationRequiredSigners", "PackageRegistrationKey", "dbo.PackageRegistrations");
+            DropForeignKey("dbo.Packages", "CertificateKey", "dbo.Certificates");
+            DropIndex("dbo.PackageRegistrationRequiredSigners", new[] { "UserKey" });
+            DropIndex("dbo.PackageRegistrationRequiredSigners", new[] { "PackageRegistrationKey" });
+            DropIndex("dbo.Packages", new[] { "CertificateKey" });
+            DropIndex("dbo.UserCertificates", new[] { "UserKey" });
+            DropIndex("dbo.UserCertificates", new[] { "CertificateKey" });
+            DropColumn("dbo.Packages", "CertificateKey");
+            DropColumn("dbo.Certificates", "Sha1Thumbprint");
+            DropTable("dbo.PackageRegistrationRequiredSigners");
+            DropTable("dbo.UserCertificates");
+        }
+    }
+}
diff --git a/src/NuGetGallery/Migrations/201804171613337_AddCertificateRegistration.resx b/src/NuGetGallery/Migrations/201804171613337_AddCertificateRegistration.resx
new file mode 100644
index 0000000000..61a73ceb94
--- /dev/null
+++ b/src/NuGetGallery/Migrations/201804171613337_AddCertificateRegistration.resx
@@ -0,0 +1,126 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <data name="Target" xml:space="preserve">
+    <value>H4sIAAAAAAAEAO1d3W4cuXK+D5B3GMxVEmwsy7vn4MSwEnhla48QyzYs7yJ3QmuGkjrb0z2nu8eWTpAny0UeKa8Q9u/wp4osdrN/RmdgwNA0ySJZ/Fgki8Wq//uf/33zb4+baPGNpVmYxGfL0xcvlwsWr5J1GN+fLXf53T//aflv//r3f/fm/XrzuPityfdjkY+XjLOz5UOeb1+fnGSrB7YJshebcJUmWXKXv1glm5NgnZy8evnyX05OT08YJ7HktBaLN192cR5uWPmD/zxP4hXb5rsgukrWLMrq7zzluqS6+BhsWLYNVuxs+XH3C8t/CaKIpU/LxdsoDHgbrll0t1wEcZzkQc5b+PrXjF3naRLfX2/5hyD6+rRlPN9dEGWsbvnrfXZqJ16+Kjpxsi/YkFrtsjzZOBI8/bHmyolavBNvly3XON/ec/7mT0WvS96dLc9Zmod34SrIef/V+l6fR2mRV+buC6HMDws5JUn5pwYOHDXFvx8W57so36XsLGa7PA2iHxafd7dRuPp39vQ1+Z3FZ/EuisRm8obyNOkD//Q5Tba85qcv7K5uPM+0XJzIBU/Ukm05sVDVq8s4//HVknchioLbiLU4EDhwnfMu/cJilvLerj8Hec5SPoyXa1ZyUqteqez6ITj9+rDb3G7TMM6bejkE+TxaLq6Cxw8svs8fzpY/8YlzET6ydfOhbsqvcchnHS+Tpztmq41U06s//JFUlcYVpe6PwbfwvmSS0go+x1IBItly8YVFZcbsIdxWk1LE0I1e4CJNNl+SSManlu/mOtmlK96yrwkh89cgvWe53I03J/sJYZwmCjXyVFHKHaeLGcACqwj1mmkVrO9N5DJ7u8rDb6yh8nPCgRbEPWaHhKKhJkaDddLEaGaRy/wGm14kGNsMZtAaC+eCWuk0fZ3m7HGimufF+00QRm/X65RlmYe1xjKT+cYzvgvTDVuPWy8HQsz/MlT0x5+8rKUgd6Mo+c7WzpJHk2DvWMTy/oTex0XmKw758CJYcfi83eUPBVpW9d60H/mPCZ/rT5+D1e/BPfu8yx48tLhg43kFnbKN5aw0jGYxaXqj5nOQZd+TdP2FZSyfqMb3j9swLbv8rlxnqvqLv7+GGyu985QVQuHXfOVa8kOQ5Rec6bw/yX0Yd6AglD5PdvuNLHH5xpfdlJWijZeCl902/aZaLISVVk7SF1cl3XU9veKyjGMebldJcZ9DWUubBG0nLKdCW19Tiz6l90Ec/rVMugrvKyR9YX/ZsSzHW2kupbTclBnujbGEzx4aBsJSzKGPyJCZi/TppVvnSH2id8VLD4hNN7eZ0Fj3VhaCN/3G1q06Cm6qlu3m03e+AZMajOXRpA6a0VX8FOQMrK2TFZaWX2FWVkmuLLxmq13KN56fE76BDg0NkjI+acIayQIeMqB8XQ5DVmVHx4MRyF6/eo392kXX/rVFjoekETQQRdnRDyC/BdHOVKsvHaLaVxYHcX65Hvxk945lqzTciueWwerao2Xgiuptu77j7gDx82Sz3ZXELEes4qDBMtdd/v588jVc/Z4JM6TAs/2MwWcW0E/yWrPiP2FJXSbdiFJxL6TVNG1N0TJ406w5nE40nThyeum0XJQ9JK8UZe7jImGdtfX49F4qyg2gTsVyQ7W7/U+2Ml0Y8T89SKdanVWo041Cl1qbB01AfwmgTjZURJDPO8UQGtpVp6tNKj8jranSek37UpFWaxPIs18sdBQC5snxc7I27Q/8zMACNPCW1CIh2F4N11UVO5aU+Zp023SjE7JhGjgnRYjf7HPuZyeYQZuncC5X0VF1vY8SEbyI01SMnSSIWTdIlCgmItNKmI/su9i4TgIHotFnN/B2vQljL0dQlysUX8u3pmErRxm+zeg8uVsWjaPxBecXTUlM7ZECojGU9c696idJrtjmlk9r3h1X8aGVnFZmWAQGJmeqXnSSMF7Fi9yUnjY2xTzsu8V4tlKq5fQQVzfW2dtZFFnlkJjhpuoh1HZDNq31prze9i+d9iseZc3i5yBjNbQbBCyJg6KyeZhhUTe4lCGk35aXUpzadFubSY3tecmyX3g6rFWHt0jNZYWaeHmyINjPZbZVfI8jt+2zjCCpe4po7UKcPNm0kkd1Vb/rwdNXfxpie3WZXT8EqTTCfW0jP6fsLnz0N7cbgw7f1h/qImU1E6E2uDa4/MLuwyxPDXY2eo1wUVNnoBKEroHFeq3IAEWytADKHuWF7Qp8fGHxLvkeR0mw7mJFqokJPpbhXejDGPtDsvq9A50uAgcAKiBy8FzazDRk7Sh26A3fFzA3vclHanyb2d3g7y+7kK9E1+G9E/u1cubOKNlJfVLLjGbL6Gk5sNs5GleRPsuB6xJwFPu2dwnaQHm4i9g+peH9w/BXiVOYU9Hs0vz0j09qFmTsY5Lv7bcGq8zjavz+seBpENXo+jWNBm/9n4Ps4W10n6Rh/rAxbWV8POIuKhvf9PJylcRjsJLvgAqr5d4GBQ2d67wo5I0a23D5/cpv4zwRLe0et+vRZVJR7/t1CFZrKRmuWJyNM0PDNaur+8K2SdobXx+C+H5X7gnwmehjtpebAfGx4yhjWsvOi5CjM/wrEwRyYX/ryCr+s7DtGWOYi7HNQt73p5HE/hcWrK8Y50u55Gigsl8HFtbRNTDfrgpnNkHcX291vdtsgnR4i7Gvwf3wW4OvYR4Zp5kX4/h6Wz76S4qPSboJIj7H1t5aYLPWK1abD+wbAwyKSfK6PGkNPuyStB5jNn/ghxAfGpzPKUurrXNfWhdRIbdjti5e0ifp8DxvK3zHtizmp7jqpd1YtdarTlHd8LVehfF5FPKDqn3e/eRj3nWxrPXkmaHmK99t5rtMaIOohqoS3Y/bzOCQh2xm18Ab15LdtHk0jViThGm/2nRXTZfNE09DX8qnN0/0rYM1Uczj2kx5rhraKWfUGyqmoy2VMrk2VZLpxsZKOW9a/ZvWaDCfpiM0Zna9/67L/ZkvF/zAb+Z5lenJ0AElB9Z0NVvHRssXWkOp1pE+mPXwjj2pFwkD3OWMOtzFdBTuUibnN+u7bYE0tr5I+e/vSfq7scVtLgNctDwYs/WM3h4bNgTVxwzid5Sh/d8Y1pQqqe6qkq9KHRXzpA1DfxvgwOgcq+NGziYa+u4jkBml7TP6oLddRp9cEbwveUTxOCj2Yp1A0j5cb9lqcE1HBe92ffBfX6/56bRJxWYquJPtM10V1bHbjJUKHyftOJPW5KPOVZtamKILWtluDaIosga6uztPNhvmxeez40HP4Yi3L2E54zUZsR0mkrujAdJwZ1RS89VNvgcZ1lF6HeVWr62uLyNGg1mWo07FfcKRtCra9OwD2Vrr4QrZutgRsuMstV0028VCnOXBZtt7dR7nenCsG5jxzNfGNCUby3hoRIOSZ2vUMKrZ39ECYkSLvxnZMHq1L3IzfPNnbuXxKOF+T4QcH7DrJF9K/4Y+ovsXk21N9HYTUHxx3SIWKcf94SHfAjjbb01x2+B0B4lpM8GLyj4TRtD9us2atuBx6hywjr3bPTMizfEL6U4ILWjT3+XzzEckzuoKtljUOwYLAF1VyHEEOkFK9+TvFOlLLnqEWxddkN8Nw0C3JNe7W59O3z171B9iovqOoQHFozDF2ug0nc93JTIvWHFGo4ak2Jc5TuBZrRdXQcz3DMiSIQzbzT6j4NoeSNf920OZvLojEGuAbCWhdGMzNUPKPhPF9e26XOw4XSz6+v2w9V72hngO/3ZXjHkRgzGKnurG9n7iEq+i3bo/nYFUzLg9v7hy+JrHWrA/02T3ba0tz1XI8QXQfkNuTCqZivSSUbVcuWZ5Xo4+UUbJxY4yyjLP2GMOvn32NOdc1U+lSyBX58xA2eO4j7+eFP7D4Sgy3Vwhc/z5oSd6dz7nQB3l6nIQX854iBdgDtzsC2g6PDAfpseDM3vwFkjuiWX1IhYh9Y+6jpkNriQAk7uplTN3UclO6p5axsclW/UU1f2xQlHqKKhJz3w/xe6CBKb085MH+Rxko8ThUrVw4X0cFDgYoWrDk9qajaZZXWW6EfJqM1nNgs1eLd8Q7hLrSgyvOZUcltb60VK8Xa0Kl1+O4kUqdRQvI4uXmvu9ZYw/aTUnqVFzB5yKEm5v1AL7CWnKp01LY2Z3bwIm0QdWJYs+JAut1Yjow6XJbqNvVRpXFpfZRRTcZ+04um1dKio+w3L8Gq9ZGj1xXIpQl8el8nTfyMZvQRhV7uvK66Gz5UttIKUCrb+QOvupOTvPFa6DSvNSl9ANt6USF7xBbN2UK/YHdbkf9QGrhkb8+DbLklVYFmzmrRpMU677fbxe2CJrPrWeTOrgs1d8MMJtESU+fzpb/pPWIQPRVpm3JyoG+pQpny7VxeFTXA3Aogpiyg+lQbYK1roI4dxZy1/4esLSqh5+ki0OJWGc64tPGK/CbRBZ2q+Uoy5bRcPaKtSU5kllbhkQSt1KSFu9FW1lCttsXHpzIkCMgrzqCGbGh3Lu6o03+Uwm0KuuWWVyL1+80CdxD7BIlY+HE4mHlGr3SqFJ0KHG08ZGFA2uTREgJqhgUbktcJleJiENHwNqyGBQqm7NViZBGxwmFoOGJWbsHiByVGY69szhZkcTWMZmjIEnI6MpDZACKk+CLDmwLzbgcBzfMUUN1hYAdG6o7oQ8kB9jIA7sPKViIaz1dDgzhow1jjcpGqwVj7hEcwhSu6/EHAF3KKlH5sdoeKTwjdIYewzsuYDVIilpEZknFJ/EKNPdoO5TxpI4OQugO0ljObL6JBg3BWnFsEOK2AqDxkUYk+L17qsB4nkPAkhC78dAIoE7pPPzLCQtGAnUARcdcDeIVDVHLIWwOh5Ip0bnAcISjbSJjb897OYeA0CYWfrR2xq207KrUGg78AQyibFwBS8C8QU076FzxlDZWLxpfYda2qg7JNe4MJLcQj2bag1qvOkOIrUQvowhsBAOUKoWn79PIqaatov+5W0jDTqbt8KPMPFAF/Wimlto5GCHY0NbxgQTwGRK9WqshElBJflZtY09HBlgaqkGu4LVWiW6Wh5UvEFcGhOWED8OSdAh/gktMLB5B9XwoDyFcJaENu+IWIXe9yOw/1Gn1mvOHQbmluojYmQZ0md6Gzsy4jQ3DuAhTXfV55UFSKgDLA1CrddQZ7CiwVgOB6ZIF0YEKDJQhwhN4z08kHdQUE5zC29oxASYOiy7DsiBl3WvDXr7mnyvLbUKF4uVK75Bd9kQf8bcZUOcOCTZpnv/soy9wRWYNv6CxzNnOWcIbWVFvy7vOkxTirS3ifkumpVJBftUEv0wRTkcF89FZ60/rnJSkQ8r5i3h/DqgvQ80jXwbEapGrjiIfu0h/myQXLvhXhfPqFxvfJSyI139qLUOfgek38wBzXK5QYSKj3CfCFaLz3CHMXO0wIJ8zGHdsDqck0dd9fZI55fNY93sze8tHRhDaloGa/5rvWYM5m4W6G4N6GC8OgdrKWuPx0KakTOURnxk3yumzQhwDkibncHpNIZROF8mAaITAmcBv8ozs3GUZV/MbjstjBqAlSLB71ajXH+E23dLP9Xcc5hhWpuQHYnBDMPnTMNYNNpkw/gx/92FaDxCxqWpEPjoFIfBQCg1tnAysFL4NgZmKdyhtGMWJkSgW2YUF0YfzQJiReesDu+kTd6dB1MGEPyuWhpsKGrgTgcls4MH1wk1kd0mN7lro0xx8sAenMoQdIxMmZEmZbdhwg+1RBn9N3efbH3AC7JpRLiCzCCtRIrj8yl12bBDVIs62eIdVZOFstdiZ+212b/q7PWKlF6MeCVjHDyi1mdiFzNQT1w2EsTyIyH6Oe0rHPs3Feyf0w4D6p/qKNkFjqjX5EEnAeZ3+SClO9KZqdCOjCilOZCr+SlRrnnPtGAMd6UJvHWp3Og64xh1w3ko2MU6MCJesXGiNEF2hTsDdFKNm1Cf0URsggZt1lo6myQ58MPoqxdrL81x777Vivtr+rwlOf2d/eSl9GKMGUwZNodpLDrInmQuY36andAErzR+Eeuy0njRu1haMRnYZr5cvC/9b/MyOS/RuoMuv4YsK76zRyiYEx/J2st2VvtXV+FR0L1muX7BkS0X71uv39C9loY0mZR2uaaT0y6hCCQxOtbCe/ekYM8EN7EWQqVLXYhG7ZDYUlx0oAhRkR0sWoiZ3ajpxM2exiyVacZNUA2ABRSZrJmelZBmbQnRA+w5LWRBQ1OdMKhboZE2kKOSaHyjoIQaDyM0cpJ7ApSm+LSfRld6PWugrDx7diJuJ0slWD17M7KgfVdIo1i9QUOpVe+3aKTa9zoGesJ7INvcKe2PgOlSWgMR5LJkcgqzDLINtgnt/TUHKLXFSywaKcOUUy+eLATlKJgQQTW8Jm1gRb2LYWxlzRl1Whf7FuOMrraVFnLSFgoip+xSFXLCJkdZVsVYFAshm7jCovEqpO0uGrGi7ct+Jdc2cAYyzXZZICPtLNSDmtxXMh/q4HQYCwCVLNBsWfnapeOyIlWgUG/FevdW9fQP9NgYDEBqMxYOgDZWRlIDsgB2Pw8wguCnXuqD2VO90BNlS2pgi9k3/QDMkT2oA0wxuFiXWg47Wbe12EAC6LSRj107b96yIwyh+wLXe0jyBu7OOJL/b4Gs5WgzPHNxuDk4r3bjQx9g0rxOj8hgkw9kgLNkl8lS1ylOk514SXGPLBCEzsRDcI7KMkde+WOShTs+2IL6jQVYQ/MxK3XK6mVW6BikajDwy+pXdoCVE7JPwPllyI13Cy8E8QzWoxi4ZiA/PN9ab7M4s2CHtFAXNJe0OltIrNA8yep02mZ7Y4SkocWZgbpJBTsCOUrtyhTINaq45ZeU0N7YIqvIcL7gnj7BzoC+PrtyBnTRqROTu+KLQ4g/SZxVFAeUUDctLij1/qpaSDsnLU4n0SoGY2erpCJys8nv2NMGSMPxsqkBZ6VHHqo+D3HuGb0jQr3C/CPq/RG0ynZmYS4RR2ETpoiAspF7gikh+nBnaC1Ew31Zi4/LfCmfXUyL2XvLfIkYDpe6D75Yo7s1w9ljcYEG9Qp3gqb3TLwYsfMLd3s26BSzzS3ipLLNJhpkRpo+sPcu4mEENoiznhc0wzjfBxLNJm5Q2BjdRhE5afQ2Ze0v5m/KN18xD1MDwJPoW4qkZQBLuigGIAKDaCDAinAQG0ezo/oV8kGF6Fyt7qo0hajJYZUCIv3u2qJsNfmoGuoSBPSIRNFQd1FMe9ZHj65BBVz6UFjlxCNfzBlBcyq4mMHYADig0Zstu6Bx77bsdEaUZlXb/HRUtzxE+mz2/6E3H3X94c4J1EeHQsqz8sro/QS6eyd7S5Fvzyn+UogqOjrhkVgIud+AWGd10yH3zOSoQ2SVZBFlYpXJNccQlhx2pxw4l0ylrF00FDZwkHRCcnDfMfyWCfQDYUEe4dhk9BjRF3mm45FlILqfkmCHBPjxiODAADqvmF0Y6HhQDPvsByKz04LhDurWR/FEVrrNZiKFwRg87eSGWqQ+wSay3fhy28oG7O22b3Zjr7WHg7X2HAvnp/nlFtQ39O0WdN1Wm83aOYa+1hqcSwT9nPGpqqE3BJ2cO4tG0sMZX6UCrKK/YpX6RnrHKvRQNcg2sI30cnUAeGFvIqlMM05C2wNKj6zyMwmLF7xF4fZJX5v25uR69cA2Qf3hzQnPsmLbfBdEV8maRVmTcBVst8XDg33J+sviulDw8f3VP18vF4+bKM7Olg95vn19cpKVpLMXm3CVJllyl79YJZuTYJ2cvHr58l9OTk9PNhWNk5U0n9UHiG1NeZLymaWk8qp5Sy/CNMvfBXlwGxRPbs7XGy1b+UF4wChzr2VvUxvwRlEfvOYlQlOo+Lt2OrT7heX1m4wXBnOVPScveOc2LM7LfjL4wKqX5uWvV0EUpM3DUfHh6nkS7Tax4SUrXv76ITj9+rDb3G7TsJA2Iik1jU4Vo2im9uZEYZE6ECfaSChTQx1d0tgTdBDE8VffnrpjwEphKByoXkhFUjYPpTjV1i2vSA711YvTucwK5wXfmExo/3VWWHID0GVW/P3p7h80JP1jR/yMB5rybcLb9TplWSYTklMcABOvkvguTDdsjRNHM7kBM+Z/6cisvrryIIqS78V7QZ0HTYoL2OtdgYr29rND6+LgNmKl14WLYMXBUphyFm+QVvWhW2qwLTO93o8JlxhP9R758y57UHsDZnDk+nmFgrJxX5PfmdodJA+9ls9Bln1P0nVx0ZkDNUDpfai/f9yG1en/XWkYa65Lze0g7FNWKMl+zVeKoBe+06l9CLL8grOarT8k92GsUYXS6dSFkufVgUikraf6XwpcdgDiHVwH8W28N8R5RJXjEy2K4vvI7ntr9IEuZWttKDzU4uhr71O935d20cCLfhOF34Jop5CoPzm0gsVBnF8qUnz/lU7pHctWabjVlx8pwWG5LEc2Vxi9/+osFkGZ6LQ4FYKZqTui5qMjnWrlCle/Q/TERDeBzYG41sV09XU2gqN+Ut5ZZlTOc9zFBVJusLNXK530o5ecRKe5d4spksOdZeKUrne3/8lWqmqg+UinU++EKy90MjUlaTb4k99ed4ah5H3JHY3m4kOB8udkrRCovjjs3Oqn/FpLpAQHIDJNQcXc1FK+oPw1AfslfJ4NhF2flXfY59p8ATjue+3k0EMn+y4S0sYHSneQX+sNP7xA4y6nOMh98/m119G1Zp5+jpQSZgNTwGCzMzZ1b3HugCTQQFdeEwR74E8Oaqng2hBvEKd4mZXI1ZSq1ccjjnvh2AuAeyF3esgieB0FrBMBAHhC0RkHultJdzgQaAy1g/ShdrjMrh+CVPKsKY+/luxC+3PK7sJHlWTzdTaYIr7/IaKKYEBHwBWJylDIUtVQjgqo5HscJcEaUCcrSS5Y+o2l4V2oX9rsv7tQ+5CsftdpNV/nhsz+aOyOwPFQB0BeI4nlcdlMbZ/S8P4hVzdR7efxFZq+VbZfWMSCjH1MclVLKqdMO6ffP+bFdXBUj+mvaaRqYPV0OvU/B9nD2+g+ScP8YSMTVpLcaOqknCTPKom1jrYfnSRYYUqTaxKs/upO6TovLqdhek1aB6pswwX0K4Rsk9i1tWbqchZH9f12rc9sKcGN3vt1CJJrvjtQqzyxaCASvzsgOlyrfrsleOvJLv2O73elVwm5181Xh5VhdxuFuo2D8Nl5lbkIOTbCv2pGAEqiA900KdSc2riI310k+DbJwsJPikZQSXKSXl9YsL5il3ElWDVRViW7qg+Ka7caJG9XhdVrEKvnCEM2F+3yZhOkyoag/eigXQ7ulVWx+uJAIcxVUVl/cji9sTTT1vv2o4slULoJIg7WNUgRSHa5ESiE5wf2jek3Z2qaswQrz5SgDKtTnClWIgqTjEKqC+VMl9v1N8eTcFptvYDTcJvicPcTBXnOYrZuXQdKF0BaagfKsoM5kLzJBx2pDtmvEViHyfWRqY6rMD6PQn6wAaeFnjq+4QlohdjBBrHmEN/v5LsMOzEJqWMZLU97Zsb9fLqdnOsYLJ3Pz1j5gU/RGA5cL0UC1Ya3+jK30bY47HQbciFETudhN9E4jKHvpwSs5er1lq3ALU6V4LJpK55vCbFx5P2bkjg3eCoON/sCVD6SdcaohcxhwNSvrfV1ceupHV/2X91OcMBmtNMu9DzZbDTjnPbjTMHuDea9AT4etA9ludw7bO07Rk0stc5jhBI4DPHjzQo95GfePNhsVbVC+3lc9QR4ruxwnPR53eLdst2TMt6vSnb+ikT/10t/m2rE/tdJQ1xyDaUg932t0uVSYNpVF3Mt7rbilq+TOi+3cOnDWGvpuytfSvdp8SI4Re8Lmv3ZuDNyDCSGgs+BHvoxt6xUs8QifK/7MMHF/mZPOqCP6M5jAoRBdh8hCpGhxsvXOaW/DL7e3SLbeDllGEPYqZ5oi344O6NQDJ3tDj9j6b9ZOaE6NO07ON0NLm0EhhoiARf6LZ+SNjdrzre7PClevvC06KlurKazAHI4KAniVbRba7bC7VcXSw3tvIwelCeaDDWW+ffCx2ePySAT6jAZbAQGk1fsMTcYxAHJsxk80MNr34ODSK372cFMZeDT58AiqPHxDD6H7eAPQPGxq5GF0ru9JSwcPuJPCavUZ/uSUHFa23eeVHT62AvA5YeaG7Wd0SdNk95+dqb185PWKDnFBUtBpp4Omm8OJ43wPg7yXare5u4/zwaNioPbzmiU6HRAo6X8AaGx7gkGSTF5SqTPEaOyA2TL+9s2Pjn1kW1bwPqUFgsYpgkLcwx4nX80DGt0waEtmNm2qEdja//UXRuLqnLw9qmerp2xAAVfsKDBVITwBJaICLyWvpigbhcdUWFo8OHiAosl7mDbJpSi2LCZzX5wvpuDkXeXHwU5j/AwBzTv2syazkQgAWIQE2+y9gVcL6xwDqOBhXvKixuPKEDDKndto3vb+DFxHRajurjMPu6i6Gx5F0Tq0xZD1wdZebTIug5LkFaWuBaddlyMkIC8B7AqISF+D2l5ooYOJm9o4eLW7S3BxQdpAwlVfyB7X7DpfkRuj8nQG2Fi6FbDhXKTBbonhm7zAZbqEV5HnIm2FvUcyILI2CMHBwq1X8cKmQ3XrsTjiymsaFdm2i7yHEfZFKj0kNYCLH4aRdkrZCf6zsHXWCTKWk8ZWFP1uBdAArfNc+uJd9+OGy3Wl5qlVcLVX9rfbayvOs6WFACs5EwRzmvRLoJA4K0qy3LBmfAtXBdBt66fspxtXhQZXlz/JareLu8z8CkY3rGsiltxtnz18vTVcvE2CoOsis5WhxR7vdplxW14HCd5HbuNEGPs9Mcixhhbb07U4u6RygoqWbaWwgQI2u1GujAkQtMbPpYqIhqkfGF3CxRVb07Ukm8gbBZtOFuW4bPKKf0L4yNfGWXkhc8M0e99gb7Cw0yLwBMjfTXYV1XVtyBdPQTpcnEVPH5g8X3+cLb86aVIPE91QyaVtoGuOmSvL+M1ezxb/ldZ9PXi8j9u5HjcLakf+Az7NQ7/suO5vvJGLP5bauWrP/zRwgNRDW0cbmNQrgMecvWJvFCV27Dw0j8sPqV8or9evCzGwbEh7crq1oK6WK+q9zHEqrpvw9wnbJ4NVuRAW1VFMSQdlHlHEQ9oPC/P1bTRvQx0//hTR9Y0cb6oMIKg2DrX6E7EGsOrO2kwZFePliLhuQyD8+Mr1zGHInQNXIEalquqrng+lIcF+Nzoi8/E+1GCwnD1o6gH3xIEkB8ZigVuOmBJOuFiVwWO8iv9akt2uqimtbQNLOV3DZBe4volvQeEX7qtv1Z1siLAPE82211ZwFUgNxGq+kkFLTBVs0TcK3KBKrSqoFQujSKLFyDQ0wFLFiVYlON2XizcS8rszT7dWtCUwyqn4KUN5iPPwX/YBI//6EpLiUplodhnlcMjPB0wGqtwUR7GQQoX5QYpoWgvVLH95qbLVtcnKoUgU268aAs6TG4ygukBnGiItodqsgMcouHGMp1CL8Eox4lya4pYtlcjrCcuimTTyUpG9Pha3QdjlphMNGBZo9nAYERD1thh2BODPgEod8R5LrRl+2rcqpg93eXpc8DwWOB9HsjtDNuJMEsGhCU+0wHv/+yKgdNXf+owElrEpz4a1ybWk/dxtRpPHfDIWtQyXYZVCdJC1SNCQ7oPuNQHGE2opaGA8WzAgJmzuYlpmErPjW7rws/DsWs0LZxBQ9mp4bLLOw8EvU1VKH6Sh/YpjuVMgsrZkKHyf+dZ1916dPTQ+X2EpV7CT4qq5IFSE+TIV6M8EJS8+g09qcVQSj1v8QSfnT4mix5AqQ9Lm9BJphniPOkEj4lDj5PmPhK7u6BREzyiepHkkj9UP6KyCakEjjqtVajP0z4K09rdqQ+Faen11Aehykex39u91rmj31tZIKwSuQKaRlyOrgTuAhzkWXmc8zJKejQlL0SznnY5ciCl7nT00Ek+bljggEk+KcthkjxQ1iMkGQD+kzPAh7HSoJko9DYC02Mqdd+lj2EkSjO00mzmOx0x9wTorXE93EMxlQ7/iN+d573vLQLdapMgNFyHDYuJdBy6HppzJ12hw46pCtDkdzOmuWzuQ94VfYZoR0cA9lADkgxoaaeSNsxS9+UU3Zf2ViO18ZYmAO2zgSu00jhebriyEAwwdMAsnHzGT7d1F6Ih9RQ1g+gafB4Z/d6u+L708KlS96xxnb1S0PuF0d+OhtD1emjq6yy/6m7jjYrrIoLr/L0uvsWX48o78TmdrBUf4MyPOGE7YBR4PcSiIOuhgRtI96Z7JDrgQRxa42UL9XPArJvwfaX19NjlXC9HHfJMHDTS9Ak0NKjPASNs6MlpCrRzwGxTXXw53iRJpXtN09maLMKxgHpcOrdRgLrT6HoOJKPdFEnngNEOROIZfDOLh7E5YEbOdrZK8XPcWiMU7dUEKNaOW0t0Ct5eF1YBejwpkAZ+l2WIcnPAU0eIT9JTHyOHD3GDmFi2J9qrCDsWSNF21fsAJu7kyLAyhKs5woqBwW46YWtPoBfAZoHycZBJCGZDQyjRE7deEHGna4c3XKPrsqfTmOGlo+cXiF3HmOyy3OMoz3bbN9uRJoeaoU5sPDyMnhuP0kKZ0G1NrrO4LthrQMWmu9W/LzniBD49zuBnN4PdY28MvDjT8HKga/VMgOl0WdP1dgsPWgCgBQ5oYR/lCa9c2jY7YqoqNsRoGeNp0AbNGgzDo5SejVZ+flJZdGCTTXZ6J/DAT/+FkBPNUbRwj3mD+uB9H68XxUSS3PTWTS+iOrwQP5cuqbdRuOI1ny31wGSf4uoEvaj8LXKaQbYK9BDfZfQNrB2VP0+xCfUXufZ/0ojyMWNp1dRzPthcnod62NrPaRivwm0Q6b1WslLRUHSnpaqmNM9RcqlzlJoUR6B6nS1phbU2NkhxSSjYKZXKKGxK+SiOVvVBHqyXL16cauM11ZBDEZImHuy95n+Scd5j7QZY7hzHeiCx4CyeDg0tjpLIEMlqBMSI3m5bD62DygjJv65IS044bAzgToSRCiW/upMgoYzFVzdZ3WDNQ3IckQNVKPggng43Di6HnbGEixJjrSJhc0aC+Jo3ZujcRxpg9/A8FzDNUzINAsRDk1y9USi75J4Ef2Ifane1VuDJmglstDMXwaZ71xbJAqmDIMegchkIQhav4kit8xBdAHQmwgwClmeIkgOChx7PvNQVwNF7hWHVfVKLowukjrLgwRYrxpZBy7EnCFr8dg8EQ4LVDlIz8SZwUlhCwZpnstuaF/hG2191x9u0eyrgbpYo+6CLd3GYwfRRIIjZc1laNyAMrUYKA6GSZNmG1E02hJkYpjOWhfMD4mjysA/yZiERbxofMJbBhQZzXHjVPhSBdjQpQ8q0MdEEeYtEahQ9PEwKI8GvJ24UIOSRrt3E7073OA7g9HXFj/VzWEjQbvmZ7Jl1UkBInoNnL1wET59AW8TU5yJkMN+mSK1zETSSTXtjb03dxIPPb8WBVjKMiUCTsb6tpWr2ITFq8Eo6LGDJrxmQZpieL0wPYMv2ngyII2gNoD0kuOLvZ6bEK+yCZIYLej9Rf7jLurt4nsvKXru9PRyINX56gYa0Sc8FVqBP4gMB1ODWhFPjYWxtlwsY5qHkEpx7HsBhtKgfakX1/bmIlLI3hyRPWg+aPpcommjRnHeKJIXE54INxAmrGSA3kyNktKVmRIXn2IvL4awq0i1d/c26usz3HnlETE18T/w87oVrL/rrwj3Qc7RjOKXcH58+T4RaXHw8F8genk3DpKCc2qqBhsJp12bdlhDozHMxeLXJdFqB52wO21WOz9o6FkQ07QJphsv/IaF6qm2BN1zPaougx5yYr8cAID6G2hI1+bD3ALaAIEi1M3sH7OvF5tyfyY0Gi26v4z6y71XBGUFjnq94p3pBNwGASNXNAjZFy61nhqlXp+Ivrf7q42EjBvZ2iFQ2g/WnQotlP66NFjRSzwgt5AEcFS1FxonRUvwnGG7Pc1VSGqk1w2DBf4jSxtXIf1qhI7SWjqYObzGeLbbGftPRBWKzeNshOHe9uQri4J5w7yTG+5OAJn4fx+mf4ocXac2AzxLR2IcDAc3oeRgDms3V8GRAm/Ft0fTQGs+zZAdMTbw+StEzIe35AWrNlZCgAOCepwmHKRQqUuWsdN6iZLPaDM1u7ZwMbhOtnC4wm8XCWTdYjPvZxpac5coJNBiSsHL6Ya+gUJco9UrhRWeDruexnM4HhhNbnjmjclarKwRQJaDtUQoa4Td7KQhFOJ4Sa9Xo76N9zhlfddhZ0MNFlfIsMAVF10VqlAO8zgBH1HcErkM5u3cl7mM1gfV/PSjTgUOKF60EN56lpJEDXIuNUFIOW9IY4ngjNQKRreeDqP7LFi5ajogwI2LKtUfyF16MzJ5gGYinvE+8+Zr4NZzCsdLRJfmBh8vo5bHcO0rel7EAeZmcl2Bpo91K1uwiTLP8XZAHt4EWQboqdc1y/b5yuXjfhheEbpmvVw9sE5wt17cJH/IqSqF0h63jRa5LuyXW6tNyQHVqd+eUepHK8BrsZMUoZDrnhESQcW26vaI6Lp5WR/0dIl8m2SnLwZC0CuRkqB4xh706c0QTrXpzdqg55mgwtuYBRsBam4A8UEO0bC61G6u11WevCHgWpdUH5IGq1bLZawd1h1r9YC6oBdAbG2ob8HqNdZHpN/5usVqadENdjddfYo2iA0ysVjGPoWbJLyixesVXF9YCJZuhEVJO12ZYG0Cpmlxp6zoIq7TNYKi0yuPA8crVDFZllWqor3K0Q6xL8F+CVShkMdTa5iLIqtLSVRdP5WdQIhVGvaQdgfoMCNwfqJmw3YKUjzJ+0tWwvnsQU8Htwz4DuS5c6qkZDDWSZeAvQRSxtPhQ6ICBStUMUKVyHjJSZf07BlY5lwGvYkYHUVydlnExXKUbRXCRxV6jcj7XalTSoRqlLB22EMgWG8lH2kpU8RS67CeQxqA5ifsKtwYZfaiSVkb3xaoq57pyAW4RqLw7JTNPcSnhjjDavpFWjIQ/ty3l/lkGuI7gC1aT6rRkIAjXcliWjsZk0+nglllOapn9aKZXKOg4lHPvjXiSFrKJZ+AbPIw2Eky87aD8WVPb7EtLh/CyYP1FVbrLXSF3s7r0RnsI3IkDKj2hddWHSTqkRpYHOmUMPt+zY87j3KGLcCh0oKOEmOk9uwvpcMqSckLvLpcq5r2qR++qnOFgu2jWOiHddoln24sVFBVaScmccXhW4RBxCNn8TJhlihQMcIkcWNh0J4P0Tlt6JRqoBrSkA6QOwRoqT8ZjBsIFD923RXoFOOEUHFbqEKr4LfsFpBqYYzwBwvSg6eqTZfW7IxeWQU+Vesqc6RgDHHXsaLIXwrtqOJKVHQXTDayzHOUxmsOzD0eWvZBPbM2CQW0kQpwdcLBCqCtQ0ykskK9WxNJNirfuSvfReJcND4Wx59zi4UT8bu8+hW09uizf/eB9xmPH+Rxr/VJLpCCm+mKAOXgZzhCHoGdQR8HrM7GvSgY76whKSJS+mn1g5lplrENALgMrDN1+HgxtJxaRkYi1rb/p2w/V3dmixinCGWKMaOSTFcodsVi8TfLdfUwxBWUbYK8yZpfl8DGGdUvKN9hoi3fzYtnqu69O69FO8I5bIqP47LxmLCASEBK9jb0F54MBfNitGBy7gngQafOPfoQbkSlIeAUiiyjBGaY4855SznS6LfUwLHU7/lKCBwxzDh6NaW7O60kKKROBiTR6NqjTCozFbBftn4nAeFN/rgzX7d7QxRXL6nOy47Z6bXk12f/tltOl1iB3WeNfzWj9ovV+qG4PdwlTdqG0wTGIbD2Tb5CL5kNtqeqjzy7iglLPZBBeamOhho7fRf1tENJNLaPv0cQ0vVpaf3Mbk19RyPaG7IfUq+p6ZKYYXGBCPKF6zJRZohtxVywRv5sslWCLPpWGp/sbk7NGKksG2MxPwgRFEyTvoFBemEqNt2+EzflFfvk7cYNu8CxgIagdPE2cUVhQU4JdteFnYoJrNz+nYOixg4grOX0QdhBnEbXo6NqXGbBQ9X5FZJ/RadYh40vze4EzxOwiww8T5Lc18v1zleK54wRdr9ETkY9OjKjZNfrPAVhA97fTc/zBt1VlUSVlGBbAwCf5hjmYjnd0bmIzEu3oJqUn2zoanhrYVrhxKoi0nj7atDcn1UOb+gP/mScpn49XyZpFWfn1zckXPlThhlW/3rGs1Mo3JTjNmJVepPZEmzyX8V3SeDdRWtRkaZJbDwZ5sA7y4G1xkAtWOU9esSwrX3f+FkQ7Vhjs37L1Zfxpl293Oe8y29xGksKucJRiqv/NidbmN5+2JU99dIE3M+RdYJ/in3dhtG7bfRFEqskGRqLwwPIL49+rsSy2Iez+qaX0MYmJhGr2tY5jvrLNNioO6Z/i6+Ab69I2Dt8P7D5YPfHv38J1gWWMiH0gZLa/eRcG92mwyWoa+/L8J8fwevP4r/8Pc20pgqyoAgA=</value>
+  </data>
+  <data name="DefaultSchema" xml:space="preserve">
+    <value>dbo</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/src/NuGetGallery/Migrations/201804241507196_RemoveUserCertificateIsActive.Designer.cs b/src/NuGetGallery/Migrations/201804241507196_RemoveUserCertificateIsActive.Designer.cs
new file mode 100644
index 0000000000..2261454027
--- /dev/null
+++ b/src/NuGetGallery/Migrations/201804241507196_RemoveUserCertificateIsActive.Designer.cs
@@ -0,0 +1,29 @@
+// <auto-generated />
+namespace NuGetGallery.Migrations
+{
+    using System.CodeDom.Compiler;
+    using System.Data.Entity.Migrations;
+    using System.Data.Entity.Migrations.Infrastructure;
+    using System.Resources;
+    
+    [GeneratedCode("EntityFramework.Migrations", "6.1.3-40302")]
+    public sealed partial class RemoveUserCertificateIsActive : IMigrationMetadata
+    {
+        private readonly ResourceManager Resources = new ResourceManager(typeof(RemoveUserCertificateIsActive));
+        
+        string IMigrationMetadata.Id
+        {
+            get { return "201804241507196_RemoveUserCertificateIsActive"; }
+        }
+        
+        string IMigrationMetadata.Source
+        {
+            get { return null; }
+        }
+        
+        string IMigrationMetadata.Target
+        {
+            get { return Resources.GetString("Target"); }
+        }
+    }
+}
diff --git a/src/NuGetGallery/Migrations/201804241507196_RemoveUserCertificateIsActive.cs b/src/NuGetGallery/Migrations/201804241507196_RemoveUserCertificateIsActive.cs
new file mode 100644
index 0000000000..01bbfc895e
--- /dev/null
+++ b/src/NuGetGallery/Migrations/201804241507196_RemoveUserCertificateIsActive.cs
@@ -0,0 +1,18 @@
+namespace NuGetGallery.Migrations
+{
+    using System;
+    using System.Data.Entity.Migrations;
+    
+    public partial class RemoveUserCertificateIsActive : DbMigration
+    {
+        public override void Up()
+        {
+            DropColumn("dbo.UserCertificates", "IsActive");
+        }
+        
+        public override void Down()
+        {
+            AddColumn("dbo.UserCertificates", "IsActive", c => c.Boolean(nullable: false));
+        }
+    }
+}
diff --git a/src/NuGetGallery/Migrations/201804241507196_RemoveUserCertificateIsActive.resx b/src/NuGetGallery/Migrations/201804241507196_RemoveUserCertificateIsActive.resx
new file mode 100644
index 0000000000..ea863a5eaf
--- /dev/null
+++ b/src/NuGetGallery/Migrations/201804241507196_RemoveUserCertificateIsActive.resx
@@ -0,0 +1,126 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <data name="Target" xml:space="preserve">
+    <value>H4sIAAAAAAAEAO1d3W4cuXK+D5B3GMxVEmwsy7vn4MSwEnhla48QyzYs7yJ3QmuGkjrb0z2nu8eWTpAny0UeKa8Q9u/wp4osdrN/RmdgwNA0yWKx+LFIFsmq//uf/33zb4+baPGNpVmYxGfL0xcvlwsWr5J1GN+fLXf53T//aflv//r3f/fm/XrzuPityfdjkY+XjLOz5UOeb1+fnGSrB7YJshebcJUmWXKXv1glm5NgnZy8evnyX05OT08YJ7HktBaLN192cR5uWPmD/zxP4hXb5rsgukrWLMrq7zzluqS6+BhsWLYNVuxs+XH3C8t/CaKIpU/LxdsoDDgP1yy6Wy6COE7yIOccvv41Y9d5msT311v+IYi+Pm0Zz3cXRBmrOX+9z05txMtXRSNO9gUbUqtdlicbR4KnP9ZSOVGLd5LtspUal9t7Lt/8qWh1Kbuz5TlL8/AuXAU5b79a3+vzKC3yytJ9IZT5YSGnJCn/1MCBo6b498PifBflu5SdxWyXp0H0w+Lz7jYKV//Onr4mv7P4LN5FkcgmZ5SnSR/4p89psuU1P31hdzXzPNNycSIXPFFLtuXEQlWrLuP8x1dL3oQoCm4j1uJAkMB1zpv0C4tZylu7/hzkOUt5N16uWSlJrXqlsuuH4PTrw25zu03DOG/q5RDk42i5uAoeP7D4Pn84W/7EB85F+MjWzYealV/jkI86XiZPd8xWG6mmV3/4I6kqTSpK3R+Db+F9KSSFCz7GUgEi2XLxhUVlxuwh3FaDUsTQjV7gIk02X5JIxqeW7+Y62aUrztnXhJD5a5Des1xuxpuT/YAwDhOFGnmoKOWOw8UMYEFUhHrNtArRuxNBUS31/lCAbjBKAnSDfpdxCbJeJBh5BjNozMK5IC6dhp3TWDsOMPOgeL8Jwujtep2yLPMwR1hGIF8wxndhumHrcevlQIj5X4aK/viTlzkQlG4UJd/Zuqn854QPjiB2pnWZvWMRy/sTeh8Xma845MOLYMXh83aXPxRoWdVryn7kPyZ8rD99Dla/B/fs8y578MBxIcbzCjolj+WoNPRmMWh6o+ZzkGXfk3T9hWUsn6jG94/bMC2b/K6cZ6r6i7+/hhsrvfOUFUrh13zlWvJDkOUXXOi8Pcl9GHegIJQ+T3b7BWjvaTdlpWrjpeBpt02/qSYLYaaVk/TJVUl3nU+vuC7jmIf5KinucyhzaZOgrWDlVGjJauLoU3ofxOFfy6Sr8L5C0hf2lx3LcpxLcymFc1NmuDXGEj5baOgISzGHNiJdZi7Sp5VujSO1id4ULy0gsm7mmcCsO5eF4k2/sXVrRoJZ1bLdfPrOF2ASw1geTeugGV3VT0HOINo6WRFp+RUWZZXkKsJrttqlfOH5OeEL6NDAkJTxSVPWSBZwkwHl67IZshopOm6MQPH6tUfs5y661a4tctwkDWE5UG1xvOzoG5DfgmhnqtWX7U9tK4uDOL9cD76ze8eyVRpuxX3LYHXt0TJwRfWyXV9xd4D4ebLZ7kpili1WsdFgmesqf78/+Rqufs+EEVLg2b7H4CMLaCd5rlnxn7CmLpNuRK24V9JqmjanaBm8WdYcdieaLRvZvXSaLsoWkmeKMvdxkrCO2rp/ek8V5QJQp2I5Wdrd/idbmQ56+J8etFNtznq7sihdam0eLAH9NYA62FAVQd7vFF1o4KtOV1kqPyPcVGm9hn1pSKutCeTRLxY6KgHz4Pg5WZvWB35GYAEaeElq0RBsb4braoodS8t8TTwf1zVCA8ekCPGbfc796AQzaOMUzuWqOqqm9zEiggdxmomxkwYx2waJGsVEZFoN85F9F5nrpHAgGn1WA2/XmzD2sgV1OULxNX1rFrayl+HTjM6DuxXROBZfcHzRjMTUFikgGsNY79yqfprkim1u+bDmzXFVH1rJaXWGRWFgeqZqRScN41W9yKz0oXSZleOw7xLj2WqpVtJDHN1YR29nVWTVQ2KGm6qFEO+GbBr3prze1i+d1isedc3i5yBjNbQbBCyJnaKKeZhuURe4lC6kn5aXWpzKuo1nErM9D1n2E0+HuerwJqm5zFATT08WBPs5zLaq73H0tn2UETR1TxWtHYiTB5tW8miu6nc8ePrqT0Msry6z64cglXq4793Izym7Cx/9je3mQofv2x/qJGW9JkJluL5w+YXdh1meGu7Z6DXCRU2NgUoQmgYW6zUjAxTJ2gIoe9QXtiPw8ZXFu+R7HCXBusstUk1N8L4M70Ifl7E/JKvfO9DponAAoAIqB8+ljUxD1o5qh874voCZ9SYfifk2s/uFv7/sQj4TXYf3TuLXypkbo2QntUktM9pdRk/Tgf2eo3EW6TMduE4BR7Vve5egdZSHs4jtUxrePwx/lDjFdSravTQ/7eODmgUZ+5jk+/tbg1XmcTZ+/1jINIhqdP2aRoNz/+cge3gb3SdpmD9sTEsZH4+vi8rGv3p5uUriMUTJV0DFreXeFwoaOtd5UcgbNbbh+vuVX+Y8ES3vPW7Xo+ukot736xCs1lIyXLE4G2eEhmtWV/eFbZO0N74+BPH9rlwT4CPRx2gvFwPiY8dR+rTWnRchR2f4VyYo5OL+raOo+M/ibs8Y3Vz0bRbytj+NpPa/sGB9xbhcyilHA5X9OLC4HV0D8+2qcEITxP3tVte7zSZIh78x9jW4H35p8DXMI+Mw83I5vl6Wj/6S4mOSboKIj7G1Nw5st/WK2eYD+8aAC8UkfV3utAbvdklbjzGaP/BNiA8LzueUpdXSuS+ti6jQ2zFbFy/pk3R4mbcVvmNbFvNdXPXSbqxa61mnqG74Wq/C+DwK+UbVPu5+8jHuutys9eSZoZYrX23mu0zgQTRDVYnu221mcKRDvmbXwBu3kt20eTSLWJOEWb/adFdLl80TT0NfyqezJ/rWwVgU87iyKY9VA59yRp1RMR3lVMrkyqqk043MSjlvWvubxjSYT7MRGjO7nn/X5f7Mpwu+4TfLvMr0ZGiAkgNjXc3WkWn5QGso0zrSBrMd3rEl9SRhgLucUYe7mI7CXcrk/GZ9ty2QxtYXKf/9PUl/N3Lc5jLARcuDCVvP6O2xYUNQfcwgfkcF2v+NYU2p0uquJvmq1NEwT1ow9L8DHBidY3VcyNlUQ991BDKitHVGH/S20+iTK4L3JY8oHgfFXm4nkKwP11u2GtzSUcG7nR/819drfDotUrGRCq5k+wxXxXTsNmKlwsdBO86gNfmoc7WmFlfRBatsN4YohqyBzu7Ok82GefHV7LjRc9ji7UtY9nhNRmyFieTueAFpuD0qiX11ke9Bh3XUXke91Wup6+sSo+FalqNNxX3Akawq2vDsA9na6uEK2brYEbLjTLVdLNvFRJzlwWbbe3Ye53hwrBOY8a6vjXmVbKzLQyNeKHm2lxpGvfZ3vAEx4o2/Gd1h9Hq/yO3im7/rVh63Eu7nRMj2ATtO8mX0b+gjtn8x2cait5OA4ovrErFIOa4PD/kUwPn+1hSnDU5nkJg1Ezyo7DNgBNuv26hpCx6HzgHb2LudMyPaHD+Q7oTQgjb9XT7PfETirI5gi0m9Y7AA0FWFHEegE6R0T/5Okb7koke4dbEF+V0wDHRKcr279en03bNH/SEGqu8YGlA8ClOsjU7D+XxXIvOCFXs0akiKfZnjAJ7VfHEVxHzNgEwZQrfd7DMKru2BdN2/PZTJqzsCsQboriSUbmRTu0jZZ6C4vl2Xix2Hi8Vev++23tPeEM/h3+6KPi9iMEbRU81s7ycu8SrarfvTGcjEjN/nF2cOX+NYC/ZnGuy+b2vLYxVyfAHwb8iNaSVTkV46qtYr1yzPy94n6ii52FFHWcYZe8zBt8+expyr+al0CeTqnBkoe+z38eeTwn84HEWmmytkjj8/9ETvzuccqKMcXQ7iyxkP8QKMgZt9Ac2GB+bD7HhwZg/eAsktscxexCKk9lHnMfOFKwnA5GZq5cxNVLKTmqeW8XHIVj1FdX+sUJQ6KmrSM99PsbsigSn9/ORBPwfZKHG4VCtceB8HBQ5GqNrwpLYWo2lUV5luhLzaSFazYKNXyzeEu8S6EsNrTiWHhVs/Voq3q1Xh8stRvUiljuplZPVSS7+3jvGnreakNWrpgENRwu2NWmA/IE35tGFpzOzuTcCk+sCqZNWHZKFxjag+XJvsNvpSpXFlcZldRMF91vaj29KlouIzLMev8Zql0RPHpQh1uV8qT/eNbvwWhFHlvq48HjpbvtQ6UirQ+gups5+as/Nc4TqoLC91Cf3itlTigjPE1k25Yn1Ql/tR77Cqa8SPb7MsWYVlwWbcqsE05brfx+uFLbLmU+vJpA4+e8U7I9wWUeLzp7PlP2kNMhBtjXl7omKgT5ny6VKdHD7FVQcsqiCmfFMaZKtgrasQLp21/IXPJyyt6uE72WJTEsa5PvmE8SrcBpGFf6UcddoqGGurUFOaJ5W5pUModSshbXUu2soUsdmk9OZEgBgFedUWzIwPZd/VG2/ynkygVx2zyuRevnihD+IeYJEqHw8nkgwp1e6NQpOgQ42njfUoGlybokBMUMGiclvgMr1OQhgfA2pIZ1Cqbq+tTII2OEwsBg1LzNg9QOSozHTsmcPNjqawjGyMgSejoCkMSAGVJ0GWHNgX63A4ju+YqgbjBQCdG6o7IQ+UxxiIAxtPqVgIaz0dzowhY439TYoGa8UjrtEcgtTuKzFHwB1K65HlMRoeKXKjMGOPgT0XsFo0JS0i84TqkxhluhvUfepYkiRnAXQnbSxHVp8E46YgrRh2SBFbYdC4KGNSvN59NUA870EASWj9GEgkSIe0f56FpgUjgTrgogPuBtGq5oilEFbHA+nU6DxAWKKRNrH+t4fd3GMACDNL33pbw3ZaVhUKbQeZQFdiLFLBi0ByAa/30CVjqGws2bS+Qy086g7JNSmMpLdQz6YaQ4033UG0FiKXMRQWIgFK1eLz90nUVMO76F/e1tOgs3kr/AgDD3RRL5q5BSYH2xwbeBkTTICQKdWrsRImBZXkZ9XW93BkgKm1GuwKVuNKdLU8qHqDpDQmLCF5HJKiQ/wTWmBg8w6q4UF5CuGsCW3eEbEKva9HYP+jTtxrzh0GlpbqI2JkHdJneBsbMuIwN3bgIQ131eeVBUioAywNQq3XUGewosFYDgemSBNGBCjSUYcITeM5PJB3UFBOcwpvYGICTB3WvQ7IgZd1rQ16+5p8rS1xhavFyhXfoKtsSD5jrrIhSRySbtO9f1n63uAKTOt/weOZs54zhLayol/Xdx2GKUXb29R8F8vKpIp9Ko1+mKocjovnYrPWH1c5mciHVfOWcH4d0N4Hmka5jQhVo1QcVL/2EH82SK7dcK+LZ1SuJz5K2ZGOftRaBz8D0k/mALZcThCh4iOcJ4LV4iPcoc8cb2BBPuawZlgdzsm9rnp7pMvL5rFu9tfvLQ0YQ2taOmv+c712Gcz9WqD7bUCHy6tzuC1lbfFYSDNKhsLER/a9EtqMAOeAtNldOJ3mYhQul0mA6ITAWcCv8sxs7GXZF7PbSgujBmClSPC71CjnH+H03dJONfccRpjGE7IiMVzD8DnSMBGNNtgwecx/dSFeHiHj0lQIfHSKw2AglBo5nAysFLmNgVmKdCh8zOIKEeiWGcWF0UezgFjROavDO2mTd+fBjAEEv6sWhg1FDdLpYGR28OA6oSWy2+AmN22UIU7u2IMzGYKOkSkj0mTsNgz4oaYoo//m7oOtD3hBMY0IV1AYpJlIcXw+pS0bdohqMSdbvKNqulD2WuxsvTb7V529XZHSihGPZIydR7T6TOxiBmqJy0KCWH4kRD+ndYVj+6aC/XNaYUDtUx0lu8AR9Zo86CDA/C4fpHZHGjMV2pEepbADuZqfEuWa90wLxnBXmsBbl8qNrjOOUTech4JdrAEj4hXrJwoLsivcGaCTerkJ9RlNxCZ4oc1aS+crSQ7yMPrqxfilOe7dc624v6aPW5LT39kPXkorxhjBlG5zGMaig+xJxjLmp9kJTfBM4xexLjONF7uLhYvJwDbz6eJ96X+bl8l5idYddPk1ZFnxnT1CwZx4T9ZetrPav7oKj4LuNcv1A45suXjfev2GzrU0pMmktMM1nZx2CEUgidGxFt67JwVbJriJtRAqXepCNGqHxJbiogNFiIrsYNFCzOxGTSdu9jRmqUy73ATVANyAIpM107MS0m5bQvSA+5wWsuBFU50waFuhkTaQo5JofKOghBoPIzRyknsClKb4tJ9GV3o9a6CsPHt2Im4nSyVYPXsziqB9V0ijWL1BQ6lV77dopNr3OgZ6wnsg29gp7x8Bw6W8DUTQy9KVU1hk0N1gm9LeH3OAWls8xKKRMgw59eDJQlCOggkRVMNr0jpWtLsY+la2nFGHdbFuMY7oallpISctoSByyipVIScscpRpVYxFsRCyiTMsGq9CWu6iESvatuxncm0BZyDTLJcFMtLKQt2oyW0ly6EOToeJADDJAmzLxtcuDZcNqQKFeinWu7Wqp3+gxcZgABLPWDgAWl8ZSQ0oAtj9PCAIgp96qQ1mT/VCS5QlqUEsZt/0AwhH9qAOCMXgYl3iHHaybuPYQAJotFGOXRtvXrIjAqH7AtdbSPIG7i44kv9vgaxlazO8cHG4OTivdpNDH2DSvE6PKGCTD2RAsmSXyVLTKU6TnWRJcY8sEIT2xENIjioyR1n5E5JFOj7EgvqNBURD8zErNcrqZVZoGGRqMMjL6ld2gJkTup+Ay8uQG28WXgiSGWxHMUjNQH54ubXeZnFhwQ5poSZoLml1sZBEoXmS1em0bHsThGShxYWBukkFGwI5Su0qFMg1qrjkl4zQ3sQim8hwueCePsHGgL4+u0oGdNGpE5Ob4ktCiD9JXFQUB5RQMy0uKPX2qlZIuyQtTifRKgYTZ2ukIkqzye/Y0gZIw8myqQEXpUcZqj4PcekZvSNCrcL8I+rtEazKdmFhLhFHERNmiICykVuCGSH6SGdoK0QjfdmKj+t8KZ9dTYvZe+t8iRgOl7oNvkSjuzXDxWNxgQa1CneCprdMPBixywt3ezboELONLeKgso0mGmRGGj6w9y7iZgS+EGfdL2gX43xvSLQ7cYPCxug2iihJo7cpa3sxf1O+5Yp5mBoAnkTfUiQrA1jSxTAAERjEAgFWhIPY2Jsdza+QDyrE5mp1V6UZRE0OqxQQ6WfXFmOryUfVUIcgoEckioW6i2Hasz16dAsq4NKHIionGfkSzgiWU8HFDCYGwAGNzrbsgsa92bLTGVGbVbz5aah+8xBps9n/h84+6vrDXRKojw6FlGfjldH7CXT2TvaWIp+eU/ylEE10dMIjiRByvwGJzuqmQ26ZyVGHKCrpRpRJVCbXHEPc5LA75cClZCplbaKhsEGCpB2Sg/uO4ZdMoB8IC/II2yajx4i+yDNtjywd0X2XBDskwLdHBAcG0H7F7MJAx4Nysc++ITI7LRhuo259FE8UpdtoJlIYTMDTDm6II/UJNlHsxpfbVjFgb7d9ixt7rT0crLXnWLg8zS+3oLahb7eg47b62qxdYuhrrcGlRLDPGZ+qGlpDsMm5i2gkO5zxVSogKvorVqltpHesQgvVC9kGsZFerg4AL+xNJFVoxkFoe0DpUVR+BmHxgrco3D7pa9PenFyvHtgmqD+8OeFZVmyb74LoKlmzKGsSroLttnh4sC9Zf1lcFwY+vr765+vl4nETxdnZ8iHPt69PTrKSdPZiE67SJEvu8herZHMSrJOTVy9f/svJ6enJpqJxspLGs/oAsa0pT1I+spRUXjXn9CJMs/xdkAe3QfHk5ny90bKVH4QHjLL0WvE2tQFvFPXOa14iNIWKv2unQ7tfWF6/yXhhuK6yl+QFb9yGxXnZTgZvWPXSvPz1KoiCtHk4Kj5cPU+i3SY2vGTFy18/BKdfH3ab220aFtpGJKWm0aliFM3U3pwoIlI74kTrCWVoqL1L6nuCDYLY/+rbU3cMWCkMhQPVC6lIyuahFKfauuUVyaG+eidFgFu3X2bF35/u/kHr/3/s2OvjdXX5ouDtep2yLJMJySkO3RyvkvguTDdsjRNHM7nBKeZ/6XiqvrrKIIqS78UrP10GTQqd4mVWz+UyOeGzA3dxcBux0lfCRbDiYCkuYBYvh1b1Vlli2JaZXu/HhI/zp3pl+3mXPaitATM4Sv28QkHJ3Nfkd6Y2B8lDr+VzkGXfk3RdHE/mQA1Qeh/q7x+3YbVnf1deZzXXpeZ2UNEpK0xbv+YrRT0L3+nUPgRZfsFFzdYfkvsw1qhC6XTqQsnzahsj0tZT/U8FLvO2eHLWQX0bT/twGVH1+ESToviqsfuKGH1WS1kQGwoPNTm6rljQFXD56l5a+wLv8E0UfguinUKi/uTABYuDOL9UtPj+K53SO5at0nCrTz9SgsN0WfZsrgh6/9VZLYI60WlyKhQzU1dEzUdHOtXMFa5+h+iJiW4KmwNxravp6utsFEf9ELyzzqhc3rirC6TcYDumVjvpGyY5iU5z78xSJIe7uMQpXe9u/5Ot1A1985FOp14JV77jZGpK0mzwJ7+Y7gxDyWeSOxrNxYcC5c/JWiFQfXFYudUP8DVOpAQHIDLNrMTcjEm+oPw1AdslfJ4NhF0fg3dY59pe8Duue+3k0E0n+y4S0voHSnfQX+sN37xA/S6nOOh98/6119a1Fp6+j5QSZgNT4JplZ2zqPt7cAUmggc68Jgj2wJ8cilLBtSFKIE7xMiuRq5qZ6o9HHPfCsRcA90Lu9JBF8DoKWCcCAPDwoTMOdGeQ7nAg0BhqBenD7HCZXT8EqeQPU+5/LdmF9ueU3YWPKsnm62wwRXy1Q0QV4dobAVckKkMhSzVDORqgku9xlARrwJysJLlg6TeWhnehfmiz/+5C7UOy+l2n1XydGzL7o7E7AsdDHQB5jSSWx2UxtX1Kw/uHXF1EtZ/HN2j6Ntl+YRELMvYxyVUrqZwy7Zh+/5gXx8FR3ae/ppFqgdXT6dT/HGQPb6P7JA3zh41MWElyo6mTctI8qyTWGtp+dNJgxQWYXNNg9Vd3Std5cTgN02vSOlBlG66gXyFkm8Su3Jqpy1kczffbtT6ypQQ3eu/XIUiu+e5ArfKfooFI/O6A6HCtetuW4K0nu7Q7vt+VviDkVjdfHWaG3W0U6ncchM/Os8xFyLER/lW7BKAkOtBNk8LMqfWL+N1Fg2+TLCy8m2gElSQn7fWFBesrdhlXilVTZVWyq/mgOHarQfJ2VdxVDWJ1H2HI5mJd3myCVFkQtB8drMvBvTIrVl8cKIS5qirrTw67N5Zm2nzffnS5CZRugoiDdQ1SBJJdTgQK5fmBfWP6yZma5qzByj0lqMPqFGeKlYrCNKOQ6kI50/V2/c1xJ5xWSy9gN9ymOJz9REGes5itW4d/0gGQltqBsuwWDiRv8hxHqkP2RgTWYXJYZKrjKozPo5BvbMBhoaeOf/EEvIXY4Q5iLSG+3sl3GbZjElLHumo87Z4Z987ptnOuI6d03j9j5QfeRWM4cD0UCdQ7vNWXufW2xc2mW5cLgW06d7uJxmF0fT8jYK1Xr7dsBS5xqgSXRVvx6EqIaCOv35TEucFTcZPZF6DylqwzRi1kDgOmfu9aXxenntr2Zf/VbQcHLEY7rULPk81Gu5zTfpwp2L3BvDfAx4P2oUyXezerffuoiYDWuY9QAoehfrzdQg/5njcPNlvVrNB+Htc8Ae4rO2wnfR63eL/Z7skY79ckO39Dov/jpb9NM2L/46QhDrmGMpD7Plbpcigw7ayLOQR3m3HL10mdp1u49GHMtfTVlS+j+7R4EVyZ9wXNfm/cGTkGEkPB50A3/ZgzVeq1xCLorns3wcX+Znc6oGfnzn0CBC927yEKkaH6y9c+pb8Ovt7dIst4OWWYi7BTPdEWvWd2RqEY8NodfsbSf7N6QnVD2rdzul+4tBEYqosEXOinfEra3G5zvt3lSfHyhadFTzWzms0CyOFgJIhX0W6t3RVuv7rc1ND2y+hGeaLBoAa17zwYZEIdBoONwGD6ij3mhgtxQPJsOg/0y9p34yBS6753MFMZePc5sApqPDODz2E7+ANQPONqZKH0bm8JCzeN+FPCKvXZviRUXM32HScVnT73BeDyQ42N+p7RJ82S3n52pvXzk8aUnOKCpSBTdwfNN4edRngfB/kuVU9z959ng0bFLW1nNEp0OqDRUv6A0Fi3BIOkmDwl0ueIUdltseX9bRtVnPrIti1gfUqLhfnSlIU5crsuPxqGNbpg1xbCbDnqwWztVbors6gpB+dP9U/tjAUoZIIFDaYihCewRETgtfTFBHW56IgKA8OHiwssArjD3TahFOUOm/naDy53cwjx7vqjIOcRHuYw5F3ZrOlMBBIgcjDxJGtfwPXACpcwGg64p7648YgCNBhyVx7deePbxHVY9OriMvu4i6Kz5V0QqU9bDE0fZObR4uE6TEFaWeJcdNpxMkLC6B7ArIQE5j2k6Yka8Je8oIWLW5e3BBcfpAUkVP2BrH1B1v2o3B6DoTfCxICrhgPlJgt0Tgyd5gMi1eOyjjgSbRz17MiCyNg9B4f3tB/HCpkNx67E7YspGGhXYdoO8hx72RRe9JDmAizqGcXYK2Qn+s7B51gkNlpPHVhT9bgWQMKtzXPpiTffjhstQpeapTXC1V/a322Erjo6lhS2q5RMEYRr0U6CQLisKstywYXwLVwXobKun7KcbV4UGV5c/yWq3i7vM/AhGN6xrIpbcbZ89fL01XLxNgqDrIqpVgcCe73aZcVpeBwneR1xjRAZ7PTHIjIYW29O1OLu8cUKKlm2lsIECNbtRrswJK7SG96XKiIapHxhdwsUVW9O1JJvIGwWPJwty6BX5ZD+hfGery5l5IXPDNHvfYG+wsNMi8ATI301RFdV1bcgXT0E6XJxFTx+YPF9/nC2/OmlSDxP9YtMKm0DXbXLXl/Ga/Z4tvyvsujrxeV/3MhRtFtSP/AR9msc/mXHc33lTCz+W+Ly1R/+aJGBaIY2drcxlNYBd7n6RF6oyq1beOkfFp9SPtBfL14W/eDISDuzunFQF3Oo2qnLn00/y0GyqopiaGQrY4YytNFYXJ6raSNzGej+8aeOomlidFW0b8PcmY4QnKs7EWv8re6kwXBbPThFQmsZOufHV659DkXXGrgCNaRWVV3x9CcPC/C50RefePejBIXQ6kdRD5wlKCA/OhQLunTAmnS0iQpYQ5VBn/xqv/oWOl1V0zhtg0L5nQOkV7R+Se8B4Zdu62tVHawIMM+TzXZXFnBVyE10qX5aQQsq1UwR94peoCqtKqCUC1Nk9QIEaTpgzaIEenJciouFe2mZ/ZVNNw6acljlFLy0gXjkMfgPm+DxH11pKRGlLBT7zHJ4dKYDRmMV6slDP0ihntwgJRTthSq2X9x0Wer6RKUQIMpNFm3BIfa69OBLNETbwyzZAQ7RcBOZTqGXYpRjPLmxIpbtxYR1x0XRbDpZ6QI8Plf3wZglnhINWNZINDAY0XAzdhj2xKBPAMoNcR4LbdleTLTxdrrr0+eA4bHA+zyQ2xm2E2GWDAhLbKUDXv/ZDQOnr/7UoSe0aE19LK5NnCbv/Wq9+HTAPWsxy3TpViXACtWOCHXpPlhSH2A0YZKGAsazAQN2Fc1NTcNUei50W/d7HrZdo1nhDBbKTozL7uo8EPQ2VKHYRx74U5zCmRSV8yWEynedZ1t3643RQ+P30ZF6KT8pIpIHSk2AIl9MeSAoeeQbelCLYZB6nuIJ/jZ9DBY9+FEfkTZhj0wjxHnQCd4Oh+4nzfUjdnZBoyZ4M/WiySVfpn5UZRMOCex1Gleov9I+BtPaVakPg2npsdQHocq/sN/TvdYxo99TWSAkErkCmkVcjowErgIc9Fm5nfPSS3okJC9Es573cuQgSN3p6GGPfJywwMGOfFKWQxx5oKxHNzIA/CdngA9zS4N2RaH3JTA9HlL3VfoYFzxpF620++6dtph7AnRuXDf3UDykw9/id5d573OLQL+1SVAart2GxTM6dl0Py7mTrdBhxVQFV/K7GNPcLfch74o+Q6SiIwB7mAFJF2hpu5I2RFL36RRdl/Y2I7WxkiYA7bOBKzTTOB5uuIoQDA50wCKcfMRPt3QXIhn1VDWD2Bp8bhn9nq74PvTwaVL3bHGdvVHQ+4HR346F0PV4aOrjLL/mbuOJiuskgtv8vU6+xZfjzDvxPp1sFR9gz484UDtgFHjdxKIg62GBG8j2pnsTOuBOHNriZQvTc8Cim/B9pXX32GVfL0cM8kwcvKTpE2hoQJ4DRtjQg9MUJOeAxaa653I8SZJK9xqms72yCMfx6XHo3Ebw6U6j6z6QjHZTFJwDRjsQRWfwxSweguaABTnb0SrFvnHjRijaiwUoTo4bJzoFb68Lq+A6ngxIA7/LMkSoOeChI8QW6WmPkUN/uEFMLNsT7VV0HAukaKvqffARd3JkWBlCzRxhxcBANZ2wtSfQC2CzQPk4yCQEoqEhlOhFWy+IuMK1wxuu0XXa02nM8NDR8wvErn1MdjfusZdnu+ybbU+Tw8RQBzYe2kXPjUdYoQzotibXUVwX7NWhIutu9e9LjjiAT48j+NmNYPe4GQNPzjS8HOhcPRNgOh3WdD3dwgMOAGiBg1HYe3nCI5eWZ0dMVcWG6C1jLAxap1kDWXjU0rOxys9PK4sObLLJdu8EGfhpvxAuotmKFu4xb1AfvO/j9aIYSJKb3pr1IiLDC/Fz6ZJ6G4UrXvPZUg8q9imudtCLyt8ipxlkq0APz11GzsD4qPx5iizUX+Ta/0kjyvuMpRWr57yzuT4P9ZCzn9MwXoXbINJbrWSloqFoTktVTWmeo+RS4yg1KY5A9Tpb0opobWKQYopQsFMalVHYlPpR7K3qg9xZL1+8ONX6a6ouh6IbTdzZe8v/JP28x9oNMN059vVAasFZPR0aWhw1kSEK1QiIEb3dth5aB9URkn9dkZaccNgYwJ0IIxVKfnUnQUIZR69mWV1gzUNzHJEDVSj4IJ4ONw4uh52xhKsSY60iYXNGgvqaN2bo0kcYsHt4nguY5qmZBgHioWmu3iiUXXJPgj+xDbW7WivwZMsE1tuZi2LTvWuLZIHUQZBjMLkMBCGLV3Gk1nmoLgA6E2EGAcszRMkBwUOPRV7aCuDIu0K36j6pxd4FUkeZ8OAbK0bOoOnYEwQtfrsHgiHh1g5SMzXY/ZSwhAItz2S1NS/wjba+6o63addUwNksUfdBB+9iN4Ppo0AQu89l4W5AGFovKQyEStLNNqRu8kWYiWE6Y104PyCOpg/7IG8WGvGm8QFj6VyoM8eFV+1DEeCjSRlSp42JJshbJFKj6OFhUhjhoeyFUzchj3TsJn53OsdxAKevI36sncNCgnbKz2TPrJMCQvIcPHvlInj6BHgRU5+LksF8myK1zkXRSHfam/vW1EU8+PxW7Gglw5gINF3Wt3GqZh8SowavpMMClvyaAWHD9HxhegBblvdkQBxBawDtIcEVfz8zJV5hFyQznND7qfrDndbd1fNcZvba7e3hQKzx0wsw0iY9F1iBPokPBFCD3yacGg9jW7tcwDAPI5fg3PMANqNF/RAX1ffnolLK1hySPmk9aPqcomiqRXPeKZIUEp8LNhAnrGaA3EyOkNGmmhENnmNPLoczq0indPU36+wy33PkETE18Tnx8zgXrr3orwv3QM/xHsMp5fz49Hki1OLi47lA9vDuNEwKyqlvNdBQOO3crN8lBBrzXC682nQ6rcBzvg7bVY/P+nYsiGjaAdIMp/9DQvVUywJvuJ7VEkGPOTFfjwFAfAyVEzX5sNcAtoAgSLUzewfs68Xm3J/JjQaLbq/jPrLvVcEZQWOer3inekE3AYBI1c0CNgXn1j3D1LNT8ZdWf/XxsBEDeztEKpvB/FOhxbIe13oL6qlnhBZyB46KliLjxGgp/hMubs9zVlKY1Ngw3OA/RG3jesl/WqUjcEtHU4e3GM8WW2O/6egCsVm87RCcu95cBXFwTzh3EuP9SUATv4/j9E/xw4twM+CzRDT24UBAM3oexoBmczU8GdBmfFo0PbTG8yzZAVMTz49S9EzIen6AVnMlJCgAuOd5hcMUChWpclY2b1GzWe8MzW7unAxuE82cLjCbxcRZMyzG/WxjS85y5gQYhjSsnH7YMyjUJEq9UnjR2aDreUyn84HhxDfPnFE5q9kVAqgS0PaoBY3wm70WhCIcT4m1qvf30T7njK867Czo4aJKeRaYgqLrIjXKAV5ngCPqOwLXrpzduxL3vprg9n/dKdOBQ4oXrQQ3nqWmkQNci0woKYetaQxxvJEagcjW80FU/2kLVy1HRJgRMeXcI/kLL3pmT7AMxFOeJ958TfxenMKx0tEl+YGHy+jlsdw7St6XsQB5mZyXYGlj3UrW7CJMs/xdkAe3gRZBuip1zXL9vHK5eN+GF4ROma9XD2wTnC3Xtwnv8ipKoXSGreNFrks7Jdbq03JAdWpn55R6kcrwGuxkxShkuuSERFBwbbq9ojounlZH/R0iXybZKcvBkLQK5GSoHjGHvTpzRBOtenN2iB1zNBgbe8AlYI0nIA/EiJbNpXZjtbb67BUBz6K0+oA8ULVaNnvtoO1Qqx/MBXEAvbGh8oDXa6yLTL/xd4vV0qQb6mq8/hJrFB1gYrWKeQw1S35BidUrvrowDpRsBiaknK5sWBmgVE2utHUdhFXaZjBUWuVxkHjlagarsko11Fc52iHWJfgvwSoUshhqbXMRdFV501VXT+VnUCMVl3pJKwL1GRC4PlAzYasFKR+l/6SjYX31IKaCy4d9BnJduNZTMxhqJOvAX4IoYmnxobABA5WqGaBK5TxkpMr2dwysci4DXsWMDqq42i3jarhKN6rgIou9RmV/rtWopEM1Slk6LCGQJTaSj7SUqOIpdFlPIMygOYnrCjeGjD5USTOj+2RVlXOduQC3CFTZnZKFp7iUcEcYbd1IK0bCn9uScv8sA5xH8AmrSXWaMhCEazksU0dzZdNp45ZZdmqZfWumVyjYOJR97424kxayiXvgGzyMNhJMvG2g/Fkz2+xLS5vwsmD9RTW6y00hN7M69EZbCJyJAyY9gbvqwyQNUiPLA40yBp/v2TDnfu7QRDgUOtBQQsz0ns2FbDhlSTmhd5NLE/Pe1KM3Vc5wsE00W52QZrvEs+0lCooJraRkzji8qHCIOIRsfibCMkUKBqREDixsOpNBWqdNvRIN1AJa0gFShxANVSbjCQORgofm2yK9ApJwCg4rNQg1/JbtAlINwjHuAGF60HD1KbL63ZGLyKCnSj11znSCAbY6djTZC+FNNWzJyoaC6QbRWbbyGM3hxYcjy17IJ7ZmIaA2EiEuDjhYIdQUiHWKCOSjFbF0k+KtudJ5NN5kw0Nh7Dm3uDkRv9ubTxFbjybLZz94m/HYcT77Wj/UEimIqb4EYA5ehgvEIegZ1FDw+Exsq5LBLjqCERKlr2YfWLhWHesQkMsgCkOzn4dA24FFFCRy29bf8O2H6u5iUeMU4QIxRjTyKQrljFgs3ib5bj5mmIKyDbBWGbPJcvgYw7wl5Rust8WzebFs9d1Xo/VoJ3jDLZFRfDZeuywgEhASvfW9BeeDAXzYpRgcu4K4EWnzj76FG1EoSHgFoogowRmm2POeUvZ0+l3qYUTqtv2lBA8YZh88mtDcnNeTDFImAhNZ9GxQpxUYS9gu1j8TgfGG/lwFrt97QydXLKvPwY7f1WvLq8n+T7ecDrUGOcsa/2hGaxet9UM1e7hDmLIJ5R0cg8rWM/kGuXh9qC1VffTZRFxR6pkMyktlFmJ0/Cbqb4OQZmoZffcmZunV0vpftzH5FYXu3pD9kHo1XY8sFIMLTEgmVI+Zskj0S9yVSMTvpptK8I0+lYan8xuTs0aqSAZYzE8iBMUSJK+gUFmYSo23boSv84vy8rfjBt3gWcBCMDt4GjijiKCmBLtqw/fEBNdufnbB0GMHEVdy+iDiII4iatHRrS8zEKHq/YooPqPTrEPGl+b3AheI2UWGHyHIb2vk8+cqxXPDCbZeoyciH40Y0bJr9J8DiIDub6dn/4Nvq8qiSsowIoCBT/INczAN7+jcxHZJtKOblJ5i63jx1CC2wo1TQaT19NGmvTmpHtrUH/jPPEn5eLxK1izKyq9vTr7wrgo3rPr1jmWlVb4pwWnGrPQitSfa5LmM75LGu4nCUZOlSW49GOTBOsiDt8VGLljlPHnFsqx83flbEO1YcWH/lq0v40+7fLvLeZPZ5jaSDHaFoxRT/W9ONJ7ffNqWMvXRBM5myJvAPsU/78Jo3fJ9EUTqlQ2MROGB5RfGv1d9WSxD2P1TS+ljEhMJ1eJrHcd8ZZttVGzSP8XXwTfWhTcO3w/sPlg98e/fwnWBZYyIvSNksb95Fwb3abDJahr78vwnx/B68/iv/w+F0LE41qcCAA==</value>
+  </data>
+  <data name="DefaultSchema" xml:space="preserve">
+    <value>dbo</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/src/NuGetGallery/Migrations/201805012001354_AddUserCertificatesIndex.Designer.cs b/src/NuGetGallery/Migrations/201805012001354_AddUserCertificatesIndex.Designer.cs
new file mode 100644
index 0000000000..93f40f0802
--- /dev/null
+++ b/src/NuGetGallery/Migrations/201805012001354_AddUserCertificatesIndex.Designer.cs
@@ -0,0 +1,29 @@
+// <auto-generated />
+namespace NuGetGallery.Migrations
+{
+    using System.CodeDom.Compiler;
+    using System.Data.Entity.Migrations;
+    using System.Data.Entity.Migrations.Infrastructure;
+    using System.Resources;
+    
+    [GeneratedCode("EntityFramework.Migrations", "6.1.3-40302")]
+    public sealed partial class AddUserCertificatesIndex : IMigrationMetadata
+    {
+        private readonly ResourceManager Resources = new ResourceManager(typeof(AddUserCertificatesIndex));
+        
+        string IMigrationMetadata.Id
+        {
+            get { return "201805012001354_AddUserCertificatesIndex"; }
+        }
+        
+        string IMigrationMetadata.Source
+        {
+            get { return null; }
+        }
+        
+        string IMigrationMetadata.Target
+        {
+            get { return Resources.GetString("Target"); }
+        }
+    }
+}
diff --git a/src/NuGetGallery/Migrations/201805012001354_AddUserCertificatesIndex.cs b/src/NuGetGallery/Migrations/201805012001354_AddUserCertificatesIndex.cs
new file mode 100644
index 0000000000..0de1cf29a4
--- /dev/null
+++ b/src/NuGetGallery/Migrations/201805012001354_AddUserCertificatesIndex.cs
@@ -0,0 +1,22 @@
+namespace NuGetGallery.Migrations
+{
+    using System;
+    using System.Data.Entity.Migrations;
+    
+    public partial class AddUserCertificatesIndex : DbMigration
+    {
+        public override void Up()
+        {
+            DropIndex("dbo.UserCertificates", new[] { "CertificateKey" });
+            DropIndex("dbo.UserCertificates", new[] { "UserKey" });
+            CreateIndex("dbo.UserCertificates", new[] { "CertificateKey", "UserKey" }, unique: true, name: "IX_UserCertificates_CertificateKeyUserKey");
+        }
+        
+        public override void Down()
+        {
+            DropIndex("dbo.UserCertificates", "IX_UserCertificates_CertificateKeyUserKey");
+            CreateIndex("dbo.UserCertificates", "UserKey");
+            CreateIndex("dbo.UserCertificates", "CertificateKey");
+        }
+    }
+}
diff --git a/src/NuGetGallery/Migrations/201805012001354_AddUserCertificatesIndex.resx b/src/NuGetGallery/Migrations/201805012001354_AddUserCertificatesIndex.resx
new file mode 100644
index 0000000000..ca5b5e8207
--- /dev/null
+++ b/src/NuGetGallery/Migrations/201805012001354_AddUserCertificatesIndex.resx
@@ -0,0 +1,126 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <data name="Target" xml:space="preserve">
+    <value>H4sIAAAAAAAEAO1d3W4cuXK+D5B3GMxVEmwsy7vn4MSwEnhla48QyzYs7yJ3QmuGkjrb0z2nu8eWTpAny0UeKa8Q9u/wp4osdrN/RmdgwNA0yWKx+LFIFsmq//uf/33zb4+baPGNpVmYxGfL0xcvlwsWr5J1GN+fLXf53T//aflv//r3f/fm/XrzuPityfdjkY+XjLOz5UOeb1+fnGSrB7YJshebcJUmWXKXv1glm5NgnZy8evnyX05OT08YJ7HktBaLN192cR5uWPmD/zxP4hXb5rsgukrWLMrq7zzluqS6+BhsWLYNVuxs+XH3C8t/CaKIpU/LxdsoDDgP1yy6Wy6COE7yIOccvv41Y9d5msT311v+IYi+Pm0Zz3cXRBmrOX+9z05txMtXRSNO9gUbUqtdlicbR4KnP9ZSOVGLd5LtspUal9t7Lt/8qWh1Kbuz5TlL8/AuXAU5b79a3+vzKC3yytJ9IZT5YSGnJCn/1MCBo6b498PifBflu5SdxWyXp0H0w+Lz7jYKV//Onr4mv7P4LN5FkcgmZ5SnSR/4p89psuU1P31hdzXzPNNycSIXPFFLtuXEQlWrLuP8x1dL3oQoCm4j1uJAkMB1zpv0C4tZylu7/hzkOUt5N16uWSlJrXqlsuuH4PTrw25zu03DOG/q5RDk42i5uAoeP7D4Pn84W/7EB85F+MjWzYealV/jkI86XiZPd8xWG6mmV3/4I6kqTSpK3R+Db+F9KSSFCz7GUgEi2XLxhUVlxuwh3FaDUsTQjV7gIk02X5JIxqeW7+Y62aUrztnXhJD5a5Des1xuxpuT/YAwDhOFGnmoKOWOw8UMYEFUhHrNtArRuxNBUS31/lCAbjBKAnSDfpdxCbJeJBh5BjNozMK5IC6dhp3TWDsOMPOgeL8Jwujtep2yLPMwR1hGIF8wxndhumHrcevlQIj5X4aK/viTlzkQlG4UJd/Zuqn854QPjiB2pnWZvWMRy/sTeh8Xma845MOLYMXh83aXPxRoWdVryn7kPyZ8rD99Dla/B/fs8y578MBxIcbzCjolj+WoNPRmMWh6o+ZzkGXfk3T9hWUsn6jG94/bMC2b/K6cZ6r6i7+/hhsrvfOUFUrh13zlWvJDkOUXXOi8Pcl9GHegIJQ+T3b7BWjvaTdlpWrjpeBpt02/qSYLYaaVk/TJVUl3nU+vuC7jmIf5KinucyhzaZOgrWDlVGjJauLoU3ofxOFfy6Sr8L5C0hf2lx3LcpxLcymFc1NmuDXGEj5baOgISzGHNiJdZi7Sp5VujSO1id4ULy0gsm7mmcCsO5eF4k2/sXVrRoJZ1bLdfPrOF2ASw1geTeugGV3VT0HOINo6WRFp+RUWZZXkKsJrttqlfOH5OeEL6NDAkJTxSVPWSBZwkwHl67IZshopOm6MQPH6tUfs5y661a4tctwkDWE5UG1xvOzoG5DfgmhnqtWX7U9tK4uDOL9cD76ze8eyVRpuxX3LYHXt0TJwRfWyXV9xd4D4ebLZ7kpili1WsdFgmesqf78/+Rqufs+EEVLg2b7H4CMLaCd5rlnxn7CmLpNuRK24V9JqmjanaBm8WdYcdieaLRvZvXSaLsoWkmeKMvdxkrCO2rp/ek8V5QJQp2I5Wdrd/idbmQ56+J8etFNtznq7sihdam0eLAH9NYA62FAVQd7vFF1o4KtOV1kqPyPcVGm9hn1pSKutCeTRLxY6KgHz4Pg5WZvWB35GYAEaeElq0RBsb4braoodS8t8TTwf1zVCA8ekCPGbfc796AQzaOMUzuWqOqqm9zEiggdxmomxkwYx2waJGsVEZFoN85F9F5nrpHAgGn1WA2/XmzD2sgV1OULxNX1rFrayl+HTjM6DuxXROBZfcHzRjMTUFikgGsNY79yqfprkim1u+bDmzXFVH1rJaXWGRWFgeqZqRScN41W9yKz0oXSZleOw7xLj2WqpVtJDHN1YR29nVWTVQ2KGm6qFEO+GbBr3prze1i+d1isedc3i5yBjNbQbBCyJnaKKeZhuURe4lC6kn5aXWpzKuo1nErM9D1n2E0+HuerwJqm5zFATT08WBPs5zLaq73H0tn2UETR1TxWtHYiTB5tW8miu6nc8ePrqT0Msry6z64cglXq4793Izym7Cx/9je3mQofv2x/qJGW9JkJluL5w+YXdh1meGu7Z6DXCRU2NgUoQmgYW6zUjAxTJ2gIoe9QXtiPw8ZXFu+R7HCXBusstUk1N8L4M70Ifl7E/JKvfO9DponAAoAIqB8+ljUxD1o5qh874voCZ9SYfifk2s/uFv7/sQj4TXYf3TuLXypkbo2QntUktM9pdRk/Tgf2eo3EW6TMduE4BR7Vve5egdZSHs4jtUxrePwx/lDjFdSravTQ/7eODmgUZ+5jk+/tbg1XmcTZ+/1jINIhqdP2aRoNz/+cge3gb3SdpmD9sTEsZH4+vi8rGv3p5uUriMUTJV0DFreXeFwoaOtd5UcgbNbbh+vuVX+Y8ES3vPW7Xo+ukot736xCs1lIyXLE4G2eEhmtWV/eFbZO0N74+BPH9rlwT4CPRx2gvFwPiY8dR+rTWnRchR2f4VyYo5OL+raOo+M/ibs8Y3Vz0bRbytj+NpPa/sGB9xbhcyilHA5X9OLC4HV0D8+2qcEITxP3tVte7zSZIh78x9jW4H35p8DXMI+Mw83I5vl6Wj/6S4mOSboKIj7G1Nw5st/WK2eYD+8aAC8UkfV3utAbvdklbjzGaP/BNiA8LzueUpdXSuS+ti6jQ2zFbFy/pk3R4mbcVvmNbFvNdXPXSbqxa61mnqG74Wq/C+DwK+UbVPu5+8jHuutys9eSZoZYrX23mu0zgQTRDVYnu221mcKRDvmbXwBu3kt20eTSLWJOEWb/adFdLl80TT0NfyqezJ/rWwVgU87iyKY9VA59yRp1RMR3lVMrkyqqk043MSjlvWvubxjSYT7MRGjO7nn/X5f7Mpwu+4TfLvMr0ZGiAkgNjXc3WkWn5QGso0zrSBrMd3rEl9SRhgLucUYe7mI7CXcrk/GZ9ty2QxtYXKf/9PUl/N3Lc5jLARcuDCVvP6O2xYUNQfcwgfkcF2v+NYU2p0uquJvmq1NEwT1ow9L8DHBidY3VcyNlUQ991BDKitHVGH/S20+iTK4L3JY8oHgfFXm4nkKwP11u2GtzSUcG7nR/819drfDotUrGRCq5k+wxXxXTsNmKlwsdBO86gNfmoc7WmFlfRBatsN4YohqyBzu7Ok82GefHV7LjRc9ji7UtY9nhNRmyFieTueAFpuD0qiX11ke9Bh3XUXke91Wup6+sSo+FalqNNxX3Akawq2vDsA9na6uEK2brYEbLjTLVdLNvFRJzlwWbbe3Ye53hwrBOY8a6vjXmVbKzLQyNeKHm2lxpGvfZ3vAEx4o2/Gd1h9Hq/yO3im7/rVh63Eu7nRMj2ATtO8mX0b+gjtn8x2cait5OA4ovrErFIOa4PD/kUwPn+1hSnDU5nkJg1Ezyo7DNgBNuv26hpCx6HzgHb2LudMyPaHD+Q7oTQgjb9XT7PfETirI5gi0m9Y7AA0FWFHEegE6R0T/5Okb7koke4dbEF+V0wDHRKcr279en03bNH/SEGqu8YGlA8ClOsjU7D+XxXIvOCFXs0akiKfZnjAJ7VfHEVxHzNgEwZQrfd7DMKru2BdN2/PZTJqzsCsQboriSUbmRTu0jZZ6C4vl2Xix2Hi8Vev++23tPeEM/h3+6KPi9iMEbRU81s7ycu8SrarfvTGcjEjN/nF2cOX+NYC/ZnGuy+b2vLYxVyfAHwb8iNaSVTkV46qtYr1yzPy94n6ii52FFHWcYZe8zBt8+expyr+al0CeTqnBkoe+z38eeTwn84HEWmmytkjj8/9ETvzuccqKMcXQ7iyxkP8QKMgZt9Ac2GB+bD7HhwZg/eAsktscxexCKk9lHnMfOFKwnA5GZq5cxNVLKTmqeW8XHIVj1FdX+sUJQ6KmrSM99PsbsigSn9/ORBPwfZKHG4VCtceB8HBQ5GqNrwpLYWo2lUV5luhLzaSFazYKNXyzeEu8S6EsNrTiWHhVs/Voq3q1Xh8stRvUiljuplZPVSS7+3jvGnreakNWrpgENRwu2NWmA/IE35tGFpzOzuTcCk+sCqZNWHZKFxjag+XJvsNvpSpXFlcZldRMF91vaj29KlouIzLMev8Zql0RPHpQh1uV8qT/eNbvwWhFHlvq48HjpbvtQ6UirQ+gups5+as/Nc4TqoLC91Cf3itlTigjPE1k25Yn1Ql/tR77Cqa8SPb7MsWYVlwWbcqsE05brfx+uFLbLmU+vJpA4+e8U7I9wWUeLzp7PlP2kNMhBtjXl7omKgT5ny6VKdHD7FVQcsqiCmfFMaZKtgrasQLp21/IXPJyyt6uE72WJTEsa5PvmE8SrcBpGFf6UcddoqGGurUFOaJ5W5pUModSshbXUu2soUsdmk9OZEgBgFedUWzIwPZd/VG2/ynkygVx2zyuRevnihD+IeYJEqHw8nkgwp1e6NQpOgQ42njfUoGlybokBMUMGiclvgMr1OQhgfA2pIZ1Cqbq+tTII2OEwsBg1LzNg9QOSozHTsmcPNjqawjGyMgSejoCkMSAGVJ0GWHNgX63A4ju+YqgbjBQCdG6o7IQ+UxxiIAxtPqVgIaz0dzowhY439TYoGa8UjrtEcgtTuKzFHwB1K65HlMRoeKXKjMGOPgT0XsFo0JS0i84TqkxhluhvUfepYkiRnAXQnbSxHVp8E46YgrRh2SBFbYdC4KGNSvN59NUA870EASWj9GEgkSIe0f56FpgUjgTrgogPuBtGq5oilEFbHA+nU6DxAWKKRNrH+t4fd3GMACDNL33pbw3ZaVhUKbQeZQFdiLFLBi0ByAa/30CVjqGws2bS+Qy086g7JNSmMpLdQz6YaQ4033UG0FiKXMRQWIgFK1eLz90nUVMO76F/e1tOgs3kr/AgDD3RRL5q5BSYH2xwbeBkTTICQKdWrsRImBZXkZ9XW93BkgKm1GuwKVuNKdLU8qHqDpDQmLCF5HJKiQ/wTWmBg8w6q4UF5CuGsCW3eEbEKva9HYP+jTtxrzh0GlpbqI2JkHdJneBsbMuIwN3bgIQ131eeVBUioAywNQq3XUGewosFYDgemSBNGBCjSUYcITeM5PJB3UFBOcwpvYGICTB3WvQ7IgZd1rQ16+5p8rS1xhavFyhXfoKtsSD5jrrIhSRySbtO9f1n63uAKTOt/weOZs54zhLayol/Xdx2GKUXb29R8F8vKpIp9Ko1+mKocjovnYrPWH1c5mciHVfOWcH4d0N4Hmka5jQhVo1QcVL/2EH82SK7dcK+LZ1SuJz5K2ZGOftRaBz8D0k/mALZcThCh4iOcJ4LV4iPcoc8cb2BBPuawZlgdzsm9rnp7pMvL5rFu9tfvLQ0YQ2taOmv+c712Gcz9WqD7bUCHy6tzuC1lbfFYSDNKhsLER/a9EtqMAOeAtNldOJ3mYhQul0mA6ITAWcCv8sxs7GXZF7PbSgujBmClSPC71CjnH+H03dJONfccRpjGE7IiMVzD8DnSMBGNNtgwecx/dSFeHiHj0lQIfHSKw2AglBo5nAysFLmNgVmKdCh8zOIKEeiWGcWF0UezgFjROavDO2mTd+fBjAEEv6sWhg1FDdLpYGR28OA6oSWy2+AmN22UIU7u2IMzGYKOkSkj0mTsNgz4oaYoo//m7oOtD3hBMY0IV1AYpJlIcXw+pS0bdohqMSdbvKNqulD2WuxsvTb7V529XZHSihGPZIydR7T6TOxiBmqJy0KCWH4kRD+ndYVj+6aC/XNaYUDtUx0lu8AR9Zo86CDA/C4fpHZHGjMV2pEepbADuZqfEuWa90wLxnBXmsBbl8qNrjOOUTech4JdrAEj4hXrJwoLsivcGaCTerkJ9RlNxCZ4oc1aS+crSQ7yMPrqxfilOe7dc624v6aPW5LT39kPXkorxhjBlG5zGMaig+xJxjLmp9kJTfBM4xexLjONF7uLhYvJwDbz6eJ96X+bl8l5idYddPk1ZFnxnT1CwZx4T9ZetrPav7oKj4LuNcv1A45suXjfev2GzrU0pMmktMM1nZx2CEUgidGxFt67JwVbJriJtRAqXepCNGqHxJbiogNFiIrsYNFCzOxGTSdu9jRmqUy73ATVANyAIpM107MS0m5bQvSA+5wWsuBFU50waFuhkTaQo5JofKOghBoPIzRyknsClKb4tJ9GV3o9a6CsPHt2Im4nSyVYPXsziqB9V0ijWL1BQ6lV77dopNr3OgZ6wnsg29gp7x8Bw6W8DUTQy9KVU1hk0N1gm9LeH3OAWls8xKKRMgw59eDJQlCOggkRVMNr0jpWtLsY+la2nFGHdbFuMY7oallpISctoSByyipVIScscpRpVYxFsRCyiTMsGq9CWu6iESvatuxncm0BZyDTLJcFMtLKQt2oyW0ly6EOToeJADDJAmzLxtcuDZcNqQKFeinWu7Wqp3+gxcZgABLPWDgAWl8ZSQ0oAtj9PCAIgp96qQ1mT/VCS5QlqUEsZt/0AwhH9qAOCMXgYl3iHHaybuPYQAJotFGOXRtvXrIjAqH7AtdbSPIG7i44kv9vgaxlazO8cHG4OTivdpNDH2DSvE6PKGCTD2RAsmSXyVLTKU6TnWRJcY8sEIT2xENIjioyR1n5E5JFOj7EgvqNBURD8zErNcrqZVZoGGRqMMjL6ld2gJkTup+Ay8uQG28WXgiSGWxHMUjNQH54ubXeZnFhwQ5poSZoLml1sZBEoXmS1em0bHsThGShxYWBukkFGwI5Su0qFMg1qrjkl4zQ3sQim8hwueCePsHGgL4+u0oGdNGpE5Ob4ktCiD9JXFQUB5RQMy0uKPX2qlZIuyQtTifRKgYTZ2ukIkqzye/Y0gZIw8myqQEXpUcZqj4PcekZvSNCrcL8I+rtEazKdmFhLhFHERNmiICykVuCGSH6SGdoK0QjfdmKj+t8KZ9dTYvZe+t8iRgOl7oNvkSjuzXDxWNxgQa1CneCprdMPBixywt3ezboELONLeKgso0mGmRGGj6w9y7iZgS+EGfdL2gX43xvSLQ7cYPCxug2iihJo7cpa3sxf1O+5Yp5mBoAnkTfUiQrA1jSxTAAERjEAgFWhIPY2Jsdza+QDyrE5mp1V6UZRE0OqxQQ6WfXFmOryUfVUIcgoEckioW6i2Hasz16dAsq4NKHIionGfkSzgiWU8HFDCYGwAGNzrbsgsa92bLTGVGbVbz5aah+8xBps9n/h84+6vrDXRKojw6FlGfjldH7CXT2TvaWIp+eU/ylEE10dMIjiRByvwGJzuqmQ26ZyVGHKCrpRpRJVCbXHEPc5LA75cClZCplbaKhsEGCpB2Sg/uO4ZdMoB8IC/II2yajx4i+yDNtjywd0X2XBDskwLdHBAcG0H7F7MJAx4Nysc++ITI7LRhuo259FE8UpdtoJlIYTMDTDm6II/UJNlHsxpfbVjFgb7d9ixt7rT0crLXnWLg8zS+3oLahb7eg47b62qxdYuhrrcGlRLDPGZ+qGlpDsMm5i2gkO5zxVSogKvorVqltpHesQgvVC9kGsZFerg4AL+xNJFVoxkFoe0DpUVR+BmHxgrco3D7pa9PenFyvHtgmqD+8OeFZVmyb74LoKlmzKGsSroLttnh4sC9Zf1lcFwY+vr765+vl4nETxdnZ8iHPt69PTrKSdPZiE67SJEvu8herZHMSrJOTVy9f/svJ6enJpqJxspLGs/oAsa0pT1I+spRUXjXn9CJMs/xdkAe3QfHk5ny90bKVH4QHjLL0WvE2tQFvFPXOa14iNIWKv2unQ7tfWF6/yXhhuK6yl+QFb9yGxXnZTgZvWPXSvPz1KoiCtHk4Kj5cPU+i3SY2vGTFy18/BKdfH3ab220aFtpGJKWm0aliFM3U3pwoIlI74kTrCWVoqL1L6nuCDYLY/+rbU3cMWCkMhQPVC6lIyuahFKfauuUVyaG+eidFgFu3X2bF35/u/kHr/3/s2OvjdXX5ouDtep2yLJMJySkO3RyvkvguTDdsjRNHM7nBKeZ/6XiqvrrKIIqS78UrP10GTQqd4mVWz+UyOeGzA3dxcBux0lfCRbDiYCkuYBYvh1b1Vlli2JaZXu/HhI/zp3pl+3mXPaitATM4Sv28QkHJ3Nfkd6Y2B8lDr+VzkGXfk3RdHE/mQA1Qeh/q7x+3YbVnf1deZzXXpeZ2UNEpK0xbv+YrRT0L3+nUPgRZfsFFzdYfkvsw1qhC6XTqQsnzahsj0tZT/U8FLvO2eHLWQX0bT/twGVH1+ESToviqsfuKGH1WS1kQGwoPNTm6rljQFXD56l5a+wLv8E0UfguinUKi/uTABYuDOL9UtPj+K53SO5at0nCrTz9SgsN0WfZsrgh6/9VZLYI60WlyKhQzU1dEzUdHOtXMFa5+h+iJiW4KmwNxravp6utsFEf9ELyzzqhc3rirC6TcYDumVjvpGyY5iU5z78xSJIe7uMQpXe9u/5Ot1A1985FOp14JV77jZGpK0mzwJ7+Y7gxDyWeSOxrNxYcC5c/JWiFQfXFYudUP8DVOpAQHIDLNrMTcjEm+oPw1AdslfJ4NhF0fg3dY59pe8Duue+3k0E0n+y4S0voHSnfQX+sN37xA/S6nOOh98/6119a1Fp6+j5QSZgNT4JplZ2zqPt7cAUmggc68Jgj2wJ8cilLBtSFKIE7xMiuRq5qZ6o9HHPfCsRcA90Lu9JBF8DoKWCcCAPDwoTMOdGeQ7nAg0BhqBenD7HCZXT8EqeQPU+5/LdmF9ueU3YWPKsnm62wwRXy1Q0QV4dobAVckKkMhSzVDORqgku9xlARrwJysJLlg6TeWhnehfmiz/+5C7UOy+l2n1XydGzL7o7E7AsdDHQB5jSSWx2UxtX1Kw/uHXF1EtZ/HN2j6Ntl+YRELMvYxyVUrqZwy7Zh+/5gXx8FR3ae/ppFqgdXT6dT/HGQPb6P7JA3zh41MWElyo6mTctI8qyTWGtp+dNJgxQWYXNNg9Vd3Std5cTgN02vSOlBlG66gXyFkm8Su3Jqpy1kczffbtT6ypQQ3eu/XIUiu+e5ArfKfooFI/O6A6HCtetuW4K0nu7Q7vt+VviDkVjdfHWaG3W0U6ncchM/Os8xFyLER/lW7BKAkOtBNk8LMqfWL+N1Fg2+TLCy8m2gElSQn7fWFBesrdhlXilVTZVWyq/mgOHarQfJ2VdxVDWJ1H2HI5mJd3myCVFkQtB8drMvBvTIrVl8cKIS5qirrTw67N5Zm2nzffnS5CZRugoiDdQ1SBJJdTgQK5fmBfWP6yZma5qzByj0lqMPqFGeKlYrCNKOQ6kI50/V2/c1xJ5xWSy9gN9ymOJz9REGes5itW4d/0gGQltqBsuwWDiRv8hxHqkP2RgTWYXJYZKrjKozPo5BvbMBhoaeOf/EEvIXY4Q5iLSG+3sl3GbZjElLHumo87Z4Z987ptnOuI6d03j9j5QfeRWM4cD0UCdQ7vNWXufW2xc2mW5cLgW06d7uJxmF0fT8jYK1Xr7dsBS5xqgSXRVvx6EqIaCOv35TEucFTcZPZF6DylqwzRi1kDgOmfu9aXxenntr2Zf/VbQcHLEY7rULPk81Gu5zTfpwp2L3BvDfAx4P2oUyXezerffuoiYDWuY9QAoehfrzdQg/5njcPNlvVrNB+Htc8Ae4rO2wnfR63eL/Z7skY79ckO39Dov/jpb9NM2L/46QhDrmGMpD7Plbpcigw7ayLOQR3m3HL10mdp1u49GHMtfTVlS+j+7R4EVyZ9wXNfm/cGTkGEkPB50A3/ZgzVeq1xCLorns3wcX+Znc6oGfnzn0CBC927yEKkaH6y9c+pb8Ovt7dIst4OWWYi7BTPdEWvWd2RqEY8NodfsbSf7N6QnVD2rdzul+4tBEYqosEXOinfEra3G5zvt3lSfHyhadFTzWzms0CyOFgJIhX0W6t3RVuv7rc1ND2y+hGeaLBoAa17zwYZEIdBoONwGD6ij3mhgtxQPJsOg/0y9p34yBS6753MFMZePc5sApqPDODz2E7+ANQPONqZKH0bm8JCzeN+FPCKvXZviRUXM32HScVnT73BeDyQ42N+p7RJ82S3n52pvXzk8aUnOKCpSBTdwfNN4edRngfB/kuVU9z959ng0bFLW1nNEp0OqDRUv6A0Fi3BIOkmDwl0ueIUdltseX9bRtVnPrIti1gfUqLhfnSlIU5crsuPxqGNbpg1xbCbDnqwWztVbors6gpB+dP9U/tjAUoZIIFDaYihCewRETgtfTFBHW56IgKA8OHiwssArjD3TahFOUOm/naDy53cwjx7vqjIOcRHuYw5F3ZrOlMBBIgcjDxJGtfwPXACpcwGg64p7648YgCNBhyVx7deePbxHVY9OriMvu4i6Kz5V0QqU9bDE0fZObR4uE6TEFaWeJcdNpxMkLC6B7ArIQE5j2k6Yka8Je8oIWLW5e3BBcfpAUkVP2BrH1B1v2o3B6DoTfCxICrhgPlJgt0Tgyd5gMi1eOyjjgSbRz17MiCyNg9B4f3tB/HCpkNx67E7YspGGhXYdoO8hx72RRe9JDmAizqGcXYK2Qn+s7B51gkNlpPHVhT9bgWQMKtzXPpiTffjhstQpeapTXC1V/a322Erjo6lhS2q5RMEYRr0U6CQLisKstywYXwLVwXobKun7KcbV4UGV5c/yWq3i7vM/AhGN6xrIpbcbZ89fL01XLxNgqDrIqpVgcCe73aZcVpeBwneR1xjRAZ7PTHIjIYW29O1OLu8cUKKlm2lsIECNbtRrswJK7SG96XKiIapHxhdwsUVW9O1JJvIGwWPJwty6BX5ZD+hfGery5l5IXPDNHvfYG+wsNMi8ATI301RFdV1bcgXT0E6XJxFTx+YPF9/nC2/OmlSDxP9YtMKm0DXbXLXl/Ga/Z4tvyvsujrxeV/3MhRtFtSP/AR9msc/mXHc33lTCz+W+Ly1R/+aJGBaIY2drcxlNYBd7n6RF6oitAtWoBzmVw9W/6w+JRyBfB68RLqL0eG2xl4UE5PnTl1QtKzgY8ce6uqKIYUhjIUKRoDDfHluZo24JeB7h9/6iiaJvRXRfs2zJ3pCDG/uhOxhvXqThqM4tWDUyRil6Fzfnzl2udQ0K6BK1AjdVXVFS+K8rAAnxt98eV4P0pQZK5+FPV4XIIC8qNDsVhOB6xJe8xr0hTbYUqtYkn51X715Xa6qqZx2saa8jsHSI9z/ZLeA8Iv3daFqzpYEWCeJ5vtrizgqpCboFX9tIIWq6qZIu4VvUBVWlWcKhemyOoFiP10wJpFiR/lpl+kwr20zP4mqBsHTTmscgpe2vg+8hj8h03w+I+utJRAVRaKfWY5POjTAaOxiiDloR+kCFJukBKK9kIV2y9uuix1faJSiDvlJou2oMPgJiOYHtOJhmh79CY7wCEabiLTKfRSjHLoKDdWxLK9mLDuuCiaTScr3avH5+o+GLOEaaIByxrgBgYjGsXGDsOeGPQJQLkhzmOhLduLiTaMT3d9+hwwPBZ4nwdyO8N2IsySAWEJ2XTA6z+7YeD01Z869IQWBKqPxbUJ/+S9X633qQ64Zy1mmS7dqsRtodoRoS7dx2DqA4wm+tJQwHg2YMBuuLmpaZhKz4Vu69XPw7ZrNCucwULZiXHZC54Hgt6GKhRSyQN/iq85k6JyvttQucTzbOtunTx6aPw+6FIv5ScFWvJAqYl75IspDwQlR39DD2oxulLPUzzBjaePwaLHVOoj0iaakmmEOA86wYni0P2keZTEzi5o1AQnqV40ueQi1Y+qbKIsgb1O4wp1g9rHYFp7QPVhMC0dofogVLkt9nu61/p79HsqC0RaIldAs4jLAZfAVYCDPiu3c156SQ+w5IVo1vNejhxbqTsdPZqSjxMWOIaST8py5CQPlPWgSQaA/+QM8GFuadCuKPS+BKaHWeq+Su93b1Qu3UcswDX6TlvMPQE6N66beyjM0uFv8bvLvPe5RaDf2iQoDdduw8IkHbuuh+XcyVbosGKqYjb5XYxpXpz7kHdFnyEA0hGAPcyApAu0tF1JG3mp+3SKrkt7m5HaEEwTgPbZwBWaaRwPN1xFCMYcOmARTj7ip1u6CwGSeqqaQWwNPreMfk9XfB96+DSpe7a4zt4o6P3A6G/HQuh6PDT1cZZfc7fxRMV1EsFt/l4n3+LLceadeJ9OtooPsOdH/LIdMAq8bmJRkPWwwA1ke9OdFB1wJw5t8bJF/zlg0U34vtK6e+yyr5cDEXkmDl7S9Ak0NM7PASNs6MFpir1zwGJTvX45niRJpXsN09leWYTDA/U4dG4DA3Wn0XUfSEa7KbjOAaMdCM4z+GIWj2xzwIKc7WiVQuq4cSMU7cUCFH7HjROdgrfXhVXMHk8GpIHfZRkC3xzw0BFClvS0x8gRRdwgJpbtifYq6I4FUrRV9T6miTs5MqwMEWyOsGJg/JtO2NoT6AWwWaB8HGQS4tvQEEp0zq0XRDzs2uEN1+g67ek0Znjo6PkFYtc+Jnsx99jLs132zbanydFnqAMbjxij58YDt1AGdFuT6yiuC/bqUJF1t/r3JUccwKfHEfzsRrB7OI6BJ2caXg50rp4JMJ0Oa7qebuFxDAC0wDEu7L084ZFLy7MjpqpiQ/SWMcQGrdOs8TE8aunZWOXnp5VFBzbZZLt3ggz8tF+IQtFsRQv3mDeoD9738XpRDCTJTW/NehHo4YX4uXRJvY3CFa/5bKnHKvsUVzvoReVvkdMMslWgR/0uA3JgfFT+PEUW6i9y7f+kEeV9xtKK1XPe2Vyfh3ok289pGK/CbRDprVayUtFQNKelqqY0z1FyqXGUmhRHoHqdLWlFtDYxSKFKKNgpjcoobEr9KPZW9UHurJcvXpxq/TVVl0NBkybu7L3lf5J+3mPtBpjuHPt6ILXgrJ4ODS2OmsgQ3GoExIjeblsPrYPqCMm/rkhLTjhsDOBOhJEKJb+6kyChDM9Xs6wusOahOY7IgSoUfBBPhxsHl8POWMJVibFWkbA5I0F9zRszdOkjDNg9PM8FTPPUTIMA8dA0V28Uyi65J8Gf2IbaXa0VeLJlAuvtzEWx6d61RbJA6iDIMZhcBoKQxas4Uus8VBcAnYkwg4DlGaLkgOChhzgvbQVwQF+hW3Wf1GLvAqmjTHjwjRUjZ9B07AmCFr/dA8GQcGsHqZl4EjgpLKH4zTNZbc0LfKOtr7rjbdo1FXA2S9R90MG72M1g+igQxO5zWbgbEIbWSwoDoZJ0sw2pm3wRZmKYzlgXzg+Io+nDPsibhUa8aXzAWDoX6sxx4VX7UAT4aFKG1GljognyFonUKHp4mBRGgl9P/FKAkEc6dhO/O53jOIDT1xE/1s5hIUE75WeyZ9ZJASF5Dp69chE8fQK8iKnPRclgvk2RWueiaKQ77c19a+oiHnx+K3a0kmFMBJou69s4VbMPiVGDV9JhAUt+zYCwYXq+MD2ALct7MiCOoDWA9pDgir+fmRKvsAuSGU7o/VT94U7r7up5LjN77fb2cCDW+OkFGGmTngusQJ/EBwKowW8TTo2Hsa1dLmCYh5FLcO55AJvRon6Ii+r7c1EpZWsOSZ+0HjR9TlE01aI57xRJConPBRuIE1YzQG4mR8hoU82IBs+xJ5fDmVWkU7r6m3V2me858oiYmvic+HmcC9de9NeFe6DneI/hlHJ+fPo8EWpx8fFcIHt4dxomBeXUtxpoKJx2btbvEgKNeS4XXm06nVbgOV+H7arHZ307FkQ07QBphtP/IaF6qmWBN1zPaomgx5yYr8cAID6GyomafNhrAFtAEKTamb0D9vVic+7P5EaDRbfXcR/Z96rgjKAxz1e8U72gmwBApOpmAZuCc+ueYerZqfhLq7/6eNiIgb0dIpXNYP6p0GJZj2u9BfXUM0ILuQNHRUuRcWK0FP8JF7fnOSspTGpsGG7wH6K2cb3kP63SEbilo6nDW4xni62x33R0gdgs3nYIzl1vroI4uCecO4nx/iSgid/Hcfqn+OFFuBnwWSIa+3AgoBk9D2NAs7kangxoMz4tmh5a43mW7ICpiedHKXomZD0/QKu5EhIUANzzvMJhCoWKVDkrm7eo2ax3hmY3d04Gt4lmTheYzWLirBkW4362sSVnOXMCDEMaVk4/7BkUahKlXim86GzQ9Tym0/nAcOKbZ86onNXsCgFUCWh71IJG+M1eC0IRjqfEWtX7+2ifc8ZXHXYW9HBRpTwLTEHRdZEa5QCvM8AR9R2Ba1fO7l2Je19NcPu/7pTpwCHFi1aCG89S08gBrkUmlJTD1jSGON5IjUBk6/kgqv+0hauWIyLMiJhy7pH8hRc9sydYBuIpzxNvviZ+L07hWOnokvzAw2X08ljuHSXvy1iAvEzOS7C0sW4la3YRpln+LsiD20CLIF2Vuma5fl65XLxvwwtCp8zXqwe2Cc6W69uEd3kVpVA6w9bxItelnRJr9Wk5oDq1s3NKvUhleA12smIUMl1yQiIouDbdXlEdF0+ro/4OkS+T7JTlYEhaBXIyVI+Yw16dOaKJVr05O8SOORqMjT3gErDGE5AHYkTL5lK7sVpbffaKgGdRWn1AHqhaLZu9dtB2qNUP5oI4gN7YUHnA6zXWRabf+LvFamnSDXU1Xn+JNYoOMLFaxTyGmiW/oMTqFV9dGAdKNgMTUk5XNqwMUKomV9q6DsIqbTMYKq3yOEi8cjWDVVmlGuqrHO0Q6xL8l2AVClkMtba5CLqqvOmqq6fyM6iRiku9pBWB+gwIXB+ombDVgpSP0n/S0bC+ehBTweXDPgO5LlzrqRkMNZJ14C9BFLG0+FDYgIFK1QxQpXIeMlJl+zsGVjmXAa9iRgdVXO2WcTVcpRtVcJHFXqOyP9dqVNKhGqUsHZYQyBIbyUdaSlTxFLqsJxBm0JzEdYUbQ0YfqqSZ0X2yqsq5zlyAWwSq7E7JwlNcSrgjjLZupBUj4c9tSbl/lgHOI/iE1aQ6TRkIwrUclqmjubLptHHLLDu1zL410ysUbBzKvvdG3EkL2cQ98A0eRhsJJt42UP6smW32paVNeFmw/qIa3eWmkJtZHXqjLQTOxAGTnsBd9WGSBqmR5YFGGYPP92yYcz93aCIcCh1oKCFmes/mQjacsqSc0LvJpYl5b+rRmypnONgmmq1OSLNd4tn2EgXFhFZSMmccXlQ4RBxCNj8TYZkiBQNSIgcWNp3JIK3Tpl6JBmoBLekAqUOIhiqT8YSBSMFD822RXgFJOAWHlRqEGn7LdgGpBuEYd4AwPWi4+hRZ/e7IRWTQU6WeOmc6wQBbHTua7IXwphq2ZGVDwXSD6CxbeYzm8OLDkWUv5BNbsxBQG4kQFwccrBBqCsQ6RQTy0YpYuknx1lzpPBpvsuGhMPacW9yciN/tzaeIrUeT5bMfvM147Diffa0faokUxFRfAjAHL8MF4hD0DGooeHwmtlXJYBcdwQiJ0lezDyxcq451CMhlEIWh2c9DoO3AIgoSuW3rb/j2Q3V3sahxinCBGCMa+RSFckYsFm+TfDcfM0xB2QZYq4zZZDl8jGHekvIN1tvi2bxYtvruq9F6tBO84ZbIKD4br10WEAkIid763oLzwQA+7FIMjl1B3Ii0+Uffwo0oFCS8AlFElOAMU+x5Tyl7Ov0u9TAiddv+UoIHDLMPHk1obs7rSQYpE4GJLHo2qNMKjCVsF+uficB4Q3+uAtfvvaGTK5bV52DH7+q15dVk/6dbTodag5xljX80o7WL1vqhmj3cIUzZhPIOjkFl65l8g1y8PtSWqj76bCKuKPVMBuWlMgsxOn4T9bdBSDO1jL57E7P0amn9r9uY/IpCd2/Ifki9mq5HForBBSYkE6rHTFkk+iXuSiTid9NNJfhGn0rD0/mNyVkjVSQDLOYnEYJiCZJXUKgsTKXGWzfC1/lFefnbcYNu8CxgIZgdPA2cUURQU4JdteF7YoJrNz+7YOixg4grOX0QcRBHEbXo6NaXGYhQ9X5FFJ/RadYh40vze4ELxOwiw48Q5Lc18vlzleK54QRbr9ETkY9GjGjZNfrPAURA97fTs//Bt1VlUSVlGBHAwCf5hjmYhnd0bmK7JNrRTUpPsXW8eGoQW+HGqSDSevpo096cVA9t6g/8Z56kfDxeJWsWZeXXNydfeFeFG1b9esey0irflOA0Y1Z6kdoTbfJcxndJ491E4ajJ0iS3HgzyYB3kwdtiIxescp68YllWvu78LYh2rLiwf8vWl/GnXb7d5bzJbHMbSQa7wlGKqf43JxrPbz5tS5n6aAJnM+RNYJ/in3dhtG75vggi9coGRqLwwPIL49+rviyWIez+qaX0MYmJhGrxtY5jvrLNNio26Z/i6+Ab68Ibh+8Hdh+snvj3b+G6wDJGxN4RstjfvAuD+zTYZDWNfXn+k2N4vXn81/8HrUd9PC2oAgA=</value>
+  </data>
+  <data name="DefaultSchema" xml:space="preserve">
+    <value>dbo</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/src/NuGetGallery/NuGetGallery.csproj b/src/NuGetGallery/NuGetGallery.csproj
index edbbae2509..76030fa30e 100644
--- a/src/NuGetGallery/NuGetGallery.csproj
+++ b/src/NuGetGallery/NuGetGallery.csproj
@@ -441,8 +441,8 @@
     <Reference Include="NuGet.Protocol, Version=4.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\..\packages\NuGet.Protocol.4.3.0-preview1-2524\lib\net45\NuGet.Protocol.dll</HintPath>
     </Reference>
-    <Reference Include="NuGet.Services.Contracts, Version=2.10.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\NuGet.Services.Contracts.2.10.0\lib\net45\NuGet.Services.Contracts.dll</HintPath>
+    <Reference Include="NuGet.Services.Contracts, Version=2.25.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\NuGet.Services.Contracts.2.25.0-master-30191\lib\net45\NuGet.Services.Contracts.dll</HintPath>
     </Reference>
     <Reference Include="NuGet.Services.KeyVault, Version=1.0.0.0, Culture=neutral, processorArchitecture=MSIL">
       <HintPath>..\..\packages\NuGet.Services.KeyVault.1.0.0.0\lib\net45\NuGet.Services.KeyVault.dll</HintPath>
@@ -460,23 +460,18 @@
       <HintPath>..\..\packages\NuGet.Services.Platform.Client.3.0.29-r-master\lib\portable-net45+wp80+win\NuGet.Services.Platform.Client.dll</HintPath>
       <Private>True</Private>
     </Reference>
-    <Reference Include="NuGet.Services.ServiceBus, Version=2.10.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\NuGet.Services.ServiceBus.2.10.0\lib\net45\NuGet.Services.ServiceBus.dll</HintPath>
+    <Reference Include="NuGet.Services.ServiceBus, Version=2.25.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\NuGet.Services.ServiceBus.2.25.0-master-30191\lib\net45\NuGet.Services.ServiceBus.dll</HintPath>
     </Reference>
-    <Reference Include="NuGet.Services.Validation, Version=2.10.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\NuGet.Services.Validation.2.10.0\lib\net45\NuGet.Services.Validation.dll</HintPath>
+    <Reference Include="NuGet.Services.Validation, Version=2.25.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\NuGet.Services.Validation.2.25.0-master-30191\lib\net45\NuGet.Services.Validation.dll</HintPath>
     </Reference>
-    <Reference Include="NuGet.Services.Validation.Issues, Version=2.10.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\NuGet.Services.Validation.Issues.2.10.0\lib\net45\NuGet.Services.Validation.Issues.dll</HintPath>
+    <Reference Include="NuGet.Services.Validation.Issues, Version=2.25.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\NuGet.Services.Validation.Issues.2.25.0-master-30191\lib\net45\NuGet.Services.Validation.Issues.dll</HintPath>
     </Reference>
     <Reference Include="NuGet.Versioning, Version=4.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\..\packages\NuGet.Versioning.4.3.0-preview1-2524\lib\net45\NuGet.Versioning.dll</HintPath>
     </Reference>
-    <Reference Include="ODataNullPropagationVisitor, Version=0.5.4237.2641, Culture=neutral, processorArchitecture=MSIL">
-      <SpecificVersion>False</SpecificVersion>
-      <HintPath>..\..\packages\ODataNullPropagationVisitor.0.5.4237.2641\lib\net40\ODataNullPropagationVisitor.dll</HintPath>
-      <Private>True</Private>
-    </Reference>
     <Reference Include="Owin, Version=1.0.0.0, Culture=neutral, PublicKeyToken=f0ebd12fd5e55cc5, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
       <HintPath>..\..\packages\Owin.1.0\lib\net40\Owin.dll</HintPath>
@@ -700,6 +695,7 @@
     <Compile Include="Areas\Admin\Models\ISupportRequestDbContext.cs" />
     <Compile Include="Areas\Admin\Models\SupportRequestDbContext.cs" />
     <Compile Include="Areas\Admin\Services\ValidationAdminService.cs" />
+    <Compile Include="Areas\Admin\ViewModels\DeleteAccountAsAdminViewModel.cs" />
     <Compile Include="Areas\Admin\ViewModels\DeleteAccountStatus.cs" />
     <Compile Include="Areas\Admin\ViewModels\HardDeleteReflowBulkRequestConfirmation.cs" />
     <Compile Include="Areas\Admin\ViewModels\HardDeleteReflowBulkRequest.cs" />
@@ -802,6 +798,7 @@
     <Compile Include="Filters\UIAuthorizeAttribute.cs" />
     <Compile Include="GlobalSuppressions.cs" />
     <Compile Include="Helpers\GravatarHelper.cs" />
+    <Compile Include="Helpers\ObfuscationHelper.cs" />
     <Compile Include="Helpers\PermissionsHelpers.cs" />
     <Compile Include="Helpers\RegexEx.cs" />
     <Compile Include="Helpers\RouteUrlTemplate.cs" />
@@ -832,6 +829,18 @@
     <Compile Include="Migrations\201803202317063_AddEnableMultiFactorAuthentication.Designer.cs">
       <DependentUpon>201803202317063_AddEnableMultiFactorAuthentication.cs</DependentUpon>
     </Compile>
+    <Compile Include="Migrations\201804171613337_AddCertificateRegistration.cs" />
+    <Compile Include="Migrations\201804171613337_AddCertificateRegistration.Designer.cs">
+      <DependentUpon>201804171613337_AddCertificateRegistration.cs</DependentUpon>
+    </Compile>
+    <Compile Include="Migrations\201804241507196_RemoveUserCertificateIsActive.cs" />
+    <Compile Include="Migrations\201804241507196_RemoveUserCertificateIsActive.Designer.cs">
+      <DependentUpon>201804241507196_RemoveUserCertificateIsActive.cs</DependentUpon>
+    </Compile>
+    <Compile Include="Migrations\201805012001354_AddUserCertificatesIndex.cs" />
+    <Compile Include="Migrations\201805012001354_AddUserCertificatesIndex.Designer.cs">
+      <DependentUpon>201805012001354_AddUserCertificatesIndex.cs</DependentUpon>
+    </Compile>
     <Compile Include="RequestModels\DeleteAccountRequest.cs" />
     <Compile Include="Migrations\201710301857232_Organizations.cs" />
     <Compile Include="Migrations\201710301857232_Organizations.Designer.cs">
@@ -841,7 +850,11 @@
     <Compile Include="Migrations\201711021733062_ApiKeyOwnerScope.Designer.cs">
       <DependentUpon>201711021733062_ApiKeyOwnerScope.cs</DependentUpon>
     </Compile>
+    <Compile Include="Security\AutomaticOverwriteRequiredSignerPolicy.cs" />
+    <Compile Include="Security\ControlRequiredSignerPolicy.cs" />
+    <Compile Include="Security\RequiredSignerPolicy.cs" />
     <Compile Include="Security\RequireOrganizationTenantPolicy.cs" />
+    <Compile Include="Services\AccountDeletionOrphanPackagePolicy.cs" />
     <Compile Include="Services\ActionOnNewPackageContext.cs" />
     <Compile Include="Services\ActionRequiringAccountPermissions.cs" />
     <Compile Include="Services\ActionRequiringEntityPermissions.cs" />
@@ -849,9 +862,13 @@
     <Compile Include="Services\ActionRequiringReservedNamespacePermissions.cs" />
     <Compile Include="Services\ActionsRequiringPermissions.cs" />
     <Compile Include="Services\AsynchronousPackageValidationInitiator.cs" />
+    <Compile Include="Services\CertificateService.cs" />
+    <Compile Include="Services\CertificateValidator.cs" />
     <Compile Include="Services\CloudBlobFileStorageService.cs" />
     <Compile Include="Services\DeleteAccountService.cs" />
     <Compile Include="Services\IActionRequiringEntityPermissions.cs" />
+    <Compile Include="Services\ICertificateService.cs" />
+    <Compile Include="Services\ICertificateValidator.cs" />
     <Compile Include="Services\IDeleteAccountService.cs" />
     <Compile Include="Services\IFileStorageService.cs" />
     <Compile Include="Services\IContentObjectService.cs" />
@@ -1071,8 +1088,13 @@
     <Compile Include="Telemetry\UserPackageDeleteEvent.cs" />
     <Compile Include="Telemetry\UserPackageDeleteOutcome.cs" />
     <Compile Include="ViewModels\AddOrganizationViewModel.cs" />
+    <Compile Include="ViewModels\DeleteOrganizationViewModel.cs" />
+    <Compile Include="ViewModels\DeleteUserViewModel.cs" />
+    <Compile Include="ViewModels\ListCertificateItemViewModel.cs" />
     <Compile Include="ViewModels\GalleryHomeViewModel.cs" />
     <Compile Include="ViewModels\HandleOrganizationMembershipRequestModel.cs" />
+    <Compile Include="ViewModels\ListPackageItemRequiredSignerViewModel.cs" />
+    <Compile Include="ViewModels\SignerViewModel.cs" />
     <Compile Include="WebRole.cs" />
     <Content Include="bin\NuGetGallery.dll.config">
       <SubType>Designer</SubType>
@@ -1639,7 +1661,6 @@
     <Compile Include="Services\NoLessSecureDestinationRedirectPolicy.cs" />
     <Compile Include="Services\ReflowPackageService.cs" />
     <Compile Include="Services\TelemetryService.cs" />
-    <Compile Include="Areas\Admin\ViewModels\DeleteUserAccountViewModel.cs" />
     <Compile Include="ViewModels\ManageOrganizationsItemViewModel.cs" />
     <Compile Include="ViewModels\ManageOrganizationsViewModel.cs" />
     <Compile Include="ViewModels\ChangeEmailViewModel.cs" />
@@ -1972,6 +1993,15 @@
     <EmbeddedResource Include="Migrations\201803202317063_AddEnableMultiFactorAuthentication.resx">
       <DependentUpon>201803202317063_AddEnableMultiFactorAuthentication.cs</DependentUpon>
     </EmbeddedResource>
+    <EmbeddedResource Include="Migrations\201804171613337_AddCertificateRegistration.resx">
+      <DependentUpon>201804171613337_AddCertificateRegistration.cs</DependentUpon>
+    </EmbeddedResource>
+    <EmbeddedResource Include="Migrations\201804241507196_RemoveUserCertificateIsActive.resx">
+      <DependentUpon>201804241507196_RemoveUserCertificateIsActive.cs</DependentUpon>
+    </EmbeddedResource>
+    <EmbeddedResource Include="Migrations\201805012001354_AddUserCertificatesIndex.resx">
+      <DependentUpon>201805012001354_AddUserCertificatesIndex.cs</DependentUpon>
+    </EmbeddedResource>
     <EmbeddedResource Include="OData\QueryAllowed\Data\apiv1packages.json" />
     <EmbeddedResource Include="OData\QueryAllowed\Data\apiv1search.json" />
     <EmbeddedResource Include="OData\QueryAllowed\Data\apiv2getupdates.json" />
@@ -1987,6 +2017,7 @@
     <Content Include="Areas\Admin\Views\Delete\_ReflowBulkConfirm.cshtml" />
     <Content Include="Areas\Admin\Views\LockPackage\Index.cshtml" />
     <Content Include="App_Data\Files\Content\Login-Discontinuation-Configuration.json" />
+    <Content Include="Areas\Admin\Views\DeleteAccount\_DeleteUserAccountForm.cshtml" />
     <None Include="Scripts\jquery-1.11.0.intellisense.js" />
     <Content Include="Scripts\jquery-1.11.0.js" />
     <Content Include="Scripts\jquery-1.11.0.min.js" />
@@ -2060,6 +2091,11 @@
     <Content Include="Views\Authentication\_SigninAssistance.cshtml" />
     <Content Include="Views\Organizations\Add.cshtml" />
     <Content Include="Views\Organizations\HandleOrganizationMembershipRequest.cshtml" />
+    <Content Include="Views\Users\_UserOrganizationsListForDeletedAccount.cshtml" />
+    <Content Include="Views\Organizations\DeleteAccount.cshtml" />
+    <Content Include="Views\Users\_DeleteUserAccountForm.cshtml" />
+    <Content Include="Views\Organizations\_OrganizationMembersListForDeletedAccount.cshtml" />
+    <Content Include="Views\Shared\_AccountCertificates.cshtml" />
   </ItemGroup>
   <ItemGroup>
     <CodeAnalysisDictionary Include="Properties\CodeAnalysisDictionary.xml" />
@@ -2164,9 +2200,7 @@
     <Content Include="packages.config">
       <SubType>Designer</SubType>
     </Content>
-    <Content Include="Scripts\statsgraphs.js" />
     <Content Include="Scripts\nugetgallery.js" />
-    <Content Include="Scripts\stats.js" />
     <Content Include="Scripts\gallery\**\*" />
     <Content Include="Web.config">
       <SubType>Designer</SubType>
@@ -2424,6 +2458,6 @@
       copy "$(ProjectDir)..\Bootstrap\dist\css\bootstrap.css" "$(ProjectDir)Content\gallery\css" &gt;NUL
       copy "$(ProjectDir)..\Bootstrap\dist\css\bootstrap-theme.css" "$(ProjectDir)Content\gallery\css" &gt;NUL
       copy "$(ProjectDir)..\Bootstrap\dist\js\bootstrap.js" "$(ProjectDir)Scripts\gallery" &gt;NUL
-</PreBuildEvent>
+    </PreBuildEvent>
   </PropertyGroup>
 </Project>
\ No newline at end of file
diff --git a/src/NuGetGallery/RequestModels/EditPackageRequest.cs b/src/NuGetGallery/RequestModels/EditPackageRequest.cs
index 17436fcb44..931b9af584 100644
--- a/src/NuGetGallery/RequestModels/EditPackageRequest.cs
+++ b/src/NuGetGallery/RequestModels/EditPackageRequest.cs
@@ -15,6 +15,7 @@ public class EditPackageRequest
         public string PackageId { get; set; }
         public string PackageTitle { get; set; }
         public string Version { get; set; }
+        public PackageRegistration PackageRegistration { get; set; }
         public IList<Package> PackageVersions { get; set; }
         public bool IsLocked { get; set; }
     }
diff --git a/src/NuGetGallery/RouteName.cs b/src/NuGetGallery/RouteName.cs
index 90951142c5..0c64146b92 100644
--- a/src/NuGetGallery/RouteName.cs
+++ b/src/NuGetGallery/RouteName.cs
@@ -78,6 +78,7 @@ public static class RouteName
         public const string ConfirmAccount = "ConfirmAccount";
         public const string SigninAssistance = "SigninAssistance";
         public const string ChangeEmailSubscription = "ChangeEmailSubscription";
+        public const string ChangeMultiFactorAuthentication = "ChangeMultiFactorAuthentication";
         public const string ErrorReadOnly = "ErrorReadOnly";
         public const string Error500 = "Error500";
         public const string Error404 = "Error404";
@@ -90,5 +91,14 @@ public static class RouteName
         public const string Downloads = "Downloads";
         public const string AdminDeleteAccount = "AdminDeleteAccount";
         public const string UserDeleteAccount = "DeleteAccount";
+        public const string AddUserCertificate = "AddUserCertificate";
+        public const string DeleteUserCertificate = "DeleteUserCertificate";
+        public const string GetUserCertificate = "GetUserCertificate";
+        public const string GetUserCertificates = "GetUserCertificates";
+        public const string AddOrganizationCertificate = "AddOrganizationCertificate";
+        public const string DeleteOrganizationCertificate = "DeleteOrganizationCertificate";
+        public const string GetOrganizationCertificate = "GetOrganizationCertificate";
+        public const string GetOrganizationCertificates = "GetOrganizationCertificates";
+        public const string SetRequiredSigner = "SetRequiredSigner";
     }
-}
+}
\ No newline at end of file
diff --git a/src/NuGetGallery/Scripts/gallery/async-file-upload.js b/src/NuGetGallery/Scripts/gallery/async-file-upload.js
index 6912818f94..a114e047ac 100644
--- a/src/NuGetGallery/Scripts/gallery/async-file-upload.js
+++ b/src/NuGetGallery/Scripts/gallery/async-file-upload.js
@@ -1,358 +1,360 @@
-'use strict';
-
-var AsyncFileUploadManager = new function () {
-    var _actionUrl;
-    var _cancelUrl;
-    var _submitVerifyUrl;
-    var _isWebkitBrowser = false; // $.browser.webkit is not longer supported on jQuery
-    var _iframeId = '__fileUploadFrame';
-    var _uploadFormId;
-    var _uploadFormData;
-    var _pollingInterval = 250; // in ms
-    var _pingUrl;
-    var _failureCount;
-    var _isUploadInProgress;
-
-    this.init = function (pingUrl, formId, jQueryUrl, actionUrl, cancelUrl, submitVerifyUrl) {
-        _pingUrl = pingUrl;
-        _uploadFormId = formId;
-        _actionUrl = actionUrl;
-        _cancelUrl = cancelUrl;
-        _submitVerifyUrl = submitVerifyUrl;
-
-        $('#file-select-feedback').on('dragenter', function (e) {
-            e.preventDefault();
-            e.stopPropagation();
-
-            $(this).removeAttr('readonly');
-        });
-
-        $('#file-select-feedback').on('dragleave', function (e) {
-            e.preventDefault();
-            e.stopPropagation();
-
-            $(this).attr('readonly', 'readonly');
-        });
-
-
-        $('#file-select-feedback').on('dragover', function (e) {
-            e.preventDefault();
-            e.stopPropagation();
-        });
-
-
-        $('#file-select-feedback').on('drop', function (e) {
-            e.preventDefault();
-            e.stopPropagation();
-            $(this).attr('readonly', 'readonly');
+var AsyncFileUploadManager = (function () {
+    'use strict';
+
+    return new function () {
+        var _actionUrl;
+        var _cancelUrl;
+        var _submitVerifyUrl;
+        var _isWebkitBrowser = false; // $.browser.webkit is not longer supported on jQuery
+        var _iframeId = '__fileUploadFrame';
+        var _uploadFormId;
+        var _uploadFormData;
+        var _pollingInterval = 250; // in ms
+        var _pingUrl;
+        var _failureCount;
+        var _isUploadInProgress;
+
+        this.init = function (pingUrl, formId, jQueryUrl, actionUrl, cancelUrl, submitVerifyUrl) {
+            _pingUrl = pingUrl;
+            _uploadFormId = formId;
+            _actionUrl = actionUrl;
+            _cancelUrl = cancelUrl;
+            _submitVerifyUrl = submitVerifyUrl;
+
+            $('#file-select-feedback').on('dragenter', function (e) {
+                e.preventDefault();
+                e.stopPropagation();
+
+                $(this).removeAttr('readonly');
+            });
 
-            clearErrors();
-            var droppedFile = e.originalEvent.dataTransfer.files[0];
-            $('#file-select-feedback').attr('value', droppedFile.name);
+            $('#file-select-feedback').on('dragleave', function (e) {
+                e.preventDefault();
+                e.stopPropagation();
 
-            prepareUploadFormData();
-            _uploadFormData.set("UploadFile", droppedFile);
-            cancelUploadAsync(startUploadAsync, startUploadAsync);
-        });
+                $(this).attr('readonly', 'readonly');
+            });
 
-        $('#file-select-feedback').on('click', function () {
-            $('#input-select-file').click();
-        });
 
-        $('#input-select-file').on('change', function () {
-            clearErrors();
-            var fileName = window.nuget.getFileName($('#input-select-file').val());
+            $('#file-select-feedback').on('dragover', function (e) {
+                e.preventDefault();
+                e.stopPropagation();
+            });
+
+
+            $('#file-select-feedback').on('drop', function (e) {
+                e.preventDefault();
+                e.stopPropagation();
+                $(this).attr('readonly', 'readonly');
+
+                clearErrors();
+                var droppedFile = e.originalEvent.dataTransfer.files[0];
+                $('#file-select-feedback').attr('value', droppedFile.name);
 
-            if (fileName.length > 0) {
-                $('#file-select-feedback').attr('value', fileName);
                 prepareUploadFormData();
-                // Cancel any ongoing upload, and then start the new upload.
-                // If the cancel fails, still try to upload the new one.
+                _uploadFormData.set("UploadFile", droppedFile);
                 cancelUploadAsync(startUploadAsync, startUploadAsync);
-            } else {
-                resetFileSelectFeedback();
+            });
+
+            $('#file-select-feedback').on('click', function () {
+                $('#input-select-file').click();
+            });
+
+            $('#input-select-file').on('change', function () {
+                clearErrors();
+                var fileName = window.nuget.getFileName($('#input-select-file').val());
+
+                if (fileName.length > 0) {
+                    $('#file-select-feedback').attr('value', fileName);
+                    prepareUploadFormData();
+                    // Cancel any ongoing upload, and then start the new upload.
+                    // If the cancel fails, still try to upload the new one.
+                    cancelUploadAsync(startUploadAsync, startUploadAsync);
+                } else {
+                    resetFileSelectFeedback();
+                }
+            });
+
+            if (InProgressPackage != null) {
+                bindData(InProgressPackage);
             }
-        });
+        }
 
-        if (InProgressPackage != null) {
-            bindData(InProgressPackage);
+        function resetFileSelectFeedback() {
+            $('#file-select-feedback').attr('value', 'Browse or Drop files to select a package...');
         }
-    }
 
-    function resetFileSelectFeedback() {
-        $('#file-select-feedback').attr('value', 'Browse or Drop files to select a package...');
-    }
+        function prepareUploadFormData() {
+            var formData = new FormData($('#' + _uploadFormId)[0]);
+            _uploadFormData = formData;
+        }
 
-    function prepareUploadFormData() {
-        var formData = new FormData($('#' + _uploadFormId)[0]);
-        _uploadFormData = formData;
-    }
+        function startUploadAsync(callback, error) {
+            // Shortcut the upload if the nupkg input doesn't have a value
+            if ($('#input-select-file').val() == null) {
+                return;
+            }
 
-    function startUploadAsync(callback, error) {
-        // Shortcut the upload if the nupkg input doesn't have a value
-        if ($('#input-select-file').val() == null) {
-            return;
-        }
+            startProgressBar();
 
-        startProgressBar();
+            $.ajax({
+                url: _actionUrl,
+                type: 'POST',
 
-        $.ajax({
-            url: _actionUrl,
-            type: 'POST',
+                data: _uploadFormData,
 
-            data: _uploadFormData,
+                cache: false,
+                contentType: false,
+                processData: false,
 
-            cache: false,
-            contentType: false,
-            processData: false,
+                success: function (model, resultCodeString, fullResponse) {
+                    bindData(model);
+                    endProgressBar();
+                    if (callback) {
+                        callback();
+                    }
+                },
 
-            success: function (model, resultCodeString, fullResponse) {
-                bindData(model);
-                endProgressBar();
-                if (callback) {
-                    callback();
-                }
-            },
+                error: handleErrors.bind(this, error)
+            });
+        }
 
-            error: handleErrors.bind(this, error)
-        });
-    }
+        function submitVerifyAsync(callback, error) {
+            $.ajax({
+                url: _submitVerifyUrl,
+                type: 'POST',
 
-    function submitVerifyAsync(callback, error) {
-        $.ajax({
-            url: _submitVerifyUrl,
-            type: 'POST',
+                data: new FormData($('#verify-metadata-form')[0]),
 
-            data: new FormData($('#verify-metadata-form')[0]),
+                cache: false,
+                contentType: false,
+                processData: false,
 
-            cache: false,
-            contentType: false,
-            processData: false,
+                success: function (model, resultCodeString, fullResponse) {
+                    if (callback) {
+                        callback(model);
+                    }
+                },
 
-            success: function (model, resultCodeString, fullResponse) {
-                if (callback) {
-                    callback(model);
-                }
-            },
+                error: handleErrors.bind(this, error)
+            });
+        }
 
-            error: handleErrors.bind(this, error)
-        });
-    }
+        function cancelUploadAsync(callback, error) {
+            clearErrors();
 
-    function cancelUploadAsync(callback, error) {
-        clearErrors();
+            $.ajax({
+                url: _cancelUrl,
+                type: 'POST',
 
-        $.ajax({
-            url: _cancelUrl,
-            type: 'POST',
+                data: new FormData($('#cancel-form')[0]),
 
-            data: new FormData($('#cancel-form')[0]),
+                cache: false,
+                contentType: false,
+                processData: false,
 
-            cache: false,
-            contentType: false,
-            processData: false,
+                success: function (model, resultCodeString, fullResponse) {
+                    bindData(model);
+                    if (callback) {
+                        callback();
+                    }
+                },
 
-            success: function (model, resultCodeString, fullResponse) {
-                bindData(model);
-                if (callback) {
-                    callback();
-                }
-            },
-
-            error: handleErrors.bind(this, error)
-        });
-    }
-
-    function handleErrors(errorCallback, model, resultCodeString, fullResponse) {
-        bindData(null);
-
-        switch (resultCodeString) {
-            case "timeout":
-                displayErrors(["The operation timed out. Please try again."]);
-                break;
-            case "abort":
-                displayErrors(["The operation was aborted. Please try again."]);
-                break;
-            default:
-                displayErrors(model.responseJSON);
-                break;
+                error: handleErrors.bind(this, error)
+            });
         }
 
-        if (fullResponse.status >= 500) {
-            displayErrors(["There was a server error."]);
-        }
+        function handleErrors(errorCallback, model, resultCodeString, fullResponse) {
+            bindData(null);
+
+            switch (resultCodeString) {
+                case "timeout":
+                    displayErrors(["The operation timed out. Please try again."]);
+                    break;
+                case "abort":
+                    displayErrors(["The operation was aborted. Please try again."]);
+                    break;
+                default:
+                    displayErrors(model.responseJSON);
+                    break;
+            }
 
-        endProgressBar();
-        if (errorCallback) {
-            errorCallback();
-        }
-    }
+            if (fullResponse.status >= 500) {
+                displayErrors(["There was a server error."]);
+            }
 
-    function displayErrors(errors) {
-        if (errors == null || errors.length < 1) {
-            return;
+            endProgressBar();
+            if (errorCallback) {
+                errorCallback();
+            }
         }
 
-        clearErrors()
-
-        var failureContainer = $("#validation-failure-container");
-        var failureListContainer = document.createElement("div");
-        $(failureListContainer).attr("id", "validation-failure-list");
-        $(failureListContainer).attr("data-bind", "template: { name: 'validation-errors', data: data }");
-        failureContainer.append(failureListContainer);
-        ko.applyBindings({ data: errors }, failureListContainer);
-        failureContainer.removeClass("hidden");
-    }
-
-    function clearErrors() {
-        $("#validation-failure-container").addClass("hidden");
-        $("#validation-failure-list").remove();
-
-        var warnings = $('#warning-container');
-        warnings.addClass("hidden");
-        warnings.children().remove();
-    }
-
-    function bindData(model) {
-        $("#verify-package-block").remove();
-        $("#submit-block").remove();
-        $("#verify-warning-container").addClass("hidden");
-        $("#verify-collapser-container").addClass("hidden");
-        $("#submit-collapser-container").addClass("hidden");
-
-        if (model != null) {
-            var reportContainerElement = document.createElement("div");
-            $(reportContainerElement).attr("id", "verify-package-block");
-            $(reportContainerElement).attr("class", "collapse in");
-            $(reportContainerElement).attr("aria-expanded", "true");
-            $(reportContainerElement).attr("data-bind", "template: { name: 'verify-metadata-template', data: data }");
-            $("#verify-package-container").append(reportContainerElement);
-            ko.applyBindings({ data: model }, reportContainerElement);
-
-            var submitContainerElement = document.createElement("div");
-            $(submitContainerElement).attr("id", "submit-block");
-            $(submitContainerElement).attr("class", "collapse in");
-            $(submitContainerElement).attr("aria-expanded", "true");
-            $(submitContainerElement).attr("data-bind", "template: { name: 'submit-package-template', data: data }");
-            $("#submit-package-container").append(submitContainerElement);
-            ko.applyBindings({ data: model }, submitContainerElement);
-
-            $('#verify-cancel-button').on('click', function () {
-                $('#verify-cancel-button').attr('disabled', 'disabled');
-                $('#verify-cancel-button').attr('value', 'Cancelling');
-                $('#verify-cancel-button').addClass('.loading');
-                $('#verify-submit-button').attr('disabled', 'disabled');
-                $('#input-select-file').val("");
-                resetFileSelectFeedback();
-                cancelUploadAsync();
-            });
+        function displayErrors(errors) {
+            if (errors == null || errors.length < 1) {
+                return;
+            }
 
-            $('#verify-submit-button').on('click', function () {
-                $('#verify-cancel-button').attr('disabled', 'disabled');
-                $('#verify-submit-button').attr('disabled', 'disabled');
-                $('#verify-submit-button').attr('value', 'Submitting');
-                $('#verify-submit-button').addClass('.loading');
-                submitVerifyAsync(navigateToPage, bindData.bind(this, model));
-            });
+            clearErrors()
 
-            $('#iconurl-field').on('change', function () {
-                $('#icon-preview').attr('src', $('#iconurl-field').val());
-            });
+            var failureContainer = $("#validation-failure-container");
+            var failureListContainer = document.createElement("div");
+            $(failureListContainer).attr("id", "validation-failure-list");
+            $(failureListContainer).attr("data-bind", "template: { name: 'validation-errors', data: data }");
+            failureContainer.append(failureListContainer);
+            ko.applyBindings({ data: errors }, failureListContainer);
+            failureContainer.removeClass("hidden");
+        }
 
-            $("#verify-warning-container").removeClass("hidden");
-            $("#verify-collapser-container").removeClass("hidden");
-            $("#submit-collapser-container").removeClass("hidden");
+        function clearErrors() {
+            $("#validation-failure-container").addClass("hidden");
+            $("#validation-failure-list").remove();
 
-            window.nuget.configureExpanderHeading("verify-package-section");
-            window.nuget.configureExpanderHeading("submit-package-form");
+            var warnings = $('#warning-container');
+            warnings.addClass("hidden");
+            warnings.children().remove();
         }
 
-        bindReadMeData(model);
-    }
-
-    function navigateToPage(verifyResponse) {
-        document.location = verifyResponse.location;
-    }
-
-    function startProgressBar() {
-        _isUploadInProgress = true;
-        _failureCount = 0;
-
-        setProgressIndicator(0, '');
-        $("#upload-progress-bar-container").removeClass("hidden");
-        setTimeout(getProgress, 100);
-    }
-
-    function endProgressBar() {
-        $("#upload-progress-bar-container").addClass("hidden");
-        _isUploadInProgress = false;
-    }
-
-    function getProgress() {
-        $.ajax({
-            type: 'GET',
-            dataType: 'json',
-            url: _pingUrl,
-            success: onGetProgressSuccess,
-            error: onGetProgressError
-        });
-    }
-
-    function onGetProgressSuccess(result) {
-        if (!result) {
-            return;
-        }
+        function bindData(model) {
+            $("#verify-package-block").remove();
+            $("#submit-block").remove();
+            $("#verify-warning-container").addClass("hidden");
+            $("#verify-collapser-container").addClass("hidden");
+            $("#submit-collapser-container").addClass("hidden");
+
+            if (model != null) {
+                var reportContainerElement = document.createElement("div");
+                $(reportContainerElement).attr("id", "verify-package-block");
+                $(reportContainerElement).attr("class", "collapse in");
+                $(reportContainerElement).attr("aria-expanded", "true");
+                $(reportContainerElement).attr("data-bind", "template: { name: 'verify-metadata-template', data: data }");
+                $("#verify-package-container").append(reportContainerElement);
+                ko.applyBindings({ data: model }, reportContainerElement);
+
+                var submitContainerElement = document.createElement("div");
+                $(submitContainerElement).attr("id", "submit-block");
+                $(submitContainerElement).attr("class", "collapse in");
+                $(submitContainerElement).attr("aria-expanded", "true");
+                $(submitContainerElement).attr("data-bind", "template: { name: 'submit-package-template', data: data }");
+                $("#submit-package-container").append(submitContainerElement);
+                ko.applyBindings({ data: model }, submitContainerElement);
+
+                $('#verify-cancel-button').on('click', function () {
+                    $('#verify-cancel-button').attr('disabled', 'disabled');
+                    $('#verify-cancel-button').attr('value', 'Cancelling');
+                    $('#verify-cancel-button').addClass('.loading');
+                    $('#verify-submit-button').attr('disabled', 'disabled');
+                    $('#input-select-file').val("");
+                    resetFileSelectFeedback();
+                    cancelUploadAsync();
+                });
+
+                $('#verify-submit-button').on('click', function () {
+                    $('#verify-cancel-button').attr('disabled', 'disabled');
+                    $('#verify-submit-button').attr('disabled', 'disabled');
+                    $('#verify-submit-button').attr('value', 'Submitting');
+                    $('#verify-submit-button').addClass('.loading');
+                    submitVerifyAsync(navigateToPage, bindData.bind(this, model));
+                });
+
+                $('#iconurl-field').on('change', function () {
+                    $('#icon-preview').attr('src', $('#iconurl-field').val());
+                });
+
+                $("#verify-warning-container").removeClass("hidden");
+                $("#verify-collapser-container").removeClass("hidden");
+                $("#submit-collapser-container").removeClass("hidden");
+
+                window.nuget.configureExpanderHeading("verify-package-section");
+                window.nuget.configureExpanderHeading("submit-package-form");
+            }
 
-        var percent = result.Progress;
+            bindReadMeData(model);
+        }
 
-        if (!result.FileName) {
-            return;
+        function navigateToPage(verifyResponse) {
+            document.location = verifyResponse.location;
         }
 
-        setProgressIndicator(percent, result.FileName);
-        if (percent < 100) {
-            setTimeout(getProgress, _pollingInterval);
+        function startProgressBar() {
+            _isUploadInProgress = true;
+            _failureCount = 0;
+
+            setProgressIndicator(0, '');
+            $("#upload-progress-bar-container").removeClass("hidden");
+            setTimeout(getProgress, 100);
         }
-        else {
+
+        function endProgressBar() {
+            $("#upload-progress-bar-container").addClass("hidden");
             _isUploadInProgress = false;
         }
-    }
 
-    function onGetProgressError(result) {
-        if (++_failureCount < 3) {
-            setTimeout(getProgress, _pollingInterval);
+        function getProgress() {
+            $.ajax({
+                type: 'GET',
+                dataType: 'json',
+                url: _pingUrl,
+                success: onGetProgressSuccess,
+                error: onGetProgressError
+            });
+        }
+
+        function onGetProgressSuccess(result) {
+            if (!result) {
+                return;
+            }
+
+            var percent = result.Progress;
+
+            if (!result.FileName) {
+                return;
+            }
+
+            setProgressIndicator(percent, result.FileName);
+            if (percent < 100) {
+                setTimeout(getProgress, _pollingInterval);
+            }
+            else {
+                _isUploadInProgress = false;
+            }
+        }
+
+        function onGetProgressError(result) {
+            if (++_failureCount < 3) {
+                setTimeout(getProgress, _pollingInterval);
+            }
         }
-    }
-
-    function setProgressIndicator(percentComplete, fileName) {
-        $("#upload-progress-bar").width(percentComplete + "%")
-            .attr("aria-valuenow", percentComplete)
-            .text(percentComplete + "%");
-    }
-
-    // obsolete
-    function constructIframe(jQueryUrl) {
-        var iframe = document.getElementById(_iframeId);
-        if (iframe) {
-            return;
+
+        function setProgressIndicator(percentComplete, fileName) {
+            $("#upload-progress-bar").width(percentComplete + "%")
+                .attr("aria-valuenow", percentComplete)
+                .text(percentComplete + "%");
         }
 
-        iframe = document.createElement('iframe');
-        iframe.setAttribute('id', _iframeId);
-        iframe.setAttribute('style', 'display: none; visibility: hidden;');
-
-        $(iframe).load(function () {
-            var scriptRef = document.createElement('script');
-            scriptRef.setAttribute("src", jQueryUrl);
-            scriptRef.setAttribute("type", "text/javascript");
-            iframe.contentDocument.body.appendChild(scriptRef);
-
-            var scriptContent = document.createElement('script');
-            scriptContent.setAttribute("type", "text/javascript");
-            scriptContent.innerHTML = "var _callback,_error, _key, _pingUrl, _fcount;function start(b,c,e){_callback=c;_pingUrl=b;_error=e;_fcount=0;setTimeout(getProgress,200)}function getProgress(){$.ajax({type:'GET',dataType:'json',url:_pingUrl,success:onSuccess,error:_error})}function onSuccess(a){if(!a){return}var b=a.Progress;var d=a.FileName;if(!d){return}_callback(b,d);if(b<100){setTimeout(getProgress,200)}}function onError(a){if(++_fcount<3){setTimeout(getProgress,200)}}";
-            iframe.contentDocument.body.appendChild(scriptContent);
-        });
-
-        document.body.appendChild(iframe);
-    }
-};
\ No newline at end of file
+        // obsolete
+        function constructIframe(jQueryUrl) {
+            var iframe = document.getElementById(_iframeId);
+            if (iframe) {
+                return;
+            }
+
+            iframe = document.createElement('iframe');
+            iframe.setAttribute('id', _iframeId);
+            iframe.setAttribute('style', 'display: none; visibility: hidden;');
+
+            $(iframe).load(function () {
+                var scriptRef = document.createElement('script');
+                scriptRef.setAttribute("src", jQueryUrl);
+                scriptRef.setAttribute("type", "text/javascript");
+                iframe.contentDocument.body.appendChild(scriptRef);
+
+                var scriptContent = document.createElement('script');
+                scriptContent.setAttribute("type", "text/javascript");
+                scriptContent.innerHTML = "var _callback,_error, _key, _pingUrl, _fcount;function start(b,c,e){_callback=c;_pingUrl=b;_error=e;_fcount=0;setTimeout(getProgress,200)}function getProgress(){$.ajax({type:'GET',dataType:'json',url:_pingUrl,success:onSuccess,error:_error})}function onSuccess(a){if(!a){return}var b=a.Progress;var d=a.FileName;if(!d){return}_callback(b,d);if(b<100){setTimeout(getProgress,200)}}function onError(a){if(++_fcount<3){setTimeout(getProgress,200)}}";
+                iframe.contentDocument.body.appendChild(scriptContent);
+            });
+
+            document.body.appendChild(iframe);
+        }
+    };
+}());
diff --git a/src/NuGetGallery/Scripts/gallery/certificates.js b/src/NuGetGallery/Scripts/gallery/certificates.js
new file mode 100644
index 0000000000..489e0060e4
--- /dev/null
+++ b/src/NuGetGallery/Scripts/gallery/certificates.js
@@ -0,0 +1,162 @@
+var CertificatesManagement = (function () {
+    'use strict';
+
+    var _addCertificateUrl;
+    var _getCertificatesUrl;
+    var _model;
+
+    return new function () {
+        this.init = function (addCertificateUrl, getCertificatesUrl) {
+            _addCertificateUrl = addCertificateUrl;
+            _getCertificatesUrl = getCertificatesUrl;
+
+            $('#input-select-file').on('change', function () {
+                clearErrors();
+
+                var filePath = $('#input-select-file').val();
+
+                if (filePath) {
+                    var uploadForm = $('#uploadCertificateForm')[0];
+                    var formData = new FormData(uploadForm);
+
+                    uploadForm.reset();
+
+                    addCertificateAsync(formData);
+                }
+            });
+
+            listCertificatesAsync();
+        }
+
+        function listCertificatesAsync() {
+            $.ajax({
+                method: 'GET',
+                url: _getCertificatesUrl,
+                dataType: 'json',
+                cache: false,
+                contentType: false,
+                processData: false,
+                success: function (response) {
+                    applyModel(response);
+                },
+                error: onError.bind(this)
+            });
+        }
+
+        function deleteCertificateAsync(model) {
+            clearErrors();
+
+            if (model.CanDelete) {
+                $.ajax({
+                    method: 'DELETE',
+                    url: model.DeleteUrl,
+                    cache: false,
+                    data: window.nuget.addAjaxAntiForgeryToken({}),
+                    dataType: 'json',
+                    success: function (response) {
+                        listCertificatesAsync();
+                    },
+                    error: onError.bind(this)
+                });
+            }
+        }
+
+        function addCertificateAsync(data) {
+            clearErrors();
+
+            $.ajax({
+                method: 'POST',
+                url: _addCertificateUrl,
+                data: data,
+                cache: false,
+                contentType: false,
+                processData: false,
+                complete: function (xhr, textStatus) {
+                    switch (xhr.status) {
+                        case 201:
+                        case 409:
+                            listCertificatesAsync();
+                            break;
+
+                        default:
+                            onError(xhr, textStatus);
+                            break;
+                    }
+                }
+            });
+        }
+
+        function applyModel(data) {
+            if (_model) {
+                _model.certificates(data);
+            } else {
+                _model = {
+                    certificates: ko.observableArray(data),
+                    deleteCertificate: deleteCertificateAsync,
+                    hasCertificates: function () {
+                        return this.certificates().length > 0;
+                    }
+                };
+
+                ko.applyBindings(_model, document.getElementById('certificates-container'));
+            }
+
+            var certificatesHeader;
+
+            if (data) {
+                certificatesHeader = data.length + " certificate";
+
+                if (data.length !== 1) {
+                    certificatesHeader += "s";
+                }
+            } else {
+                certificatesHeader = "";
+            }
+
+            $('#certificates-section-header').text(certificatesHeader);
+        }
+
+        function onError(model, resultCodeString) {
+            switch (resultCodeString) {
+                case "timeout":
+                    displayErrors(["The operation timed out. Please try again."]);
+                    break;
+                case "abort":
+                    displayErrors(["The operation was aborted. Please try again."]);
+                    break;
+                default:
+                    displayErrors(model.responseJSON);
+                    break;
+            }
+
+            if (model.status >= 500) {
+                displayErrors(["There was a server error."]);
+            }
+        }
+
+        function displayErrors(errors) {
+            if (errors == null || errors.length === 0) {
+                return;
+            }
+
+            clearErrors();
+
+            var failureContainer = $("#validation-failure-container");
+            var failureListContainer = document.createElement("div");
+            $(failureListContainer).attr("id", "validation-failure-list");
+            $(failureListContainer).attr("data-bind", "template: { name: 'validation-errors', data: data }");
+            failureContainer.append(failureListContainer);
+            ko.applyBindings({ data: errors }, failureListContainer);
+            failureContainer.removeClass("hidden");
+        }
+
+        function clearErrors() {
+            $("#validation-failure-container").addClass("hidden");
+            $("#validation-failure-list").remove();
+
+            var warnings = $('#warning-container');
+            warnings.addClass("hidden");
+            warnings.children().remove();
+        }
+    };
+}());
\ No newline at end of file
diff --git a/src/NuGetGallery/Scripts/gallery/clamp.js b/src/NuGetGallery/Scripts/gallery/clamp.js
index a2c9814070..fdbb5510ee 100644
--- a/src/NuGetGallery/Scripts/gallery/clamp.js
+++ b/src/NuGetGallery/Scripts/gallery/clamp.js
@@ -7,6 +7,7 @@
  */
 
 (function(root, factory) {
+  'use strict';
   if (typeof define === 'function' && define.amd) {
     // AMD
     define([], factory);
@@ -18,6 +19,7 @@
     root.$clamp = factory();
   }
 }(this, function() {
+  'use strict';
   /**
    * Clamps a text node.
    * @param {HTMLElement} element. Element containing the text node to clamp.
diff --git a/src/NuGetGallery/Scripts/gallery/common.js b/src/NuGetGallery/Scripts/gallery/common.js
index 427b31d4bb..5a34352c8a 100644
--- a/src/NuGetGallery/Scripts/gallery/common.js
+++ b/src/NuGetGallery/Scripts/gallery/common.js
@@ -50,10 +50,48 @@
                 } else {
                     error.insertAfter(element);
                 }
+            },
+            showErrors: function (errorMap, errorList) {
+                this.defaultShowErrors();
+
+                // By default, showErrors adds an aria-describedby attribute to every field that it validates, even if it finds no issues.
+                // This is a problem, because the aria-describedby attribute will then link to an empty element.
+                // This code removes the aria-describedby if the describing element is missing or empty.
+                var i;
+                for (i = 0; this.errorList[i]; i++) {
+                    removeInvalidAriaDescribedBy(this.errorList[i].element);
+                }
+
+                for (i = 0; this.successList[i]; i++) {
+                    removeInvalidAriaDescribedBy(this.successList[i]);
+                }
             }
         });
     }
 
+    function removeInvalidAriaDescribedBy(element) {
+        var describedBy = element.getAttribute("aria-describedby");
+        if (!describedBy) {
+            return;
+        }
+
+        var ids = describedBy.split(" ")
+            .filter(function (describedById) {
+                if (!describedById) {
+                    return false;
+                }
+
+                var describedByElement = $("#" + describedById);
+                return describedByElement && describedByElement.text();
+            });
+
+        if (ids.length) {
+            element.setAttribute("aria-describedby", ids.join(" "));
+        } else {
+            element.removeAttribute("aria-describedby");
+        }
+    }
+
     nuget.parseNumber = function (unparsedValue) {
         unparsedValue = ('' + unparsedValue).replace(/,/g, '');
         var parsedValue = parseInt(unparsedValue);
@@ -280,88 +318,89 @@
     window.nuget = nuget;
 
     initializeJQueryValidator();
-})();
-
-$(function () {
-    // Use moment.js to format attributes with the "datetime" attribute to "X time ago".
-    $.each($('*[data-datetime]'), function () {
-        var $el = $(this);
-        var formats = window.nuget.getDateFormats($el.data().datetime);
-        if (!formats) {
-            return;
-        }
 
-        if (!$el.attr('title')) {
-            $el.attr('title', formats.title);
-        }
+    $(function () {
+        // Use moment.js to format attributes with the "datetime" attribute to "X time ago".
+        $.each($('*[data-datetime]'), function () {
+            var $el = $(this);
+            var formats = window.nuget.getDateFormats($el.data().datetime);
+            if (!formats) {
+                return;
+            }
 
-        if (formats.text) {
-            $el.text(formats.text);
-        }
-    });
+            if (!$el.attr('title')) {
+                $el.attr('title', formats.title);
+            }
 
-    // Handle confirm pop-ups.
-    $('*[data-confirm]').delegate('', 'click', function (e) {
-        window.nuget.confirmEvent($(this).data().confirm, e);
-    });
+            if (formats.text) {
+                $el.text(formats.text);
+            }
+        });
 
-    // Select the first input that has an error.
-    $('.has-error')
-        .find('input,textarea,select')
-        .filter(':visible:first')
-        .focus();
-
-    // Handle Google analytics tracking event on specific links.
-    $.each($('a[data-track]'), function () {
-        $(this).click(function (e) {
-            var href = $(this).attr('href');
-            var category = $(this).data().track;
-            if (window.nuget.isGaAvailable() && href && category) {
-                if (e.altKey || e.ctrlKey || e.metaKey) {
-                    ga('send', 'event', category, 'click', href);
-                } else {
-                    e.preventDefault();
-                    ga('send', 'event', category, 'click', href, {
-                        'transport': 'beacon',
-                        'hitCallback': window.nuget.createFunctionWithTimeout(function () {
-                            document.location = href;
-                        })
-                    });
+        // Handle confirm pop-ups.
+        $('*[data-confirm]').delegate('', 'click', function (e) {
+            window.nuget.confirmEvent($(this).data().confirm, e);
+        });
+
+        // Select the first input that has an error.
+        $('.has-error')
+            .find('input,textarea,select')
+            .filter(':visible:first')
+            .focus();
+
+        // Handle Google analytics tracking event on specific links.
+        $.each($('a[data-track]'), function () {
+            $(this).click(function (e) {
+                var href = $(this).attr('href');
+                var category = $(this).data().track;
+                if (window.nuget.isGaAvailable() && href && category) {
+                    if (e.altKey || e.ctrlKey || e.metaKey) {
+                        ga('send', 'event', category, 'click', href);
+                    } else {
+                        e.preventDefault();
+                        ga('send', 'event', category, 'click', href, {
+                            'transport': 'beacon',
+                            'hitCallback': window.nuget.createFunctionWithTimeout(function () {
+                                document.location = href;
+                            })
+                        });
+                    }
                 }
-            }
+            });
         });
-    });
 
-    // Show elements that require ClickOnce
-    (function () {
-        var userAgent = window.navigator.userAgent.toUpperCase();
-        var hasNativeDotNet = userAgent.indexOf('.NET CLR 3.5') >= 0;
-        if (hasNativeDotNet) {
-            $('.no-clickonce').removeClass('no-clickonce');
-        }
-    })();
+        // Show elements that require ClickOnce
+        (function () {
+            var userAgent = window.navigator.userAgent.toUpperCase();
+            var hasNativeDotNet = userAgent.indexOf('.NET CLR 3.5') >= 0;
+            if (hasNativeDotNet) {
+                $('.no-clickonce').removeClass('no-clickonce');
+            }
+        })();
 
-    // Don't close the dropdown on click events inside of the dropdown.
-    $(document).on('click', '.dropdown-menu', function (e) {
-        e.stopPropagation();
-    });
+        // Don't close the dropdown on click events inside of the dropdown.
+        $(document).on('click', '.dropdown-menu', function (e) {
+            e.stopPropagation();
+        });
 
-    $(document).on('keydown', function (e) {
-        var code = (e.keyCode || e.which);
-        var isValidInputCharacter =
-            ((code >= 48 && code <= 57)           // numbers 0-9
-                || (code >= 64 && code <= 90)     // letters a-z
-                || (code >= 96 && code <= 111)    // numpad
-                || (code >= 186 && code <= 192)   // ; = , - . / `
-                || (code >= 219 && code <= 222))  // [\ ] '
-            && !e.altKey && !e.ctrlKey && !e.metaKey;
-
-        if (isValidInputCharacter && document.activeElement == document.body) {
-            var searchbox = $("#search");
-            searchbox.focus();
-            var currInput = searchbox.val();
-            searchbox.val("");
-            searchbox.val(currInput);
-        }
+        $(document).on('keydown', function (e) {
+            var code = (e.keyCode || e.which);
+            var isValidInputCharacter =
+                ((code >= 48 && code <= 57)           // numbers 0-9
+                    || (code >= 64 && code <= 90)     // letters a-z
+                    || (code >= 96 && code <= 111)    // numpad
+                    || (code >= 186 && code <= 192)   // ; = , - . / `
+                    || (code >= 219 && code <= 222))  // [\ ] '
+                && !e.altKey && !e.ctrlKey && !e.metaKey;
+
+            if (isValidInputCharacter && document.activeElement == document.body) {
+                var searchbox = $("#search");
+                searchbox.focus();
+                var currInput = searchbox.val();
+                searchbox.val("");
+                searchbox.val(currInput);
+            }
+        });
     });
-});
+}());
+
diff --git a/src/NuGetGallery/Scripts/gallery/page-account.js b/src/NuGetGallery/Scripts/gallery/page-account.js
index abfacc3f87..8dfe660b20 100644
--- a/src/NuGetGallery/Scripts/gallery/page-account.js
+++ b/src/NuGetGallery/Scripts/gallery/page-account.js
@@ -29,20 +29,20 @@
         }
 
         // Set up the change password form.
-        var $enablePasswordLogin = $("#ChangePassword_EnablePasswordLogin[type=checkbox]");
+        var $disablePasswordLogin = $("#ChangePassword_DisablePasswordLogin[type=checkbox]");
         function setPasswordLoginReadonly() {
-            var enablePasswordLogin = $enablePasswordLogin[0];
-            if (!enablePasswordLogin) {
+            var disablePasswordLogin = $disablePasswordLogin[0];
+            if (!disablePasswordLogin) {
                 return;
             }
 
-            var disabled = !enablePasswordLogin.checked;
+            var disabled = disablePasswordLogin.checked;
             $("#ChangePassword_OldPassword").prop('disabled', disabled);
             $("#ChangePassword_NewPassword").prop('disabled', disabled);
             $("#ChangePassword_VerifyPassword").prop('disabled', disabled);
         }
         $("#show-change-password-container").click(setPasswordLoginReadonly);
-        $enablePasswordLogin.change(setPasswordLoginReadonly);
+        $disablePasswordLogin.change(setPasswordLoginReadonly);
         setPasswordLoginReadonly();
 
         // Set up the section expanders.
diff --git a/src/NuGetGallery/Scripts/gallery/page-api-keys.js b/src/NuGetGallery/Scripts/gallery/page-api-keys.js
index d919537bbe..986a24fa90 100644
--- a/src/NuGetGallery/Scripts/gallery/page-api-keys.js
+++ b/src/NuGetGallery/Scripts/gallery/page-api-keys.js
@@ -100,6 +100,11 @@
                         function (owner) {
                             return owner.Owner.toUpperCase() == data.Owner.toUpperCase()
                         });
+
+                    if (existingOwner == null) {
+                        existingOwner = { "Owner": data.Owner, "PackageIds": [] };
+                    }
+
                     this.PackageOwner(existingOwner);
                 } else {
                     this.PackageOwner(this.PackageOwners[0]);
diff --git a/src/NuGetGallery/Scripts/gallery/page-edit-readme.js b/src/NuGetGallery/Scripts/gallery/page-edit-readme.js
index c8ccf2cf67..317d27beff 100644
--- a/src/NuGetGallery/Scripts/gallery/page-edit-readme.js
+++ b/src/NuGetGallery/Scripts/gallery/page-edit-readme.js
@@ -1,307 +1,315 @@
-'use strict';
-
-var EditReadmeManager = new function () {
-    var _currVersion;
-    var _viewModel;
-    var _changedState;
-    var _submitUrl;
-    var _cancelUrl;
-    var _submitting;
-    var _submitted = true;
-
-    this.init = function (model, submitUrl, cancelUrl) {
-        _submitting = false;
-        _submitted = false;
-        _submitUrl = submitUrl;
-        _cancelUrl = cancelUrl;
-        _viewModel = model;
-        _changedState = {};
-        bindData(_viewModel);
-
-        $(window).on('beforeunload', confirmLeave);
-
-        $('#verify-submit-button').attr('disabled', 'disabled');
-
-        $('#input-select-version').on('change', function () {
-            document.location = $(this).val();
-        });
+var EditReadmeManager = (function () {
+    'use strict';
+
+    return new function () {
+        var _currVersion;
+        var _viewModel;
+        var _changedState;
+        var _submitUrl;
+        var _cancelUrl;
+        var _submitting;
+        var _submitted = true;
+
+        this.init = function (model, submitUrl, cancelUrl) {
+            _submitting = false;
+            _submitted = false;
+            _submitUrl = submitUrl;
+            _cancelUrl = cancelUrl;
+            _viewModel = model;
+            _changedState = {};
+            bindData(_viewModel);
+
+            $(window).on('beforeunload', confirmLeave);
 
-        $('input[type="text"], input[type="checkbox"], input[type="url"], input[type="file"], textarea').on('change keydown', function () {
-            $(this).addClass("edited");
-            _changedState[$(this).attr('id')] = true;
-            $('#verify-submit-button').removeAttr('disabled');
-        });
-    }
+            $('#verify-submit-button').attr('disabled', 'disabled');
 
-    this.isEdited = function () {
-        return Object.keys(_changedState).reduce(function (previous, key) { return previous || _changedState[key]; }, false);
-    }
+            $('#input-select-version').on('change', function () {
+                document.location = $(this).val();
+            });
 
-    function confirmLeave() {
-        var message = "";
-        if (_submitting) {
-            message = "Your request is being submitted. Are you sure you want to leave?";
+            $('input[type="text"], input[type="checkbox"], input[type="url"], input[type="file"], textarea').on('change keydown', function () {
+                $(this).addClass("edited");
+                _changedState[$(this).attr('id')] = true;
+                $('#verify-submit-button').removeAttr('disabled');
+            });
         }
 
-        if (message !== "") {
-            return message;
+        this.isEdited = function () {
+            return Object.keys(_changedState).reduce(function (previous, key) { return previous || _changedState[key]; }, false);
         }
-    }
 
-    function submitAsync(callback, error) {
-        if (EditReadmeManager.isEdited()) {
-            if (!_submitting) {
-                _submitting = true;
-                $.ajax({
-                    url: _submitUrl,
-                    type: 'POST',
-
-                    data: new FormData($('#edit-readme-form')[0]),
-
-                    cache: false,
-                    contentType: false,
-                    processData: false,
-
-                    success: function (model, resultCodeString, fullResponse) {
-                        _submitting = false;
-                        _submitted = true;
-                        if (callback) {
-                            callback(model);
-                        }
-                    },
-
-                    error: handleErrors.bind(this, error)
-                });
+        function confirmLeave() {
+            var message = "";
+            if (_submitting) {
+                message = "Your request is being submitted. Are you sure you want to leave?";
             }
-        } else {
-            if (callback) {
-                callback();
+
+            if (message !== "") {
+                return message;
             }
         }
-    }
 
-    function cancelEdit() {
-        navigateToPage({ location: _cancelUrl });
-    }
+        function submitAsync(callback, error) {
+            if (EditReadmeManager.isEdited()) {
+                if (!_submitting) {
+                    _submitting = true;
+                    $.ajax({
+                        url: _submitUrl,
+                        type: 'POST',
+
+                        data: new FormData($('#edit-readme-form')[0]),
+
+                        cache: false,
+                        contentType: false,
+                        processData: false,
+
+                        success: function (model, resultCodeString, fullResponse) {
+                            _submitting = false;
+                            _submitted = true;
+                            if (callback) {
+                                callback(model);
+                            }
+                        },
+
+                        error: handleErrors.bind(this, error)
+                    });
+                }
+            } else {
+                if (callback) {
+                    callback();
+                }
+            }
+        }
 
-    function navigateToPage(editReadmeResponse) {
-        document.location = editReadmeResponse.location;
-    }
+        function cancelEdit() {
+            navigateToPage({ location: _cancelUrl });
+        }
 
-    function displayErrors(errors) {
-        if (errors == null || errors.length < 1) {
-            return;
+        function navigateToPage(editReadmeResponse) {
+            document.location = editReadmeResponse.location;
         }
 
-        var failureContainer = $("#validation-failure-container");
-        var failureListContainer = document.createElement("div");
-        $(failureListContainer).attr("id", "validation-failure-list");
-        $(failureListContainer).attr("data-bind", "template: { name: 'validation-errors', data: data }");
-        failureContainer.append(failureListContainer);
-        ko.applyBindings({ data: errors }, failureListContainer);
+        function displayErrors(errors) {
+            if (errors == null || errors.length < 1) {
+                return;
+            }
 
-        failureContainer.removeClass("hidden");
-    }
+            var failureContainer = $("#validation-failure-container");
+            var failureListContainer = document.createElement("div");
+            $(failureListContainer).attr("id", "validation-failure-list");
+            $(failureListContainer).attr("data-bind", "template: { name: 'validation-errors', data: data }");
+            failureContainer.append(failureListContainer);
+            ko.applyBindings({ data: errors }, failureListContainer);
 
-    function handleErrors(errorCallback, model, resultCodeString, fullResponse) {
-        bindData(null);
-
-        _submitting = false;
-        switch (resultCodeString) {
-            case "timeout":
-                displayErrors(["The operation timed out. Please try again."])
-                break;
-            case "abort":
-                displayErrors(["The operation was aborted. Please try again."])
-                break;
-            default:
-                displayErrors(model.responseJSON);
-                break;
+            failureContainer.removeClass("hidden");
         }
 
-        if ((fullResponse && fullResponse.status >= 500) || (model && model.status >= 500)) {
-            displayErrors(["There was a server error."])
+        function handleErrors(errorCallback, model, resultCodeString, fullResponse) {
+            bindData(null);
+
+            _submitting = false;
+            switch (resultCodeString) {
+                case "timeout":
+                    displayErrors(["The operation timed out. Please try again."])
+                    break;
+                case "abort":
+                    displayErrors(["The operation was aborted. Please try again."])
+                    break;
+                default:
+                    displayErrors(model.responseJSON);
+                    break;
+            }
+
+            if ((fullResponse && fullResponse.status >= 500) || (model && model.status >= 500)) {
+                displayErrors(["There was a server error."])
+            }
+
+            if (errorCallback) {
+                errorCallback();
+            }
         }
 
-        if (errorCallback) {
-            errorCallback();
+        function bindData(model) {
+
+            if (model == null) {
+                return;
+            }
+
+            var submitContainerElement = document.createElement("div");
+            $(submitContainerElement).attr("id", "submit-block");
+            $(submitContainerElement).attr("class", "collapse in");
+            $(submitContainerElement).attr("aria-expanded", "true");
+            $(submitContainerElement).attr("data-bind", "template: { name: 'submit-package-template', data: data }");
+            $("#submit-package-container").append(submitContainerElement);
+            ko.applyBindings({ data: model }, submitContainerElement);
+
+            $('#verify-cancel-button').on('click', function () {
+                cancelEdit();
+            });
+
+            $('#verify-submit-button').on('click', function () {
+                $('#verify-cancel-button').attr('disabled', 'disabled');
+                $('#verify-submit-button').attr('disabled', 'disabled');
+                $('#verify-submit-button').attr('value', 'Submitting');
+                $('#verify-submit-button').addClass('.loading');
+                submitAsync(navigateToPage);
+            });
+
+            bindReadMeData(model);
         }
-    }
+    };
+}());
+
+var bindReadMeData = (function () {
+    'use strict';
 
-    function bindData(model) {
-        
-        if (model == null) {
+    function bindReadMeData(model) {
+        $("#import-readme-block").remove();
+        $("#readme-collapser-container").addClass("hidden");
+
+        if (model == null)
+        {
             return;
         }
 
-        var submitContainerElement = document.createElement("div");
-        $(submitContainerElement).attr("id", "submit-block");
-        $(submitContainerElement).attr("class", "collapse in");
-        $(submitContainerElement).attr("aria-expanded", "true");
-        $(submitContainerElement).attr("data-bind", "template: { name: 'submit-package-template', data: data }");
-        $("#submit-package-container").append(submitContainerElement);
-        ko.applyBindings({ data: model }, submitContainerElement);
+        model.SelectedTab = ko.observable('written');
+        model.OnReadmeTabChange = function (_, e) {
+            model.SelectedTab($(e.target).data('source-type'));
+            return true;
+        };
 
-        $('#verify-cancel-button').on('click', function () {
-            cancelEdit();
-        });
+        var readMeContainerElement = document.createElement("div");
+        $(readMeContainerElement).attr("id", "import-readme-block");
+        $(readMeContainerElement).attr("class", "collapse in");
+        $(readMeContainerElement).attr("aria-expanded", "true");
+        $(readMeContainerElement).attr("data-bind", "template: { name: 'import-readme-template', data: data }");
+        $("#import-readme-container").append(readMeContainerElement);
+        ko.applyBindings({ data: model }, readMeContainerElement);
 
-        $('#verify-submit-button').on('click', function () {
-            $('#verify-cancel-button').attr('disabled', 'disabled');
-            $('#verify-submit-button').attr('disabled', 'disabled');
-            $('#verify-submit-button').attr('value', 'Submitting');
-            $('#verify-submit-button').addClass('.loading');
-            submitAsync(navigateToPage);
-        });
+        $("#readme-collapser-container").removeClass("hidden");
 
-        bindReadMeData(model);
-    }
-}
+        window.nuget.configureExpanderHeading("readme-package-form");
 
-function bindReadMeData(model) {
-    $("#import-readme-block").remove();
-    $("#readme-collapser-container").addClass("hidden");
+        $("#ReadMeUrlInput").on("change blur", function () {
+            clearReadMeError();
+        });
 
-    if (model == null)
-    {
-        return;
-    }
+        $('#ReadMeFileText').on('click', function () {
+            $('#ReadMeFileInput').click();
+        });
 
-    model.SelectedTab = ko.observable('written');
-    model.OnReadmeTabChange = function (_, e) {
-        model.SelectedTab($(e.target).data('source-type'));
-        return true;
-    };
+        $('#ReadMeFileInput').on('change', function () {
+            clearReadMeError();
 
-    var readMeContainerElement = document.createElement("div");
-    $(readMeContainerElement).attr("id", "import-readme-block");
-    $(readMeContainerElement).attr("class", "collapse in");
-    $(readMeContainerElement).attr("aria-expanded", "true");
-    $(readMeContainerElement).attr("data-bind", "template: { name: 'import-readme-template', data: data }");
-    $("#import-readme-container").append(readMeContainerElement);
-    ko.applyBindings({ data: model }, readMeContainerElement);
+            displayReadMeEditMarkdown();
+            var fileName = window.nuget.getFileName($('#ReadMeFileInput').val());
 
-    $("#readme-collapser-container").removeClass("hidden");
+            if (fileName.length > 0) {
+                $('#ReadMeFileText').attr('value', fileName);
+            }
+            else {
+                $('#ReadMeFileText').attr('placeholder', 'Browse or Drop files to select a ReadMe.md file...');
+            }
+        });
 
-    window.nuget.configureExpanderHeading("readme-package-form");
+        $("#ReadMeTextInput").on("change", function () {
+            clearReadMeError();
+        })
 
-    $("#ReadMeUrlInput").on("change blur", function () {
-        clearReadMeError();
-    });
+        $("#preview-readme-button").on('click', function () {
+            previewReadMeAsync();
+        });
 
-    $('#ReadMeFileText').on('click', function () {
-        $('#ReadMeFileInput').click();
-    });
+        if ($("#ReadMeTextInput").val() !== "") {
+            previewReadMeAsync();
+        }
 
-    $('#ReadMeFileInput').on('change', function () {
-        clearReadMeError();
+        $("#edit-markdown-button").on('click', function () {
+            clearReadMeError();
+            displayReadMeEditMarkdown();
+        });
+    }
+
+    function previewReadMeAsync(callback, error) {
+        // Request source type is generated off the ReadMe tab ids.
+        var readMeType = $(".readme-tabs li.active a").data("source-type")
 
-        displayReadMeEditMarkdown();
-        var fileName = window.nuget.getFileName($('#ReadMeFileInput').val());
+        var formData = new FormData();
+        formData.append("SourceType", readMeType);
 
-        if (fileName.length > 0) {
-            $('#ReadMeFileText').attr('value', fileName);
+        if (readMeType == "written") {
+            var readMeWritten = $("#ReadMeTextInput").val();
+            formData.append("SourceText", readMeWritten);
+        }
+        else if (readMeType == "url") {
+            var readMeUrl = $("#ReadMeUrlInput").val();
+            formData.append("SourceUrl", readMeUrl);
         }
-        else {
-            $('#ReadMeFileText').attr('placeholder', 'Browse or Drop files to select a ReadMe.md file...');
+        else if (readMeType == "file") {
+            var readMeFileInput = $("#ReadMeFileInput");
+            var readMeFileName = readMeFileInput && readMeFileInput[0] ? window.nuget.getFileName(readMeFileInput.val()) : null;
+            var readMeFile = readMeFileName ? readMeFileInput[0].files[0] : null;
+            formData.append("SourceFile", readMeFile);
         }
-    });
 
-    $("#ReadMeTextInput").on("change", function () {
-        clearReadMeError();
-    })
+        $.ajax({
+            url: "/packages/manage/preview-readme",
+            type: "POST",
+            contentType: false,
+            processData: false,
+            data: window.nuget.addAjaxAntiForgeryToken(formData),
+            success: function (model, resultCodeString, fullResponse) {
+                clearReadMeError();
+                displayReadMePreview(model);
+            },
+            error: function (jqXHR, exception) {
+                var message = "";
+                if (jqXHR.status == 400) {
+                    try {
+                        message = JSON.parse(jqXHR.responseText);
+                    } catch (err) {
+                        message = "Bad request. [400]";
+                    }
+                }
+                displayReadMeError(message);
+            }
+        });
+    }
 
-    $("#preview-readme-button").on('click', function () {
-        previewReadMeAsync();
-    });
+    function displayReadMePreview(response) {
+        $("#readme-preview-contents").html(response);
+        $("#readme-preview").removeClass("hidden");
 
-    if ($("#ReadMeTextInput").val() !== "") {
-        previewReadMeAsync();
-    }
+        $('.readme-tabs').children().hide();
 
-    $("#edit-markdown-button").on('click', function () {
+        $("#edit-markdown").removeClass("hidden");
+        $("#preview-html").addClass("hidden");
         clearReadMeError();
-        displayReadMeEditMarkdown();
-    });
-}
+    }
 
-function previewReadMeAsync(callback, error) {
-    // Request source type is generated off the ReadMe tab ids.
-    var readMeType = $(".readme-tabs li.active a").data("source-type")
+    function displayReadMeEditMarkdown() {
+        $("#readme-preview-contents").html("");
+        $("#readme-preview").addClass("hidden");
 
-    var formData = new FormData();
-    formData.append("SourceType", readMeType);
+        $('.readme-tabs').children().show();
 
-    if (readMeType == "written") {
-        var readMeWritten = $("#ReadMeTextInput").val();
-        formData.append("SourceText", readMeWritten);
-    }
-    else if (readMeType == "url") {
-        var readMeUrl = $("#ReadMeUrlInput").val();
-        formData.append("SourceUrl", readMeUrl);
+        $("#edit-markdown").addClass("hidden");
+        $("#preview-html").removeClass("hidden");
     }
-    else if (readMeType == "file") {
-        var readMeFileInput = $("#ReadMeFileInput");
-        var readMeFileName = readMeFileInput && readMeFileInput[0] ? window.nuget.getFileName(readMeFileInput.val()) : null;
-        var readMeFile = readMeFileName ? readMeFileInput[0].files[0] : null;
-        formData.append("SourceFile", readMeFile);
+
+    function displayReadMeError(errorMsg) {
+        $("#readme-errors").removeClass("hidden");
+        $("#preview-readme-button").attr("disabled", "disabled");
+        $("#readme-error-content").text(errorMsg);
     }
 
-    $.ajax({
-        url: "/packages/manage/preview-readme",
-        type: "POST",
-        contentType: false,
-        processData: false,
-        data: window.nuget.addAjaxAntiForgeryToken(formData),
-        success: function (model, resultCodeString, fullResponse) {
-            clearReadMeError();
-            displayReadMePreview(model);
-        },
-        error: function (jqXHR, exception) {
-            var message = "";
-            if (jqXHR.status == 400) {
-                try {
-                    message = JSON.parse(jqXHR.responseText);
-                } catch (err) {
-                    message = "Bad request. [400]";
-                }
-            }
-            displayReadMeError(message);
+    function clearReadMeError() {
+        if (!$("#readme-errors").hasClass("hidden")) {
+            $("#readme-errors").addClass("hidden");
+            $("#readme-error-content").text("");
         }
-    });
-}
-
-function displayReadMePreview(response) {
-    $("#readme-preview-contents").html(response);
-    $("#readme-preview").removeClass("hidden");
-
-    $('.readme-tabs').children().hide();
-        
-    $("#edit-markdown").removeClass("hidden");
-    $("#preview-html").addClass("hidden");
-    clearReadMeError();
-}
-
-function displayReadMeEditMarkdown() {
-    $("#readme-preview-contents").html("");
-    $("#readme-preview").addClass("hidden");
-
-    $('.readme-tabs').children().show();
-
-    $("#edit-markdown").addClass("hidden");
-    $("#preview-html").removeClass("hidden");
-}
-
-function displayReadMeError(errorMsg) {
-    $("#readme-errors").removeClass("hidden");
-    $("#preview-readme-button").attr("disabled", "disabled");
-    $("#readme-error-content").text(errorMsg);
-}
-
-function clearReadMeError() {
-    if (!$("#readme-errors").hasClass("hidden")) {
-        $("#readme-errors").addClass("hidden");
-        $("#readme-error-content").text("");
+        $("#preview-readme-button").removeAttr("disabled");
     }
-    $("#preview-readme-button").removeAttr("disabled");
-}
+
+    return bindReadMeData;
+}());
diff --git a/src/NuGetGallery/Scripts/gallery/page-manage-organization.js b/src/NuGetGallery/Scripts/gallery/page-manage-organization.js
index a63598bce3..e22acfda95 100644
--- a/src/NuGetGallery/Scripts/gallery/page-manage-organization.js
+++ b/src/NuGetGallery/Scripts/gallery/page-manage-organization.js
@@ -258,7 +258,8 @@
 
         // Set up the data binding.
         var manageOrganizationViewModel = new ManageOrganizationViewModel(initialData);
-        ko.applyBindings(manageOrganizationViewModel, document.body);
+        var manageOrganizationMembersContainer = $('#manage-organization-members-container');
+        ko.applyBindings(manageOrganizationViewModel, manageOrganizationMembersContainer[0]);
 
         // Set up the Add Member textbox to submit upon pressing enter.
         var newMemberTextbox = $("#new-member-textbox");
diff --git a/src/NuGetGallery/Scripts/gallery/page-manage-packages.js b/src/NuGetGallery/Scripts/gallery/page-manage-packages.js
index 65ffd41c0a..e3bf6898c4 100644
--- a/src/NuGetGallery/Scripts/gallery/page-manage-packages.js
+++ b/src/NuGetGallery/Scripts/gallery/page-manage-packages.js
@@ -29,7 +29,13 @@
                 : this.PackagesListViewModel.ManagePackagesViewModel.DefaultPackageIconUrl;
             this.PackageUrl = packageItem.PackageUrl;
             this.EditUrl = packageItem.EditUrl;
+            this.SetRequiredSignerUrl = packageItem.SetRequiredSignerUrl;
             this.ManageOwnersUrl = packageItem.ManageOwnersUrl;
+            this.RequiredSignerMessage = packageItem.RequiredSignerMessage;
+            this.AllSigners = packageItem.AllSigners;
+            this.ShowRequiredSigner = packageItem.ShowRequiredSigner;
+            this.ShowTextBox = packageItem.ShowTextBox;
+            this.CanEditRequiredSigner = packageItem.CanEditRequiredSigner;
             this.DeleteUrl = packageItem.DeleteUrl;
             this.CanEdit = packageItem.CanEdit;
             this.CanManageOwners = packageItem.CanManageOwners;
@@ -39,6 +45,50 @@
                 return ko.unwrap(this.DownloadCount).toLocaleString();
             }, this);
 
+            var requiredSigner = null;
+
+            if (packageItem.RequiredSigner) {
+                if (this.ShowTextBox) {
+                    requiredSigner = packageItem.RequiredSigner.OptionText;
+                } else {
+                    requiredSigner = packageItem.RequiredSigner.Username;
+                }
+            }
+
+            this._requiredSigner = ko.observable(requiredSigner);
+
+            this.RequiredSigner = ko.pureComputed({
+                read: function () {
+                    return self._requiredSigner();
+                },
+                write: function (newSignerUsername) {
+                    var message = self.GetConfirmationMessage(packageItem, newSignerUsername);
+
+                    if (confirm(message)) {
+                        var url = packageItem.SetRequiredSignerUrl.replace("{username}", newSignerUsername);
+
+                        $.ajax({
+                            method: 'POST',
+                            url: url,
+                            cache: false,
+                            data: window.nuget.addAjaxAntiForgeryToken({}),
+                            complete: function (xhr, textStatus) {
+                                switch (xhr.status) {
+                                    case 200:
+                                    case 409:
+                                        break;
+
+                                    default:
+                                        break;
+                                }
+                            }
+                        });
+
+                        self._requiredSigner(newSignerUsername);
+                    }
+                }
+            });
+
             this.Visible = ko.observable(true);
 
             this.UpdateVisibility = function (ownerFilter) {
@@ -57,6 +107,67 @@
                 var url = this.PackagesListViewModel.ManagePackagesViewModel.PackageIconUrlFallback;
                 return "this.src='" + url + "'; this.onerror = null;";
             }, this);
+
+            this.GetConfirmationMessage = function (packageItem, newSignerUsername) {
+                var signerHasCertificate;
+                var signerIsAny = !newSignerUsername;
+                var message;
+
+                for (var index in packageItem.AllSigners) {
+                    var signer = packageItem.AllSigners[index];
+
+                    if (signer.Username === newSignerUsername) {
+                        signerHasCertificate = signer.HasCertificate;
+                        break;
+                    }
+                }
+
+                if (signerIsAny) {
+                    var anySignerWithNoCertificate = false;
+                    var anySignerWithCertificate = false;
+
+                    for (var index in packageItem.AllSigners) {
+                        var signer = packageItem.AllSigners[index];
+
+                        if (signer.HasCertificate) {
+                            anySignerWithCertificate = true;
+                        } else {
+                            anySignerWithNoCertificate = true;
+                        }
+
+                        if (!signer.Username) {
+                            newSignerUsername = signer.OptionText;
+                        }
+                    }
+
+                    message = window.nuget.formatString(strings_RequiredSigner_ThisAction, newSignerUsername) + "\n\n";
+
+                    if (anySignerWithCertificate && anySignerWithNoCertificate) {
+                        message += strings_RequiredSigner_AnyWithMixedResult;
+                    } else if (anySignerWithCertificate) {
+                        message += strings_RequiredSigner_AnyWithSignedResult;
+                    } else {
+                        message += strings_RequiredSigner_AnyWithUnsignedResult;
+                    }
+                } else {
+                    message = window.nuget.formatString(strings_RequiredSigner_ThisAction, newSignerUsername) + "\n\n";
+
+                    if (signerHasCertificate) {
+                        message += window.nuget.formatString(strings_RequiredSigner_OwnerHasAtLeastOneCertificate, newSignerUsername);
+                    } else {
+                        message += window.nuget.formatString(strings_RequiredSigner_OwnerHasNoCertificate, newSignerUsername);
+                    }
+                }
+
+                message += "\n\n" + strings_RequiredSigner_Confirm;
+
+                return message;
+            };
+
+            this.OnRequiredSignerChange = function (packageItem, event) {
+                // If the change was cancelled, we need to reset the selected value.
+                event.currentTarget.value = self._requiredSigner();
+            };
         }
 
         function PackagesListViewModel(managePackagesViewModel, type, packages) {
@@ -237,7 +348,7 @@
             if (this.Owners.length > 2) {
                 $("#ownerFilter").removeClass("hidden");
             }
-            
+
             this.ListedPackages = new PackagesListViewModel(this, "published", initialData.ListedPackages);
             this.UnlistedPackages = new PackagesListViewModel(this, "unlisted", initialData.UnlistedPackages);
             this.ReservedNamespaces = new ReservedNamespaceListViewModel(this, initialData.ReservedNamespaces);
diff --git a/src/NuGetGallery/Scripts/gallery/stats-dimensions.js b/src/NuGetGallery/Scripts/gallery/stats-dimensions.js
index bd5301e4df..9722cd7b70 100644
--- a/src/NuGetGallery/Scripts/gallery/stats-dimensions.js
+++ b/src/NuGetGallery/Scripts/gallery/stats-dimensions.js
@@ -1,151 +1,157 @@
-var renderGraph = function (baseUrl, query, clickedId) {
-    var renderGraphHandler = function (rawData) {
-        var data = JSON.parse(JSON.stringify(rawData));
-
-        $("#loading-placeholder").hide();
-        if (data != null) {
-            // Populate the data table
-            data['reportSize'] = data.Table != null ? data.Table.length : 0;
-
-            data['ShownRows'] = function (allRows) {
-                var shownRows = [];
-                var index = 0;
-                while (shownRows.length < Math.min(6, allRows.length)) {
-                    shownRows.push(allRows[index]);
-                    var currRowSpan = shownRows[index].reduce(function (currMax, nextObj) {
-                        return Math.max(currMax, nextObj != null ? nextObj.Rowspan : 0);
-                    }, 0);
-                    for (var i = 0; i < currRowSpan - 1; i++) {
-                        index++;
+var renderGraph = (function () {
+    'use strict';
+
+    var renderGraph = function (baseUrl, query, clickedId) {
+        var renderGraphHandler = function (rawData) {
+            var data = JSON.parse(JSON.stringify(rawData));
+
+            $("#loading-placeholder").hide();
+            if (data != null) {
+                // Populate the data table
+                data['reportSize'] = data.Table != null ? data.Table.length : 0;
+
+                data['ShownRows'] = function (allRows) {
+                    var shownRows = [];
+                    var index = 0;
+                    while (shownRows.length < Math.min(6, allRows.length)) {
                         shownRows.push(allRows[index]);
+                        var currRowSpan = shownRows[index].reduce(function (currMax, nextObj) {
+                            return Math.max(currMax, nextObj != null ? nextObj.Rowspan : 0);
+                        }, 0);
+                        for (var i = 0; i < currRowSpan - 1; i++) {
+                            index++;
+                            shownRows.push(allRows[index]);
+                        }
+
+                        index++;
                     }
+                    return shownRows;
+                }(data.Table != null ? data.Table : []);
 
-                    index++;
-                }
-                return shownRows;
-            }(data.Table != null ? data.Table : []);
+                data['HiddenRows'] = data.Table != null ? data.Table.slice(data['ShownRows'].length) : [];
 
-            data['HiddenRows'] = data.Table != null ? data.Table.slice(data['ShownRows'].length) : [];
+                data['SetupHiddenRows'] = setupHiddenRows.bind(this, data['HiddenRows']);
+            }
 
-            data['SetupHiddenRows'] = setupHiddenRows.bind(this, data['HiddenRows']);
-        }
+            $("#report").remove();
 
-        $("#report").remove();
+            var reportContainerElement = document.createElement("div");
+            $(reportContainerElement).attr("id", "report");
+            $(reportContainerElement).attr("data-bind", "template: { name: 'report-template', data: report }");
+            $("#report-container").append(reportContainerElement);
 
-        var reportContainerElement = document.createElement("div");
-        $(reportContainerElement).attr("id", "report");
-        $(reportContainerElement).attr("data-bind", "template: { name: 'report-template', data: report }");
-        $("#report-container").append(reportContainerElement);
+            ko.applyBindings({ report: data }, reportContainerElement);
+            // Render the graph using the data table
+            packageDisplayGraphs(rawData);
 
-        ko.applyBindings({ report: data }, reportContainerElement);
-        // Render the graph using the data table
-        packageDisplayGraphs(rawData);
+            window.nuget.configureExpander(
+                "hidden-rows",
+                "CalculatorAddition",
+                "Show less",
+                "CalculatorSubtract",
+                "Show more");
 
-        window.nuget.configureExpander(
-            "hidden-rows",
-            "CalculatorAddition",
-            "Show less",
-            "CalculatorSubtract",
-            "Show more");
-
-        // Add the click handler to the checkboxes
-        groupbyNavigation(baseUrl);
+            // Add the click handler to the checkboxes
+            groupbyNavigation(baseUrl);
 
-        // Set the focus to the checkbox that initiated this request
-        if (clickedId) {
-            $('#' + clickedId).focus();
-        }
-    };
+            // Set the focus to the checkbox that initiated this request
+            if (clickedId) {
+                $('#' + clickedId).focus();
+            }
+        };
 
 
-    $.ajax({
-        url: baseUrl + query,
-        type: 'GET',
-        dataType: 'json',
-        success: renderGraphHandler,
-        error: function () {
-            renderGraphHandler(null);
-            $("#loading-placeholder").hide();
+        $.ajax({
+            url: baseUrl + query,
+            type: 'GET',
+            dataType: 'json',
+            success: renderGraphHandler,
+            error: function () {
+                renderGraphHandler(null);
+                $("#loading-placeholder").hide();
 
-            $('#statistics-retry').click(function () {
-                renderGraph(baseUrl, query);
-            });
-        }
-    });
-}
-
-var groupbyNavigation = function (baseUrl) {
-    $('.dimension-checkbox').click(function (event) {
-        var container = $("#stats-data-display").parent();
-        $("#stats-data-display").remove();
-        $("#loading-placeholder").show();
-        var clickedId = event.target.id;
-
-        var query = '';
-        $('.dimension-checkbox').each(function (index, element) {
-            if (element.checked) {
-                if (query) {
-                    query += '&';
-                } else {
-                    query = '?';
-                }
-                query += 'groupby=' + element.value;
+                $('#statistics-retry').click(function () {
+                    renderGraph(baseUrl, query);
+                });
             }
         });
+    };
 
-        history.replaceState({}, "", query);
-        renderGraph(baseUrl, query, clickedId);
-    });
-}
+    var groupbyNavigation = function (baseUrl) {
+        $('.dimension-checkbox').click(function (event) {
+            var container = $("#stats-data-display").parent();
+            $("#stats-data-display").remove();
+            $("#loading-placeholder").show();
+            var clickedId = event.target.id;
+
+            var query = '';
+            $('.dimension-checkbox').each(function (index, element) {
+                if (element.checked) {
+                    if (query) {
+                        query += '&';
+                    } else {
+                        query = '?';
+                    }
+                    query += 'groupby=' + element.value;
+                }
+            });
 
-var setupHiddenRows = function (data) {
-    var container = $("#hidden-rows");
-    // no-op if we've already appended the hidden rows
-    if (container.children().length > 0) {
-        return;
+            history.replaceState({}, "", query);
+            renderGraph(baseUrl, query, clickedId);
+        });
     }
 
-    var tableContainer = container.parent();
-    container.remove();
-
-    var trArr = [];
-    for (var i = 0; i < data.length; i++) {
-        var tempTr = $(document.createElement("tr"));
-        var tdArr = [];
-        for (var j = 0; j < data[i].length; j++) {
-            var tempTd = $(document.createElement("td"));
-            var item = data[i][j];
-            if (item != null) {
-                tempTd.attr("class", item.IsNumeric ? "statistics-number" : "");
-                tempTd.attr("rowspan", item.Rowspan > 0 ? item.Rowspan : "");
-                var content = null;
-                if (item.Uri != null) {
-                    content = $(document.createElement("a"));
-                    content.attr("href", item.Uri);
-                    content.text(item.Data);
-                } else {
-                    var textValue = item.IsNumeric ? parseInt(item.Data).toLocaleString() : item.Data;
-                    content = $(document.createElement("span"));
-                    content.attr("aria-label", textValue);
-                    content.text(textValue);
-                }
+    var setupHiddenRows = function (data) {
+        var container = $("#hidden-rows");
+        // no-op if we've already appended the hidden rows
+        if (container.children().length > 0) {
+            return;
+        }
+
+        var tableContainer = container.parent();
+        container.remove();
+
+        var trArr = [];
+        for (var i = 0; i < data.length; i++) {
+            var tempTr = $(document.createElement("tr"));
+            var tdArr = [];
+            for (var j = 0; j < data[i].length; j++) {
+                var tempTd = $(document.createElement("td"));
+                var item = data[i][j];
+                if (item != null) {
+                    tempTd.attr("class", item.IsNumeric ? "statistics-number" : "");
+                    tempTd.attr("rowspan", item.Rowspan > 0 ? item.Rowspan : "");
+                    var content = null;
+                    if (item.Uri != null) {
+                        content = $(document.createElement("a"));
+                        content.attr("href", item.Uri);
+                        content.text(item.Data);
+                    } else {
+                        var textValue = item.IsNumeric ? parseInt(item.Data).toLocaleString() : item.Data;
+                        content = $(document.createElement("span"));
+                        content.attr("aria-label", textValue);
+                        content.text(textValue);
+                    }
 
-                tempTd.append(content);
-                tdArr.push(tempTd);
+                    tempTd.append(content);
+                    tdArr.push(tempTd);
+                }
             }
+            tempTr.append(tdArr);
+            trArr.push(tempTr);
         }
-        tempTr.append(tdArr);
-        trArr.push(tempTr);
+
+        container.append(trArr);
+        tableContainer.append(container);
+
+        // When we remove the 'hidden-rows' element from the container above, we apparently kill all the event handlers on it. So reattach here.
+        window.nuget.configureExpander(
+            "hidden-rows",
+            "CalculatorAddition",
+            "Show less",
+            "CalculatorSubtract",
+            "Show more");
     }
 
-    container.append(trArr);
-    tableContainer.append(container);
-
-    // When we remove the 'hidden-rows' element from the container above, we apparently kill all the event handlers on it. So reattach here.
-    window.nuget.configureExpander(
-        "hidden-rows",
-        "CalculatorAddition",
-        "Show less",
-        "CalculatorSubtract",
-        "Show more");
-}
\ No newline at end of file
+    return renderGraph;
+}());
diff --git a/src/NuGetGallery/Scripts/gallery/stats-perpackagestatsgraphs.js b/src/NuGetGallery/Scripts/gallery/stats-perpackagestatsgraphs.js
index 73c7e4202f..44f3cd7c3d 100644
--- a/src/NuGetGallery/Scripts/gallery/stats-perpackagestatsgraphs.js
+++ b/src/NuGetGallery/Scripts/gallery/stats-perpackagestatsgraphs.js
@@ -1,291 +1,295 @@
-
-var graphData;
-// This number is from trial and error and seeing what fit in the space
-var axisLabelCharLimit = 19;
-
-var packageDisplayGraphs = function (data) {
-    window.graphData = data;
-    $("#stats-graph-svg").remove();
-    switch (data.Id) {
-        case 'report-Version':
-            drawDownloadsByVersionBarChart(data);
-            break;
-        case 'report-ClientName':
-            drawDownloadsByClientNameBarChart(data);
-            break;
-        default:
-            break;
-    }
-}
-
-var drawDownloadsByVersionBarChart = function (rawData) {
-
-    //  scrape data if we don't get a model
-    var data = GetChartData(rawData, function (item) { return false; });
-
-    if (data.length <= 0) {
-        d3.selectAll('#report-Version .statistics-data tbody tr').each(function () {
-            var item = {
-                label: d3.select(this).select(':nth-child(1)').text().replace(/(^\s*)|(\s*$)/g, ''),
-                downloads: +(d3.select(this).select(':nth-child(2)').text().replace(/[^0-9]+/g, ''))
-            };
-            data[data.length] = item;
-        });
-    }
-
-    // we get descending order from server. Reverse so we can cut the right versions.
-    data.reverse();
-
-    if (data.length < 1) {
-        return;
-    }
-
-    //  limit the bar graph to the most recent 15 versions
-    if (data.length > 15) {
-        data = data.slice(data.length - 15, data.length);
-    }
-
-    //  draw graph
-    var reportGraphWidth = $('#statistics-graph-id').width();
-
-    reportGraphWidth = Math.min(reportGraphWidth, 1170);
-
-    var margin = { top: 40, right: 10, bottom: 130, left: 45 },
-        width = reportGraphWidth - margin.left - margin.right,
-        height = 450 - margin.top - margin.bottom;
-
-    var xScale = d3.scale.ordinal()
-        .rangeRoundBands([10, width], .1);
-
-    var yScale = d3.scale.linear()
-        .range([height, 0]);
-
-    var xAxis = d3.svg.axis()
-        .scale(xScale)
-        .orient('bottom')
-        .tickFormat(function (d) {
-            return d.substring(0, axisLabelCharLimit) + (d.length > axisLabelCharLimit? "..." :"");
-        });
-
-    var yAxis = d3.svg.axis()
-        .scale(yScale)
-        .orient('left')
-        .tickFormat(function (d) {
-            return GetShortNumberString(d);
-        });
-
-    var svg = d3.select('#statistics-graph-id')
-        .append('svg')
-        .attr('id', 'stats-graph-svg')
-        .attr('width', width + margin.left + margin.right)
-        .attr('height', height + margin.top + margin.bottom);
-
-    svg.append('title').text('Downloads By Version');
-    svg.append('desc').text('This is a graph showing the number of downloads of this Package broken out by version.');
-
-    svg = svg.append('g').attr('transform', 'translate(' + margin.left + ',' + margin.top + ')');
-
-    xScale.domain(data.map(function (d) { return d.label; }));
-    yScale.domain([0, d3.max(data, function (d) { return d.downloads; })]);
-
-    //  the use of dx attribute on the text element is correct, however, the negative shift doesn't appear to work on Firefox
-    //  the workaround employed here is to add a translation to the rotation transform
-
-    svg.append("g")
-        .attr("class", "x axis long")
-        .attr("transform", "translate(0," + height + ")")
-        .call(xAxis)
-        .selectAll("text")
-        .style("text-anchor", "end")
-        //.attr("dx", "-.8em")
-        .attr("dy", ".15em")
-        .attr("transform", function (d) {
-            return "rotate(-65),translate(-10,0)";
-        });
-
-    svg.selectAll(".bar")
-        .data(data)
-        .enter()
-        .append("rect")
-        .attr("class", "bar")
-        .attr("x", function (d) { return xScale(d.label); })
-        .attr("width", xScale.rangeBand())
-        .attr("y", function (d) { return yScale(d.downloads); })
-        .attr("height", function (d) { return height - yScale(d.downloads); })
-        .append("title").text(function (d) { return d.downloads + " Downloads"; });
-
-    svg.append("foreignObject")
-        .attr("x", "1.71em")
-        .attr("y", -10)
-        .attr("width", width - 20 + "px")
-        .attr("height", "2em")
-        .attr("font-weight", "bold")
-        .append("xhtml:body")
-        .append("p")
-        .attr("style", "text-align:center")
-        .text("Downloads for 15 Latest Package Versions (Last 6 weeks)");
-
-    svg.append("g")
-        .attr("class", "y axis")
-        .call(yAxis)
-        .append("text")
-        .attr("transform", "rotate(-90)")
-        .attr("y", 6)
-        .attr("dy", ".71em")
-        .style("text-anchor", "end")
-        .text("Downloads");
-}
-
-var drawDownloadsByClientNameBarChart = function (rawData) {
-
-    //  scrape data
-
-    var data = GetChartData(rawData, function (item) {
-        return item.label === '(unknown)';
-    });
-
-    if (data.length <= 0) {
-        d3.selectAll('#report-ClientName .statistics-data tbody tr').each(function () {
-            var item = {
-                label: d3.select(this).select(':nth-child(1)').text().replace(/(^\s*)|(\s*$)/g, ''),
-                downloads: +(d3.select(this).select(':nth-child(2)').text().replace(/[^0-9]+/g, ''))
-            };
-
-            //  filter out unknown
-            if (item.label !== '(unknown)') {
+var packageDisplayGraphs = (function () {
+    'use strict';
+
+    var graphData;
+    // This number is from trial and error and seeing what fit in the space
+    var axisLabelCharLimit = 19;
+
+    var packageDisplayGraphs = function (data) {
+        window.graphData = data;
+        $("#stats-graph-svg").remove();
+        switch (data.Id) {
+            case 'report-Version':
+                drawDownloadsByVersionBarChart(data);
+                break;
+            case 'report-ClientName':
+                drawDownloadsByClientNameBarChart(data);
+                break;
+            default:
+                break;
+        }
+    };
+
+    var drawDownloadsByVersionBarChart = function (rawData) {
+
+        //  scrape data if we don't get a model
+        var data = GetChartData(rawData, function (item) { return false; });
+
+        if (data.length <= 0) {
+            d3.selectAll('#report-Version .statistics-data tbody tr').each(function () {
+                var item = {
+                    label: d3.select(this).select(':nth-child(1)').text().replace(/(^\s*)|(\s*$)/g, ''),
+                    downloads: +(d3.select(this).select(':nth-child(2)').text().replace(/[^0-9]+/g, ''))
+                };
                 data[data.length] = item;
-            }
-        });
-    }
-
-    data.reverse();
-
-    if (data.length < 1) {
-        return;
+            });
+        }
+
+        // we get descending order from server. Reverse so we can cut the right versions.
+        data.reverse();
+
+        if (data.length < 1) {
+            return;
+        }
+
+        //  limit the bar graph to the most recent 15 versions
+        if (data.length > 15) {
+            data = data.slice(data.length - 15, data.length);
+        }
+
+        //  draw graph
+        var reportGraphWidth = $('#statistics-graph-id').width();
+
+        reportGraphWidth = Math.min(reportGraphWidth, 1170);
+
+        var margin = { top: 40, right: 10, bottom: 130, left: 45 },
+            width = reportGraphWidth - margin.left - margin.right,
+            height = 450 - margin.top - margin.bottom;
+
+        var xScale = d3.scale.ordinal()
+            .rangeRoundBands([10, width], .1);
+
+        var yScale = d3.scale.linear()
+            .range([height, 0]);
+
+        var xAxis = d3.svg.axis()
+            .scale(xScale)
+            .orient('bottom')
+            .tickFormat(function (d) {
+                return d.substring(0, axisLabelCharLimit) + (d.length > axisLabelCharLimit ? "..." : "");
+            });
+
+        var yAxis = d3.svg.axis()
+            .scale(yScale)
+            .orient('left')
+            .tickFormat(function (d) {
+                return GetShortNumberString(d);
+            });
+
+        var svg = d3.select('#statistics-graph-id')
+            .append('svg')
+            .attr('id', 'stats-graph-svg')
+            .attr('width', width + margin.left + margin.right)
+            .attr('height', height + margin.top + margin.bottom);
+
+        svg.append('title').text('Downloads By Version');
+        svg.append('desc').text('This is a graph showing the number of downloads of this Package broken out by version.');
+
+        svg = svg.append('g').attr('transform', 'translate(' + margin.left + ',' + margin.top + ')');
+
+        xScale.domain(data.map(function (d) { return d.label; }));
+        yScale.domain([0, d3.max(data, function (d) { return d.downloads; })]);
+
+        //  the use of dx attribute on the text element is correct, however, the negative shift doesn't appear to work on Firefox
+        //  the workaround employed here is to add a translation to the rotation transform
+
+        svg.append("g")
+            .attr("class", "x axis long")
+            .attr("transform", "translate(0," + height + ")")
+            .call(xAxis)
+            .selectAll("text")
+            .style("text-anchor", "end")
+            //.attr("dx", "-.8em")
+            .attr("dy", ".15em")
+            .attr("transform", function (d) {
+                return "rotate(-65),translate(-10,0)";
+            });
+
+        svg.selectAll(".bar")
+            .data(data)
+            .enter()
+            .append("rect")
+            .attr("class", "bar")
+            .attr("x", function (d) { return xScale(d.label); })
+            .attr("width", xScale.rangeBand())
+            .attr("y", function (d) { return yScale(d.downloads); })
+            .attr("height", function (d) { return height - yScale(d.downloads); })
+            .append("title").text(function (d) { return d.downloads + " Downloads"; });
+
+        svg.append("foreignObject")
+            .attr("x", "1.71em")
+            .attr("y", -10)
+            .attr("width", width - 20 + "px")
+            .attr("height", "2em")
+            .attr("font-weight", "bold")
+            .append("xhtml:body")
+            .append("p")
+            .attr("style", "text-align:center")
+            .text("Downloads for 15 Latest Package Versions (Last 6 weeks)");
+
+        svg.append("g")
+            .attr("class", "y axis")
+            .call(yAxis)
+            .append("text")
+            .attr("transform", "rotate(-90)")
+            .attr("y", 6)
+            .attr("dy", ".71em")
+            .style("text-anchor", "end")
+            .text("Downloads");
     }
 
-    //  draw graph
+    var drawDownloadsByClientNameBarChart = function (rawData) {
 
-    var reportGraphWidth = $('#statistics-graph-id').width();
-    reportGraphWidth = Math.min(reportGraphWidth, 1170);
+        //  scrape data
 
-    var margin = { top: 40, right: 10, bottom: 50, left: 150 },
-        width = reportGraphWidth - margin.left - margin.right,
-        height = Math.max(550, data.length * 25) - margin.top - margin.bottom;
-
-    var xScale = d3.scale.linear()
-        .range([0, width - 50]);
-    var yScale = d3.scale.ordinal()
-        .rangeRoundBands([height, 20], .1);
-
-    var xAxis = d3.svg.axis()
-        .scale(xScale)
-        .orient('bottom')
-        .tickFormat(function (d) {
-            return GetShortNumberString(d);
+        var data = GetChartData(rawData, function (item) {
+            return item.label === '(unknown)';
         });
 
-    var yAxis = d3.svg.axis()
-        .scale(yScale)
-        .orient('left')
-        .tickFormat(function (d) {
-            return d.substring(0, axisLabelCharLimit) + (d.length > axisLabelCharLimit ? "..." : "");
-        });
-
-    var svg = d3.select('#statistics-graph-id')
-        .append('svg')
-        .attr('id', 'stats-graph-svg')
-        .attr('width', width + margin.left + margin.right)
-        .attr('height', height + margin.top + margin.bottom);
-
-    svg.append('title').text('Downloads By Client');
-    svg.append('desc').text('This is a graph showing the number of downloads of this Package broken out by client.');
-
-    svg = svg.append('g').attr('transform', 'translate(' + margin.left + ',' + margin.top + ')');
-
-    xScale.domain([0, d3.max(data, function (d) { return d.downloads; })]);
-    yScale.domain(data.map(function (d) { return d.label; }));
-
-    //  the use of dx attribute on the text element is correct, however, the negative shift doesn't appear to work on Firefox
-    //  the workaround employed here is to add a translation to the rotation transform
-
-    svg.append("g")
-        .attr("class", "x axis")
-        .attr("transform", "translate(0," + height + ")")
-        .call(xAxis);
-
-    svg.selectAll(".bar")
-        .data(data)
-        .enter()
-        .append("rect")
-        .attr("class", "bar")
-        .attr("x", 0)
-        .attr("width", function (d) { return xScale(d.downloads); })
-        .attr("y", function (d) { return yScale(d.label); })
-        .attr("height", yScale.rangeBand())
-        .append("title").text(function (d) { return d.downloads.toLocaleString() + " Downloads"; });
-
-    svg.append("foreignObject")
-        .attr("x", 0)
-        .attr("y", -10)
-        .attr("width", width + "px")
-        .attr("height", "2em")
-        .attr("font-weight", "bold")
-        .append("xhtml:body")
-        .append("p")
-        .attr("style", "text-align:center")
-        .text("Downloads by Client (Last 6 weeks)");
-
-    svg.append("g")
-        .attr("class", "y axis long")
-        .call(yAxis);
-}
-
-var GetChartData = function (rawData, filter) {
-    var data = [];
-
-    if (rawData.Table && rawData.Table.length > 0) {
-        rawData.Table.forEach(function (dataPoint) {
-            var item = {
-                label: dataPoint[0].Data,
-                downloads: window.nuget.parseNumber(dataPoint[1].Data)
-            };
-
-            if (!filter(item)) {
-                data[data.length] = item;
-            }
-        });
+        if (data.length <= 0) {
+            d3.selectAll('#report-ClientName .statistics-data tbody tr').each(function () {
+                var item = {
+                    label: d3.select(this).select(':nth-child(1)').text().replace(/(^\s*)|(\s*$)/g, ''),
+                    downloads: +(d3.select(this).select(':nth-child(2)').text().replace(/[^0-9]+/g, ''))
+                };
+
+                //  filter out unknown
+                if (item.label !== '(unknown)') {
+                    data[data.length] = item;
+                }
+            });
+        }
+
+        data.reverse();
+
+        if (data.length < 1) {
+            return;
+        }
+
+        //  draw graph
+
+        var reportGraphWidth = $('#statistics-graph-id').width();
+        reportGraphWidth = Math.min(reportGraphWidth, 1170);
+
+        var margin = { top: 40, right: 10, bottom: 50, left: 150 },
+            width = reportGraphWidth - margin.left - margin.right,
+            height = Math.max(550, data.length * 25) - margin.top - margin.bottom;
+
+        var xScale = d3.scale.linear()
+            .range([0, width - 50]);
+        var yScale = d3.scale.ordinal()
+            .rangeRoundBands([height, 20], .1);
+
+        var xAxis = d3.svg.axis()
+            .scale(xScale)
+            .orient('bottom')
+            .tickFormat(function (d) {
+                return GetShortNumberString(d);
+            });
+
+        var yAxis = d3.svg.axis()
+            .scale(yScale)
+            .orient('left')
+            .tickFormat(function (d) {
+                return d.substring(0, axisLabelCharLimit) + (d.length > axisLabelCharLimit ? "..." : "");
+            });
+
+        var svg = d3.select('#statistics-graph-id')
+            .append('svg')
+            .attr('id', 'stats-graph-svg')
+            .attr('width', width + margin.left + margin.right)
+            .attr('height', height + margin.top + margin.bottom);
+
+        svg.append('title').text('Downloads By Client');
+        svg.append('desc').text('This is a graph showing the number of downloads of this Package broken out by client.');
+
+        svg = svg.append('g').attr('transform', 'translate(' + margin.left + ',' + margin.top + ')');
+
+        xScale.domain([0, d3.max(data, function (d) { return d.downloads; })]);
+        yScale.domain(data.map(function (d) { return d.label; }));
+
+        //  the use of dx attribute on the text element is correct, however, the negative shift doesn't appear to work on Firefox
+        //  the workaround employed here is to add a translation to the rotation transform
+
+        svg.append("g")
+            .attr("class", "x axis")
+            .attr("transform", "translate(0," + height + ")")
+            .call(xAxis);
+
+        svg.selectAll(".bar")
+            .data(data)
+            .enter()
+            .append("rect")
+            .attr("class", "bar")
+            .attr("x", 0)
+            .attr("width", function (d) { return xScale(d.downloads); })
+            .attr("y", function (d) { return yScale(d.label); })
+            .attr("height", yScale.rangeBand())
+            .append("title").text(function (d) { return d.downloads.toLocaleString() + " Downloads"; });
+
+        svg.append("foreignObject")
+            .attr("x", 0)
+            .attr("y", -10)
+            .attr("width", width + "px")
+            .attr("height", "2em")
+            .attr("font-weight", "bold")
+            .append("xhtml:body")
+            .append("p")
+            .attr("style", "text-align:center")
+            .text("Downloads by Client (Last 6 weeks)");
+
+        svg.append("g")
+            .attr("class", "y axis long")
+            .call(yAxis);
     }
 
-    return data;
-}
+    var GetChartData = function (rawData, filter) {
+        var data = [];
 
-var GetShortNumberString = function (number) {
-    if (number == 0) {
-        return "0";
-    }
+        if (rawData.Table && rawData.Table.length > 0) {
+            rawData.Table.forEach(function (dataPoint) {
+                var item = {
+                    label: dataPoint[0].Data,
+                    downloads: window.nuget.parseNumber(dataPoint[1].Data)
+                };
 
-    var abbreviation = ["", "k", "M", "B", "T", "q", "Q", "s", "S", "o", "n"];
-    var numDiv = 0;
-    while (number >= 1000) {
-        number = number / 1000.0;
-        numDiv++;
-    }
+                if (!filter(item)) {
+                    data[data.length] = item;
+                }
+            });
+        }
 
-    rounded = Math.floor(number);
-    if (rounded >= 100) {
-        number = number.toPrecision(3);
-    } else {
-        number = number.toPrecision(2);
+        return data;
     }
 
-    if (numDiv >= abbreviation.Length) {
-        return number + "10^" + numDiv*3;
+    var GetShortNumberString = function (number) {
+        if (number == 0) {
+            return "0";
+        }
+
+        var abbreviation = ["", "k", "M", "B", "T", "q", "Q", "s", "S", "o", "n"];
+        var numDiv = 0;
+        while (number >= 1000) {
+            number = number / 1000.0;
+            numDiv++;
+        }
+
+        var rounded = Math.floor(number);
+        if (rounded >= 100) {
+            number = number.toPrecision(3);
+        } else {
+            number = number.toPrecision(2);
+        }
+
+        if (numDiv >= abbreviation.Length) {
+            return number + "10^" + numDiv * 3;
+        }
+        return number + abbreviation[numDiv];
     }
-    return number + abbreviation[numDiv];
-}
 
+    $(window).resize(function () {
+        packageDisplayGraphs(graphData);
+    });
 
-$(window).resize(function () {
-    packageDisplayGraphs(graphData);
-});
\ No newline at end of file
+    return packageDisplayGraphs;
+}());
diff --git a/src/NuGetGallery/Scripts/nugetgallery.js b/src/NuGetGallery/Scripts/nugetgallery.js
index 8560a05709..c703aaca4f 100644
--- a/src/NuGetGallery/Scripts/nugetgallery.js
+++ b/src/NuGetGallery/Scripts/nugetgallery.js
@@ -1,14 +1,20 @@
 // Global utility script for NuGetGallery
 /// <reference path="jquery-1.11.0.js" />
 
-// Shared function for adding an anti-forgery token defined by ViewHelpers.AjaxAntiForgeryToken to an ajax request
-function addAjaxAntiForgeryToken(data) {
-    var $field = $("#AntiForgeryForm input[name=__RequestVerificationToken]");
-    data["__RequestVerificationToken"] = $field.val();
-    return data;
-}
+var addAjaxAntiForgeryToken = (function () {
+    'use strict';
+
+    // Shared function for adding an anti-forgery token defined by ViewHelpers.AjaxAntiForgeryToken to an ajax request
+    return function (data) {
+        var $field = $("#AntiForgeryForm input[name=__RequestVerificationToken]");
+        data["__RequestVerificationToken"] = $field.val();
+        return data;
+    };
+}());
 
 (function (window, $, undefined) {
+    'use strict';
+
     $(function () {
         // Export an object with global config data
         var app = $(document.documentElement).data();
diff --git a/src/NuGetGallery/Scripts/stats.js b/src/NuGetGallery/Scripts/stats.js
deleted file mode 100644
index 7b206d0d56..0000000000
--- a/src/NuGetGallery/Scripts/stats.js
+++ /dev/null
@@ -1,66 +0,0 @@
-function getStats(currData) {
-    currData = currData || {};
-
-    $.get(window.app.root + 'stats/totals', function (data) {
-        var section = $('section.aggstats');
-        section.show();
-        update(data, currData, 'UniquePackages');
-        update(data, currData, 'Downloads');
-        update(data, currData, 'TotalPackages');
-    }).error(function () {
-        // Don't show the stats error anymore.  Just fail silently.
-        // var section = $('section.aggstatserr');
-        // section.show();
-    });
-}
-
-function update(data, currData, key) {
-    var currentValue = currData[key] || '';
-    var value = data[key].toString();
-    var self = $('#' + key);
-
-    if (currentValue != value) {
-        currData[key] = value;
-        var length = value.length;
-        var currLength = currentValue.length;
-        var items = self.children('span');
-
-        if (currLength > length) {
-            items.slice(0, currLength - length).remove();
-            items = items.slice(currLength - length);
-        }
-
-        if (currLength) {
-            // Do not animate the first time around.
-            $.each(value.split('').reverse(), function (i, e) {
-                var c = (i <= currLength) ? currentValue.charAt(currLength - i - 1) : '';
-                if (c != e) {
-                    var el = $(items[length - i - 1]);
-                    animateEl(el, e);
-                }
-            });
-        }
-        if (currLength < length) {
-            var i;
-            for (i = currLength; i < length; i++) {
-                self.prepend('<span>' + value.charAt(length - i - 1) + '</span>');
-            }
-            items = self.children('span');
-        }
-    }
-}
-
-function animateEl(el, v) {
-    v = v || '';
-    var parent = el.parent();
-    el.stop(true, true).animate({ top: 0.3 * parseInt(parent.height()) }, 350, 'linear', function () {
-        $(this).html(v).css({ top: -0.8 * parseInt(parent.height()) }).animate({ top: 0 }, 350, 'linear');
-    });
-}
-
-$(document).ready(function () {
-    var elem = document.getElementsByClassName("aggstats");
-    if (elem != null && elem.length > 0) {
-        getStats();
-    }
-});
diff --git a/src/NuGetGallery/Scripts/statsgraphs.js b/src/NuGetGallery/Scripts/statsgraphs.js
deleted file mode 100644
index 719210ddd9..0000000000
--- a/src/NuGetGallery/Scripts/statsgraphs.js
+++ /dev/null
@@ -1,165 +0,0 @@
-var drawNugetClientVersionBarChart = function () {
-
-    var margin = { top: 20, right: 30, bottom: 80, left: 80 },
-        width = 460 - margin.left - margin.right,
-        height = 320 - margin.top - margin.bottom;
-
-    var xScale = d3.scale.ordinal()
-        .rangeRoundBands([0, width], .1);
-
-    var yScale = d3.scale.linear()
-        .range([height, 0]);
-
-    var xAxis = d3.svg.axis()
-        .scale(xScale)
-        .orient('bottom');
-
-    var yAxis = d3.svg.axis()
-        .scale(yScale)
-        .orient('left');
-
-    var svg = d3.select('#downloads-by-nuget-version').append('svg')
-        .attr('width', width + margin.left + margin.right)
-        .attr('height', height + margin.top + margin.bottom);
-
-    svg.append('title').text('NuGet Client Usage (Last 6 Weeks)');
-    svg.append('desc').text('This is a graph showing the number of downloads by each version of the NuGet client over the last six weeks.');
-
-    svg = svg.append('g').attr('transform', 'translate(' + margin.left + ',' + margin.top + ')');
-
-    var data = [];
-
-    d3.selectAll('#downloads-by-nuget-version tbody tr').each(function () {
-        var item = {
-            nugetVersion: d3.select(this).select(':nth-child(1)').text(),
-            downloads: +(d3.select(this).select(':nth-child(2)').text().replace(/[^0-9]+/g, '')),
-            percentage: d3.select(this).select(':nth-child(3)').text(),
-        };
-        data[data.length] = item;
-    });
-
-    xScale.domain(data.map(function (d) { return d.nugetVersion; }));
-    yScale.domain([0, d3.max(data, function (d) { return d.downloads; })]);
-
-    //  the use of dx attribute on the text element is correct, however, the negative shift doesn't appear to work on Firefox
-    //  the workaround employed here is to add a translation to the rotation transform
-
-    svg.append("g")
-        .attr("class", "x axis")
-        .attr("transform", "translate(0," + height + ")")
-        .call(xAxis)
-        .selectAll("text")
-        .style("text-anchor", "end")
-        //.attr("dx", "-.8em")
-        .attr("dy", ".15em")
-        .attr("transform", function (d) {
-            return "rotate(-65),translate(-10,0)"
-        });
-
-    svg.append("g")
-        .attr("class", "y axis")
-        .call(yAxis)
-        .append("text")
-        .attr("transform", "rotate(-90)")
-        .attr("y", 6)
-        .attr("dy", ".71em")
-        .style("text-anchor", "end")
-        .text("Downloads");
-
-    svg.selectAll(".bar")
-        .data(data)
-        .enter()
-        .append("rect")
-            .attr("class", "bar")
-            .attr("x", function (d) { return xScale(d.nugetVersion); })
-            .attr("width", xScale.rangeBand())
-            .attr("y", function (d) { return yScale(d.downloads); })
-            .attr("height", function (d) { return height - yScale(d.downloads); })
-        .append("title")
-            .text(function (d) { return d.percentage; });
-}
-
-var drawMonthlyDownloadsLineChart = function () {
-
-    var margin = { top: 20, right: 20, bottom: 80, left: 80 },
-        width = 400 - margin.left - margin.right,
-        height = 300 - margin.top - margin.bottom;
-
-    var xScale = d3.scale.ordinal()
-        .rangePoints([0, width]);
-
-    var yScale = d3.scale.linear()
-        .range([height, 0]);
-
-    var xAxis = d3.svg.axis()
-        .scale(xScale)
-        .orient('bottom');
-
-    var yAxis = d3.svg.axis()
-        .scale(yScale)
-        .orient('left');
-
-    var data = [];
-
-    d3.selectAll('#downloads-per-month tbody tr').each(function () {
-        var item = {
-            month: d3.select(this).select(':nth-child(1)').text(),
-            downloads: +(d3.select(this).select(':nth-child(2)').text().replace(/[^0-9]+/g, ''))
-        };
-        data[data.length] = item;
-    });
-
-    var line = d3.svg.line()
-        .x(function (d) { return xScale(d.month); })
-        .y(function (d) { return yScale(d.downloads); });
-
-    var svg = d3.select("#downloads-per-month").append("svg")
-        .attr("width", width + margin.left + margin.right)
-        .attr("height", height + margin.top + margin.bottom);
-
-    svg.append('title').text('Packages Downloaded - Month to Date');
-    svg.append('desc').text('This is a graph showing the number of downloads from NuGet per month.');
-
-    svg = svg.append("g").attr("transform", "translate(" + margin.left + "," + margin.top + ")");
-
-    xScale.domain(data.map(function (d) { return d.month; }));
-    yScale.domain([0, d3.max(data, function (d) { return d.downloads; })]);
-
-    //  the use of dx attribute on the text element is correct, however, the negative shift doesn't appear to work on Firefox
-    //  the workaround employed here is to add a translation to the rotation transform
-
-    svg.append("g")
-        .attr("class", "x axis")
-        .attr("transform", "translate(0," + height + ")")
-        .call(xAxis)
-        .selectAll("text")
-        .style("text-anchor", "end")
-        //.attr("dx", "-.8em")
-        .attr("dy", ".15em")
-        .attr("transform", function (d) {
-            return "rotate(-65),translate(-10,0)"
-        });
-
-    svg.append("g")
-        .attr("class", "y axis")
-        .call(yAxis);
-
-    svg.append("path")
-        .datum(data)
-        .attr("class", "line")
-        .attr("d", line);
-
-    var formatDownloads = d3.format(',');
-
-    svg.selectAll('.point')
-        .data(data)
-        .enter()
-        .append("svg:circle")
-        .attr("class", "line-graph-dot")
-        .attr("cx", function (d) { return xScale(d.month); })
-        .attr("cy", function (d) { return yScale(d.downloads); })
-        .attr("r", 5)
-        .append("title")
-            .text(function (d) { return formatDownloads(d.downloads); });
-}
-
diff --git a/src/NuGetGallery/Scripts/supportrequests.js b/src/NuGetGallery/Scripts/supportrequests.js
index daa4571150..2c48b21bda 100644
--- a/src/NuGetGallery/Scripts/supportrequests.js
+++ b/src/NuGetGallery/Scripts/supportrequests.js
@@ -1,277 +1,294 @@
-function HistoryViewModel() {
-    var $self = this;
-
-    this.issue = ko.observable();
-    this.historyEntries = ko.observableArray();
-};
-
-function EditViewModel(editUrl) {
-    var $self = this;
-
-    this.issue = ko.observable();
-    this.editAssignedToId = ko.observable();
-    this.editIssueStatusId = ko.observable();
-    this.editIssueComment = ko.observable();
-    this.assignedToChoices = ko.observableArray();
-    this.issueStatusChoices = ko.observableArray();
-
-    this.updateSupportRequest = function (success, error) {
-        var model = {
-            issueKey: $self.issue.Key,
-            assignedToId: $self.editAssignedToId,
-            issueStatusId: $self.editIssueStatusId,
-            comment: $self.editIssueComment()
-        };
-
-        $.ajax({
-            url: editUrl,
-            type: 'POST',
-            cache: false,
-            dataType: 'json',
-            data: addAjaxAntiForgeryToken(model),
-            success: success
-        })
-        .error(error);
-    }
-}
-
-function SupportRequestsViewModel(editUrl, filterUrl, historyUrl) {
-    var $self = this;
-
-    this.editUrl = editUrl;
-    this.filterUrl = filterUrl;
-    this.historyUrl = historyUrl;
-    this.editSupportRequestForm = $('#editSupportRequest-form').get(0);
-    this.editAssignedToCtrl = $('#editAssignedTo').get(0);
-    this.editIssueStatusCtrl = $('#editIssueStatus').get(0);
-    this.editIssueCommentCtrl = $('#editIssueComment').get(0);
-    this.historyTableCtrl = $('#history-table').get(0);
-
-    this.assignedToFilter = ko.observable();
-    this.issueStatusIdFilter = ko.observable();
-    this.reasonFilter = ko.observable();
-    this.pageNumber = ko.observable(1);
-    this.maxPageNumber = ko.observable(1);
-    this.take = ko.observable(30);
-
-    this.hasPreviousPage = ko.computed(function () {
-        return $self.pageNumber() > 1;
-    });
+var HistoryViewModel = (function () {
+    'use strict';
 
-    this.hasNextPage = ko.computed(function () {
-        return $self.pageNumber() < $self.maxPageNumber();
-    });
+    return function () {
+        var $self = this;
 
-    this.goToPreviousPage = function () {
-        $self.filter($self.pageNumber() - 1, $self.take());
+        this.issue = ko.observable();
+        this.historyEntries = ko.observableArray();
     };
-    this.goToNextPage = function () {
-        $self.filter($self.pageNumber() + 1, $self.take());
+}());
+
+var EditViewModel = (function () {
+    'use strict';
+
+    return function (editUrl) {
+        var $self = this;
+
+        this.issue = ko.observable();
+        this.editAssignedToId = ko.observable();
+        this.editIssueStatusId = ko.observable();
+        this.editIssueComment = ko.observable();
+        this.assignedToChoices = ko.observableArray();
+        this.issueStatusChoices = ko.observableArray();
+
+        this.updateSupportRequest = function (success, error) {
+            var model = {
+                issueKey: $self.issue.Key,
+                assignedToId: $self.editAssignedToId,
+                issueStatusId: $self.editIssueStatusId,
+                comment: $self.editIssueComment()
+            };
+
+            $.ajax({
+                url: editUrl,
+                type: 'POST',
+                cache: false,
+                dataType: 'json',
+                data: addAjaxAntiForgeryToken(model),
+                success: success
+            })
+                .error(error);
+        }
     };
-
-    this.filteredIssues = ko.observableArray();
-    this.assignedToChoices = ko.observableArray();
-    this.issueStatusChoices = ko.observableArray();
-    this.reasonChoices = ko.observableArray();
-
-    this.styleButtons = function () {
-        $('a.editButton').button(
-        {
-            icons: {
-                primary: 'ui-icon-pencil'
-            }
+}());
+
+var SupportRequestsViewModel = (function () {
+    'use strict';
+
+    return function (editUrl, filterUrl, historyUrl) {
+        var $self = this;
+
+        this.editUrl = editUrl;
+        this.filterUrl = filterUrl;
+        this.historyUrl = historyUrl;
+        this.editSupportRequestForm = $('#editSupportRequest-form').get(0);
+        this.editAssignedToCtrl = $('#editAssignedTo').get(0);
+        this.editIssueStatusCtrl = $('#editIssueStatus').get(0);
+        this.editIssueCommentCtrl = $('#editIssueComment').get(0);
+        this.historyTableCtrl = $('#history-table').get(0);
+
+        this.assignedToFilter = ko.observable();
+        this.issueStatusIdFilter = ko.observable();
+        this.reasonFilter = ko.observable();
+        this.pageNumber = ko.observable(1);
+        this.maxPageNumber = ko.observable(1);
+        this.take = ko.observable(30);
+
+        this.hasPreviousPage = ko.computed(function () {
+            return $self.pageNumber() > 1;
         });
-        $('a.historyButton').button(
-        {
-            icons: {
-                primary: 'ui-icon-clock'
-            }
-        });
-        $('a.contactButton').button(
-        {
-            icons: {
-                primary: 'ui-icon-mail-closed'
-            }
+
+        this.hasNextPage = ko.computed(function () {
+            return $self.pageNumber() < $self.maxPageNumber();
         });
-    }
 
-    this.updateSupportRequest = function () {
-        var updatedViewModel = ko.dataFor($self.editSupportRequestForm);
+        this.goToPreviousPage = function () {
+            $self.filter($self.pageNumber() - 1, $self.take());
+        };
+        this.goToNextPage = function () {
+            $self.filter($self.pageNumber() + 1, $self.take());
+        };
 
-        updatedViewModel.updateSupportRequest(
-            function () {
-                $self.pageNumber(0);
-                $self.filter();
-                $self.editSupportRequestDialog.dialog("close");
-            },
-            function (jqXhr, textStatus, errorThrown) {
-                alert("Error: " + errorThrown);
-            });
-    }
-
-    this.historyDialog = $('#history-dialog').dialog({
-        autoOpen: false,
-        modal: true,
-        width: 800,
-        overlay: {
-            backgroundColor: '#000',
-            opacity: 0.5
-        },
-        buttons: {
-            "Close": function () {
-                $self.historyDialog.dialog("close");
-            }
+        this.filteredIssues = ko.observableArray();
+        this.assignedToChoices = ko.observableArray();
+        this.issueStatusChoices = ko.observableArray();
+        this.reasonChoices = ko.observableArray();
+
+        this.styleButtons = function () {
+            $('a.editButton').button(
+                {
+                    icons: {
+                        primary: 'ui-icon-pencil'
+                    }
+                });
+            $('a.historyButton').button(
+                {
+                    icons: {
+                        primary: 'ui-icon-clock'
+                    }
+                });
+            $('a.contactButton').button(
+                {
+                    icons: {
+                        primary: 'ui-icon-mail-closed'
+                    }
+                });
         }
-    });
 
-    this.editSupportRequestFields = $([])
-        .add($self.editAssignedToCtrl)
-        .add($self.editIssueStatusCtrl)
-        .add($self.editIssueCommentCtrl);
-
-    this.editSupportRequestDialog = $("#editSupportRequest-dialog").dialog({
-        autoOpen: false,
-        modal: true,
-        width: 400,
-        overlay: {
-            backgroundColor: '#000',
-            opacity: 0.5
-        },
-        buttons: {
-            "Save Changes": $self.updateSupportRequest,
-            Cancel: function () {
-                $self.editSupportRequestDialog.dialog("close");
-            }
-        },
-        close: function () {
-            $('#editSupportRequest-form')[0].reset();
-            $self.editSupportRequestFields.removeClass("ui-state-error");
+        this.updateSupportRequest = function () {
+            var updatedViewModel = ko.dataFor($self.editSupportRequestForm);
+
+            updatedViewModel.updateSupportRequest(
+                function () {
+                    $self.pageNumber(0);
+                    $self.filter();
+                    $self.editSupportRequestDialog.dialog("close");
+                },
+                function (jqXhr, textStatus, errorThrown) {
+                    alert("Error: " + errorThrown);
+                });
         }
-    });
 
-    this.editSupportRequest = function (supportRequestViewModel) {
-
-        var editViewModel = new EditViewModel($self.editUrl);
-        editViewModel.issue = supportRequestViewModel;
-        editViewModel.assignedToChoices = $self.assignedToChoices;
-        editViewModel.issueStatusChoices = $self.issueStatusChoices.filter(function (value) {
-            return value.Text !== 'Unresolved';
+        this.historyDialog = $('#history-dialog').dialog({
+            autoOpen: false,
+            modal: true,
+            width: 800,
+            overlay: {
+                backgroundColor: '#000',
+                opacity: 0.5
+            },
+            buttons: {
+                "Close": function () {
+                    $self.historyDialog.dialog("close");
+                }
+            }
         });
 
-        editViewModel.editAssignedToId = supportRequestViewModel.AssignedTo;
-        editViewModel.editIssueStatusId = supportRequestViewModel.IssueStatusId;
+        this.editSupportRequestFields = $([])
+            .add($self.editAssignedToCtrl)
+            .add($self.editIssueStatusCtrl)
+            .add($self.editIssueCommentCtrl);
+
+        this.editSupportRequestDialog = $("#editSupportRequest-dialog").dialog({
+            autoOpen: false,
+            modal: true,
+            width: 400,
+            overlay: {
+                backgroundColor: '#000',
+                opacity: 0.5
+            },
+            buttons: {
+                "Save Changes": $self.updateSupportRequest,
+                Cancel: function () {
+                    $self.editSupportRequestDialog.dialog("close");
+                }
+            },
+            close: function () {
+                $('#editSupportRequest-form')[0].reset();
+                $self.editSupportRequestFields.removeClass("ui-state-error");
+            }
+        });
 
-        ko.applyBindings(editViewModel, $self.editSupportRequestForm);
+        this.editSupportRequest = function (supportRequestViewModel) {
 
-        $self.editSupportRequestDialog.dialog('option', 'title', 'Edit SR-' + supportRequestViewModel.Key);
-        $self.editSupportRequestDialog.dialog('open');
-        return false;
-    };
+            var editViewModel = new EditViewModel($self.editUrl);
+            editViewModel.issue = supportRequestViewModel;
+            editViewModel.assignedToChoices = $self.assignedToChoices;
+            editViewModel.issueStatusChoices = $self.issueStatusChoices.filter(function (value) {
+                return value.Text !== 'Unresolved';
+            });
 
-    this.generateContactUserUrl = function (supportRequestViewModel) {
-        return 'mailto:' + supportRequestViewModel.OwnerEmail
-            + '?subject=[NuGet.org Support] ' + supportRequestViewModel.IssueTitle
-            + '&CC=support@nuget.org';
-    };
+            editViewModel.editAssignedToId = supportRequestViewModel.AssignedTo;
+            editViewModel.editIssueStatusId = supportRequestViewModel.IssueStatusId;
 
-    this.showHistory = function (supportRequestViewModel) {
+            ko.applyBindings(editViewModel, $self.editSupportRequestForm);
 
-        var url = $self.generateHistoryUrl(supportRequestViewModel);
+            $self.editSupportRequestDialog.dialog('option', 'title', 'Edit SR-' + supportRequestViewModel.Key);
+            $self.editSupportRequestDialog.dialog('open');
+            return false;
+        };
 
-        $.ajax({
-            url: url,
-            type: 'GET',
-            cache: false,
-            dataType: 'json',
-            success: function (data) {
+        this.generateContactUserUrl = function (supportRequestViewModel) {
+            return 'mailto:' + supportRequestViewModel.OwnerEmail
+                + '?subject=[NuGet.org Support] ' + supportRequestViewModel.IssueTitle
+                + '&CC=support@nuget.org';
+        };
 
-                var historyViewModel = ko.dataFor($self.historyTableCtrl);
-                historyViewModel.issue(supportRequestViewModel);
-                historyViewModel.historyEntries(data);
+        this.showHistory = function (supportRequestViewModel) {
 
-                $self.historyDialog.dialog('option', 'title', 'History for SR-' + supportRequestViewModel.Key);
-                $self.historyDialog.dialog('open');
-            }
-        })
-        .error(function (jqXhr, textStatus, errorThrown) {
-            alert("Error: " + errorThrown);
-        });
+            var url = $self.generateHistoryUrl(supportRequestViewModel);
 
-        return false;
-    };
+            $.ajax({
+                url: url,
+                type: 'GET',
+                cache: false,
+                dataType: 'json',
+                success: function (data) {
 
-    this.generateUserProfileUrl = function (supportRequestViewModel) {
-        if (supportRequestViewModel.CreatedBy.toUpperCase !== 'ANONYMOUS') {
-            return supportRequestViewModel.SiteRoot + 'Profiles/' + supportRequestViewModel.CreatedBy;
-        }
-        return '#';
-    }
+                    var historyViewModel = ko.dataFor($self.historyTableCtrl);
+                    historyViewModel.issue(supportRequestViewModel);
+                    historyViewModel.historyEntries(data);
 
-    this.generatePackageDetailsUrl = function(supportRequestViewModel) {
-      return supportRequestViewModel.SiteRoot + 'packages/' + supportRequestViewModel.PackageId + '/' + supportRequestViewModel.PackageVersion;
-    }
+                    $self.historyDialog.dialog('option', 'title', 'History for SR-' + supportRequestViewModel.Key);
+                    $self.historyDialog.dialog('open');
+                }
+            })
+                .error(function (jqXhr, textStatus, errorThrown) {
+                    alert("Error: " + errorThrown);
+                });
 
-    this.generateHistoryUrl = function (supportRequestViewModel) {
-        return $self.historyUrl + '?id=' + supportRequestViewModel.Key;
-    }
+            return false;
+        };
 
-    this.getStyleForIssueStatus = function (supportRequestViewModel) {
-        if (supportRequestViewModel.IssueStatusName.toUpperCase() === 'NEW') {
-            return 'color: #FF1F19; style: bold;';
+        this.generateUserProfileUrl = function (supportRequestViewModel) {
+            if (supportRequestViewModel.CreatedBy.toUpperCase !== 'ANONYMOUS') {
+                return supportRequestViewModel.SiteRoot + 'Profiles/' + supportRequestViewModel.CreatedBy;
+            }
+            return '#';
         }
-        else if (supportRequestViewModel.IssueStatusName.toUpperCase() === 'RESOLVED') {
-            return 'color: #09B25B; style: bold;';
+
+        this.generatePackageDetailsUrl = function (supportRequestViewModel) {
+            return supportRequestViewModel.SiteRoot + 'packages/' + supportRequestViewModel.PackageId + '/' + supportRequestViewModel.PackageVersion;
         }
-        else {
-            return 'color: #FF8D00; style: bold;';
+
+        this.generateHistoryUrl = function (supportRequestViewModel) {
+            return $self.historyUrl + '?id=' + supportRequestViewModel.Key;
         }
-    }
 
-    this.applyFilter = function () {
-        $self.filter($self.pageNumber(), $self.take());
-    };
+        this.getStyleForIssueStatus = function (supportRequestViewModel) {
+            if (supportRequestViewModel.IssueStatusName.toUpperCase() === 'NEW') {
+                return 'color: #FF1F19; style: bold;';
+            }
+            else if (supportRequestViewModel.IssueStatusName.toUpperCase() === 'RESOLVED') {
+                return 'color: #09B25B; style: bold;';
+            }
+            else {
+                return 'color: #FF8D00; style: bold;';
+            }
+        }
 
-    this.filter = function (pageNumber, take) {
+        this.applyFilter = function () {
+            $self.filter($self.pageNumber(), $self.take());
+        };
 
-        var url = $self.filterUrl + '?pageNumber=' + pageNumber + '&take=' + take;
+        this.filter = function (pageNumber, take) {
 
-        if ($self.assignedToFilter() !== undefined) {
-            url += '&assignedToId=' + $self.assignedToFilter();
-        }
+            var url = $self.filterUrl + '?pageNumber=' + pageNumber + '&take=' + take;
 
-        if ($self.reasonFilter() !== undefined && $self.reasonFilter() !== '') {
-            url += '&reason=' + $self.reasonFilter();
-        }
+            if ($self.assignedToFilter() !== undefined) {
+                url += '&assignedToId=' + $self.assignedToFilter();
+            }
 
-        if ($self.issueStatusIdFilter() !== undefined) {
-            url += '&issueStatusId=' + $self.issueStatusIdFilter();
-        }
+            if ($self.reasonFilter() !== undefined && $self.reasonFilter() !== '') {
+                url += '&reason=' + $self.reasonFilter();
+            }
 
-        $.ajax({
-            url: url,
-            type: 'GET',
-            cache: false,
-            dataType: 'json',
-            success: function (data) {
-                var parsed = JSON.parse(data);
-                $self.filteredIssues(parsed.Issues);
-                $self.pageNumber(parsed.CurrentPageNumber);
-                $self.maxPageNumber(parsed.MaxPage);
-                $self.styleButtons();
+            if ($self.issueStatusIdFilter() !== undefined) {
+                url += '&issueStatusId=' + $self.issueStatusIdFilter();
             }
-        })
-        .error(function (jqXhr, textStatus, errorThrown) {
-            alert("Error: " + errorThrown);
-        });
-    };
-};
-
-$(function () {
-    ko.bindingHandlers.datetime = {
-        update: function (element, valueAccessor) {
-            var value = valueAccessor();
-            var date = moment(value);
-            $(element).text(date.format("L") + " " + date.format("LTS"));
-        }
+
+            $.ajax({
+                url: url,
+                type: 'GET',
+                cache: false,
+                dataType: 'json',
+                success: function (data) {
+                    var parsed = JSON.parse(data);
+                    $self.filteredIssues(parsed.Issues);
+                    $self.pageNumber(parsed.CurrentPageNumber);
+                    $self.maxPageNumber(parsed.MaxPage);
+                    $self.styleButtons();
+                }
+            })
+                .error(function (jqXhr, textStatus, errorThrown) {
+                    alert("Error: " + errorThrown);
+                });
+        };
     };
-});
\ No newline at end of file
+
+}());
+
+(function () {
+    'use strict';
+
+    $(function () {
+        ko.bindingHandlers.datetime = {
+            update: function (element, valueAccessor) {
+                var value = valueAccessor();
+                var date = moment(value);
+                $(element).text(date.format("L") + " " + date.format("LTS"));
+            }
+        };
+    });
+}());
diff --git a/src/NuGetGallery/Security/AutomaticOverwriteRequiredSignerPolicy.cs b/src/NuGetGallery/Security/AutomaticOverwriteRequiredSignerPolicy.cs
new file mode 100644
index 0000000000..92f974bb6e
--- /dev/null
+++ b/src/NuGetGallery/Security/AutomaticOverwriteRequiredSignerPolicy.cs
@@ -0,0 +1,19 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace NuGetGallery.Security
+{
+    /// <summary>
+    /// A policy which enables subscribing package owners to automatically
+    /// overwrite the current required signer for a package registration.
+    /// </summary>
+    public sealed class AutomaticallyOverwriteRequiredSignerPolicy : RequiredSignerPolicy
+    {
+        public const string PolicyName = nameof(AutomaticallyOverwriteRequiredSignerPolicy);
+
+        public AutomaticallyOverwriteRequiredSignerPolicy()
+            : base(PolicyName, SecurityPolicyAction.AutomaticallyOverwriteRequiredSigner)
+        {
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/NuGetGallery/Security/ControlRequiredSignerPolicy.cs b/src/NuGetGallery/Security/ControlRequiredSignerPolicy.cs
new file mode 100644
index 0000000000..bd66c9d83c
--- /dev/null
+++ b/src/NuGetGallery/Security/ControlRequiredSignerPolicy.cs
@@ -0,0 +1,20 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace NuGetGallery.Security
+{
+    /// <summary>
+    /// A policy which enables subscribing package owners to retain control
+    /// from non-subscribing package owners of changing the required signer
+    /// for a package registration.
+    /// </summary>
+    public sealed class ControlRequiredSignerPolicy : RequiredSignerPolicy
+    {
+        public const string PolicyName = nameof(ControlRequiredSignerPolicy);
+
+        public ControlRequiredSignerPolicy()
+            : base(PolicyName, SecurityPolicyAction.ControlRequiredSigner)
+        {
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/NuGetGallery/Security/RequiredSignerPolicy.cs b/src/NuGetGallery/Security/RequiredSignerPolicy.cs
new file mode 100644
index 0000000000..ccbf4d4077
--- /dev/null
+++ b/src/NuGetGallery/Security/RequiredSignerPolicy.cs
@@ -0,0 +1,40 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+
+namespace NuGetGallery.Security
+{
+    public abstract class RequiredSignerPolicy : UserSecurityPolicyHandler, IUserSecurityPolicySubscription
+    {
+        public IEnumerable<UserSecurityPolicy> Policies { get; }
+
+        public string SubscriptionName => Name;
+
+        public RequiredSignerPolicy(string policyName, SecurityPolicyAction action)
+            : base(policyName, action)
+        {
+            Policies = new[]
+            {
+                new UserSecurityPolicy(policyName, policyName)
+            };
+        }
+
+        public override SecurityPolicyResult Evaluate(UserSecurityPolicyEvaluationContext context)
+        {
+            throw new NotImplementedException();  // Not used.
+        }
+
+        public Task OnSubscribeAsync(UserSecurityPolicySubscriptionContext context)
+        {
+            return Task.CompletedTask;
+        }
+
+        public Task OnUnsubscribeAsync(UserSecurityPolicySubscriptionContext context)
+        {
+            return Task.CompletedTask;
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/NuGetGallery/Security/SecurityPolicyAction.cs b/src/NuGetGallery/Security/SecurityPolicyAction.cs
index 1362ee6d83..c99be97fe7 100644
--- a/src/NuGetGallery/Security/SecurityPolicyAction.cs
+++ b/src/NuGetGallery/Security/SecurityPolicyAction.cs
@@ -8,6 +8,8 @@ public enum SecurityPolicyAction
         PackagePush,
         PackageVerify,
         ManagePackageOwners,
-        JoinOrganization
+        JoinOrganization,
+        AutomaticallyOverwriteRequiredSigner,
+        ControlRequiredSigner
     }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery/Security/SecurityPolicyService.cs b/src/NuGetGallery/Security/SecurityPolicyService.cs
index 25ad68fd00..1b7b62cb23 100644
--- a/src/NuGetGallery/Security/SecurityPolicyService.cs
+++ b/src/NuGetGallery/Security/SecurityPolicyService.cs
@@ -19,6 +19,10 @@ public class SecurityPolicyService : ISecurityPolicyService
     {
         private static Lazy<IEnumerable<UserSecurityPolicyHandler>> _userHandlers =
             new Lazy<IEnumerable<UserSecurityPolicyHandler>>(CreateUserHandlers);
+        private static readonly ControlRequiredSignerPolicy _controlRequiredSignerPolicy
+            = new ControlRequiredSignerPolicy();
+        private static readonly AutomaticallyOverwriteRequiredSignerPolicy _automaticallyOverwriteRequiredSignerPolicy
+            = new AutomaticallyOverwriteRequiredSignerPolicy();
 
         protected IEntitiesContext EntitiesContext { get; set; }
 
@@ -67,7 +71,8 @@ public virtual IEnumerable<IUserSecurityPolicySubscription> UserSubscriptions
         {
             get
             {
-                return new List<IUserSecurityPolicySubscription>();
+                yield return _controlRequiredSignerPolicy;
+                yield return _automaticallyOverwriteRequiredSignerPolicy;
             }
         }
 
@@ -359,6 +364,8 @@ private static IEnumerable<UserSecurityPolicyHandler> CreateUserHandlers()
             yield return new RequirePackageVerifyScopePolicy();
             yield return new RequireMinProtocolVersionForPushPolicy();
             yield return new RequireOrganizationTenantPolicy();
+            yield return _controlRequiredSignerPolicy;
+            yield return _automaticallyOverwriteRequiredSignerPolicy;
         }
    }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery/Services/AccountDeletionOrphanPackagePolicy.cs b/src/NuGetGallery/Services/AccountDeletionOrphanPackagePolicy.cs
new file mode 100644
index 0000000000..f50b83a41e
--- /dev/null
+++ b/src/NuGetGallery/Services/AccountDeletionOrphanPackagePolicy.cs
@@ -0,0 +1,23 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace NuGetGallery
+{
+    public enum AccountDeletionOrphanPackagePolicy
+    {
+        /// <summary>
+        /// Any orphan packages created by deleting the account should remain listed.
+        /// </summary>
+        KeepOrphans,
+
+        /// <summary>
+        /// Any orphan packages created by deleting the account should be unlisted.
+        /// </summary>
+        UnlistOrphans,
+
+        /// <summary>
+        /// Deleting the account should not create any orphan packages.
+        /// </summary>
+        DoNotAllowOrphans,
+    }
+}
\ No newline at end of file
diff --git a/src/NuGetGallery/Services/ActionsRequiringPermissions.cs b/src/NuGetGallery/Services/ActionsRequiringPermissions.cs
index 7cfb15e2a4..9f2727c51a 100644
--- a/src/NuGetGallery/Services/ActionsRequiringPermissions.cs
+++ b/src/NuGetGallery/Services/ActionsRequiringPermissions.cs
@@ -10,10 +10,14 @@ public static class ActionsRequiringPermissions
     {
         private const PermissionsRequirement RequireOwnerOrSiteAdmin = 
             PermissionsRequirement.Owner | PermissionsRequirement.SiteAdmin;
+        private const PermissionsRequirement RequireOwnerOrSiteAdminOrOrganizationAdmin =
+            PermissionsRequirement.Owner | PermissionsRequirement.SiteAdmin | PermissionsRequirement.OrganizationAdmin;
         private const PermissionsRequirement RequireOwnerOrOrganizationAdmin = 
             PermissionsRequirement.Owner | PermissionsRequirement.OrganizationAdmin;
-        private const PermissionsRequirement RequireOwnerOrOrganizationMember = 
+        private const PermissionsRequirement RequireOwnerOrOrganizationMember =
             PermissionsRequirement.Owner | PermissionsRequirement.OrganizationAdmin | PermissionsRequirement.OrganizationCollaborator;
+        private const PermissionsRequirement RequireOwnerOrSiteAdminOrOrganizationMember =
+            PermissionsRequirement.Owner | PermissionsRequirement.SiteAdmin | PermissionsRequirement.OrganizationAdmin | PermissionsRequirement.OrganizationCollaborator;
 
         /// <summary>
         /// The action of seeing private metadata about a package.
@@ -95,6 +99,13 @@ public static class ActionsRequiringPermissions
             new ActionRequiringAccountPermissions(
                 accountPermissionsRequirement: RequireOwnerOrOrganizationAdmin);
 
+        /// <summary>
+        /// The action of viewing (read-only) a user or organization account.
+        /// </summary>
+        public static ActionRequiringAccountPermissions ViewAccount =
+            new ActionRequiringAccountPermissions(
+                accountPermissionsRequirement: RequireOwnerOrSiteAdminOrOrganizationMember);
+
         /// <summary>
         /// The action of managing a user or organization account. This includes confirming an account,
         /// changing the email address, changing email subscriptions, modifying sign-in credentials, etc.
@@ -104,10 +115,18 @@ public static class ActionsRequiringPermissions
                 accountPermissionsRequirement: RequireOwnerOrOrganizationAdmin);
 
         /// <summary>
-        /// The action of viewing (read-only) a user or organization account.
+        /// The action of managing an organization's memberships.
         /// </summary>
-        public static ActionRequiringAccountPermissions ViewAccount =
+        public static ActionRequiringAccountPermissions ManageMembership =
             new ActionRequiringAccountPermissions(
-                accountPermissionsRequirement: RequireOwnerOrOrganizationMember);
+                accountPermissionsRequirement: RequireOwnerOrSiteAdminOrOrganizationAdmin);
+
+        /// <summary>
+        /// The action of changing a package's required signer.
+        /// </summary>
+        public static ActionRequiringPackagePermissions ManagePackageRequiredSigner =
+             new ActionRequiringPackagePermissions(
+                accountOnBehalfOfPermissionsRequirement: RequireOwnerOrOrganizationAdmin,
+                packageRegistrationPermissionsRequirement: RequireOwnerOrOrganizationAdmin);
     }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery/Services/CertificateService.cs b/src/NuGetGallery/Services/CertificateService.cs
new file mode 100644
index 0000000000..3b5d3aa282
--- /dev/null
+++ b/src/NuGetGallery/Services/CertificateService.cs
@@ -0,0 +1,194 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Data.Entity;
+using System.Linq;
+using System.Threading.Tasks;
+using System.Web;
+using NuGetGallery.Auditing;
+
+namespace NuGetGallery
+{
+    public sealed class CertificateService : ICertificateService
+    {
+        private readonly ICertificateValidator _certificateValidator;
+        private readonly IEntityRepository<Certificate> _certificateRepository;
+        private readonly IEntityRepository<User> _userRepository;
+        private readonly IEntitiesContext _entitiesContext;
+        private readonly IFileStorageService _fileStorageService;
+        private readonly IAuditingService _auditingService;
+        private readonly ITelemetryService _telemetryService;
+
+        public CertificateService(
+            ICertificateValidator certificateValidator,
+            IEntityRepository<Certificate> certificateRepository,
+            IEntityRepository<User> userRepository,
+            IEntitiesContext entitiesContext,
+            IFileStorageService fileStorageService,
+            IAuditingService auditingService,
+            ITelemetryService telemetryService)
+        {
+            _certificateValidator = certificateValidator ?? throw new ArgumentNullException(nameof(certificateValidator));
+            _certificateRepository = certificateRepository ?? throw new ArgumentNullException(nameof(certificateRepository));
+            _userRepository = userRepository ?? throw new ArgumentNullException(nameof(userRepository));
+            _entitiesContext = entitiesContext ?? throw new ArgumentNullException(nameof(entitiesContext));
+            _fileStorageService = fileStorageService ?? throw new ArgumentNullException(nameof(fileStorageService));
+            _auditingService = auditingService ?? throw new ArgumentNullException(nameof(auditingService));
+            _telemetryService = telemetryService ?? throw new ArgumentNullException(nameof(telemetryService));
+        }
+
+        public async Task<Certificate> AddCertificateAsync(HttpPostedFileBase file)
+        {
+            if (file == null)
+            {
+                throw new ArgumentNullException(nameof(file));
+            }
+
+            _certificateValidator.Validate(file);
+
+            using (var certificateFile = CertificateFile.Create(file.InputStream))
+            {
+                var certificate = GetCertificate(certificateFile.Sha256Thumbprint);
+
+                if (certificate == null)
+                {
+                    await SaveToFileStorageAsync(certificateFile);
+
+                    certificate = new Certificate()
+                    {
+                        Sha1Thumbprint = certificateFile.Sha1Thumbprint,
+                        Thumbprint = certificateFile.Sha256Thumbprint,
+                        UserCertificates = new List<UserCertificate>()
+                    };
+
+                    _certificateRepository.InsertOnCommit(certificate);
+
+                    await _certificateRepository.CommitChangesAsync();
+
+                    await _auditingService.SaveAuditRecordAsync(
+                        new CertificateAuditRecord(AuditedCertificateAction.Add, certificate.Thumbprint));
+
+                    _telemetryService.TrackCertificateAdded(certificateFile.Sha256Thumbprint);
+                }
+
+                return certificate;
+            }
+        }
+
+        public async Task ActivateCertificateAsync(string thumbprint, User account)
+        {
+            if (string.IsNullOrEmpty(thumbprint))
+            {
+                throw new ArgumentException(Strings.ArgumentCannotBeNullOrEmpty, nameof(thumbprint));
+            }
+
+            if (account == null)
+            {
+                throw new ArgumentNullException(nameof(account));
+            }
+
+            var certificate = GetCertificate(thumbprint);
+
+            if (certificate == null)
+            {
+                throw new ArgumentException(Strings.CertificateDoesNotExist, nameof(thumbprint));
+            }
+
+            var userCertificate = certificate.UserCertificates.SingleOrDefault(uc => uc.UserKey == account.Key);
+
+            if (userCertificate == null)
+            {
+                userCertificate = new UserCertificate()
+                {
+                    CertificateKey = certificate.Key,
+                    UserKey = account.Key
+                };
+
+                _entitiesContext.UserCertificates.Add(userCertificate);
+
+                await _entitiesContext.SaveChangesAsync();
+
+                await _auditingService.SaveAuditRecordAsync(
+                    new CertificateAuditRecord(AuditedCertificateAction.Activate, certificate.Thumbprint));
+
+                _telemetryService.TrackCertificateActivated(thumbprint);
+            }
+        }
+
+        public async Task DeactivateCertificateAsync(string thumbprint, User account)
+        {
+            if (string.IsNullOrEmpty(thumbprint))
+            {
+                throw new ArgumentException(Strings.ArgumentCannotBeNullOrEmpty, nameof(thumbprint));
+            }
+
+            if (account == null)
+            {
+                throw new ArgumentNullException(nameof(account));
+            }
+
+            var certificate = GetCertificate(thumbprint);
+
+            if (certificate == null)
+            {
+                throw new ArgumentException(Strings.CertificateDoesNotExist, nameof(thumbprint));
+            }
+
+            var userCertificate = certificate.UserCertificates.SingleOrDefault(uc => uc.UserKey == account.Key);
+
+            if (userCertificate != null)
+            {
+                _entitiesContext.DeleteOnCommit(userCertificate);
+
+                await _entitiesContext.SaveChangesAsync();
+
+                await _auditingService.SaveAuditRecordAsync(
+                    new CertificateAuditRecord(AuditedCertificateAction.Deactivate, certificate.Thumbprint));
+
+                _telemetryService.TrackCertificateDeactivated(thumbprint);
+            }
+        }
+
+        public IEnumerable<Certificate> GetCertificates(User account)
+        {
+            if (account == null)
+            {
+                throw new ArgumentNullException(nameof(account));
+            }
+
+            return _userRepository.GetAll()
+                .Where(u => u.Key == account.Key)
+                .SelectMany(u => u.UserCertificates)
+                .Select(uc => uc.Certificate);
+        }
+
+        private async Task SaveToFileStorageAsync(CertificateFile certificateFile)
+        {
+            var filePath = $"SHA-256/{certificateFile.Sha256Thumbprint}{CoreConstants.CertificateFileExtension}";
+
+            try
+            {
+                await _fileStorageService.SaveFileAsync(
+                    CoreConstants.UserCertificatesFolderName,
+                    filePath,
+                    certificateFile.Stream,
+                    overwrite: false);
+            }
+            catch (FileAlreadyExistsException)
+            {
+                // A certificate is being uploaded again.
+                // The fact that the certificate already exists in storage is ignorable.
+            }
+        }
+
+        private Certificate GetCertificate(string thumbprint)
+        {
+            return _certificateRepository.GetAll()
+                .Where(c => c.Thumbprint == thumbprint)
+                .Include(c => c.UserCertificates)
+                .SingleOrDefault();
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/NuGetGallery/Services/CertificateValidator.cs b/src/NuGetGallery/Services/CertificateValidator.cs
new file mode 100644
index 0000000000..867b4f055a
--- /dev/null
+++ b/src/NuGetGallery/Services/CertificateValidator.cs
@@ -0,0 +1,165 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Globalization;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Web;
+
+namespace NuGetGallery
+{
+    public sealed class CertificateValidator : ICertificateValidator
+    {
+        private const int MaximumSizeInBytes = 10000;
+
+        public void Validate(HttpPostedFileBase file)
+        {
+            if (file == null)
+            {
+                throw new UserSafeException(Strings.CertificateFileIsRequired, new ArgumentNullException(nameof(file)));
+            }
+
+            if (!string.Equals(
+                Path.GetExtension(file.FileName),
+                CoreConstants.CertificateFileExtension,
+                StringComparison.OrdinalIgnoreCase))
+            {
+                throw new UserSafeException(
+                    string.Format(
+                        CultureInfo.InvariantCulture,
+                        Strings.ValidateCertificate_InvalidFileType,
+                        CoreConstants.CertificateFileExtension));
+            }
+
+            var stream = file.InputStream;
+
+            if (stream == null)
+            {
+                throw new UserSafeException(Strings.ValidateCertificate_InvalidStream);
+            }
+
+            if (!stream.CanSeek)
+            {
+                throw new UserSafeException(Strings.ValidateCertificate_StreamMustBeSeekable);
+            }
+
+            if (file.ContentLength <= 0 || stream.Length <= 0)
+            {
+                throw new UserSafeException(Strings.ValidateCertificate_InvalidFileLength);
+            }
+
+            if (file.ContentLength > MaximumSizeInBytes || stream.Length > MaximumSizeInBytes)
+            {
+                throw new UserSafeException(
+                    string.Format(
+                        CultureInfo.InvariantCulture,
+                        Strings.ValidateCertificate_FileTooLarge,
+                        MaximumSizeInBytes));
+            }
+
+            if (!IsDerEncodedX509Certificate(stream))
+            {
+                throw new UserSafeException(Strings.ValidateCertificate_InvalidEncoding);
+            }
+        }
+
+        private static bool IsDerEncodedX509Certificate(Stream stream)
+        {
+            stream.Position = 0;
+
+            try
+            {
+                using (var reader = new BinaryReader(stream, Encoding.UTF8, leaveOpen: true))
+                {
+                    var firstByte = reader.ReadByte();
+
+                    const byte ConstructedSequence = 0x30;
+
+                    // A DER encoded binary X.509 certificate begins with a constructed sequence tag.
+                    if (firstByte != ConstructedSequence)
+                    {
+                        return false;
+                    }
+
+                    // However, so do many other DER encoded files (e.g.:  PFX, P7B, P7S, etc.).
+                    // We will have reasonable confidence that this file is a certificate file and not one
+                    // of these other types by inspecting the next ASN.1 tag.  But first we need to read the
+                    // length for the current sequence.
+
+                    var value = reader.ReadByte();
+                    int length;
+
+                    if ((value & 0x80) == 0x80)
+                    {
+                        // Length is in long form.
+                        // The length is represented by a byte sequence of length byteCount.
+                        var byteCount = value & 0x7F;
+
+                        // The previously checked constructed sequence tag and initial length byte
+                        // subtract from the overall length.
+                        var maxByteCount = GetLengthByteCount(MaximumSizeInBytes - 2);
+
+                        if (byteCount > maxByteCount)
+                        {
+                            // The sequence is larger than the maximum file size allows,
+                            // so don't even try calculating the actual length.
+                            return false;
+                        }
+
+                        var lengthBytes = reader.ReadBytes(byteCount);
+
+                        length = lengthBytes.Aggregate(
+                            seed: 0,
+                            func: (l, r) => (l * 256) + r);
+                    }
+                    else
+                    {
+                        // Length is in short form.
+                        length = value;
+                    }
+
+                    var remainingBytes = stream.Length - stream.Position;
+
+                    if (length != remainingBytes)
+                    {
+                        return false;
+                    }
+
+                    if (stream.Position == stream.Length)
+                    {
+                        return false;
+                    }
+
+                    // A X.509 certificate (https://tools.ietf.org/html/rfc5280#section-4.1) is a SEQUENCE
+                    // with a SEQUENCE as its first nested type.
+                    //
+                    // In contrast, a PKCS #12 file (https://tools.ietf.org/html/rfc7292#section-4) is a SEQUENCE
+                    // with an INTEGER as its first nested type.
+                    return reader.ReadByte() == ConstructedSequence;
+                }
+            }
+            finally
+            {
+                stream.Position = 0;
+            }
+        }
+
+        private static int GetLengthByteCount(uint value)
+        {
+            var digits = 1;
+
+            while (value > 255)
+            {
+                var digit = value % 256;
+
+                value /= 256;
+
+                ++digits;
+            }
+
+            return digits;
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/NuGetGallery/Services/CloudDownloadCountService.cs b/src/NuGetGallery/Services/CloudDownloadCountService.cs
index 8d019752d0..cbe2d423bb 100644
--- a/src/NuGetGallery/Services/CloudDownloadCountService.cs
+++ b/src/NuGetGallery/Services/CloudDownloadCountService.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
@@ -27,9 +28,8 @@ public class CloudDownloadCountService : IDownloadCountService
         private readonly object _refreshLock = new object();
         private bool _isRefreshing;
 
-        private readonly IDictionary<string, IDictionary<string, int>> _downloadCounts = new Dictionary<string, IDictionary<string, int>>(StringComparer.OrdinalIgnoreCase);
-        
-        public DateTime LastRefresh { get; protected set; }
+        private readonly ConcurrentDictionary<string, ConcurrentDictionary<string, int>> _downloadCounts
+            = new ConcurrentDictionary<string, ConcurrentDictionary<string, int>>(StringComparer.OrdinalIgnoreCase);
 
         public CloudDownloadCountService(ITelemetryClient telemetryClient, string connectionString, bool readAccessGeoRedundant)
         {
@@ -38,7 +38,7 @@ public CloudDownloadCountService(ITelemetryClient telemetryClient, string connec
             _connectionString = connectionString;
             _readAccessGeoRedundant = readAccessGeoRedundant;
         }
-        
+
         public bool TryGetDownloadCountForPackageRegistration(string id, out int downloadCount)
         {
             if (string.IsNullOrEmpty(id))
@@ -46,11 +46,9 @@ public bool TryGetDownloadCountForPackageRegistration(string id, out int downloa
                 throw new ArgumentNullException(nameof(id));
             }
 
-            id = id.ToLowerInvariant();
-
-            if (_downloadCounts.ContainsKey(id))
+            if (_downloadCounts.TryGetValue(id, out var versions))
             {
-                downloadCount = _downloadCounts[id].Sum(kvp => kvp.Value);
+                downloadCount = CalculateSum(versions);
                 return true;
             }
 
@@ -70,16 +68,10 @@ public bool TryGetDownloadCountForPackage(string id, string version, out int dow
                 throw new ArgumentNullException(nameof(version));
             }
 
-            id = id.ToLowerInvariant();
-            version = version.ToLowerInvariant();
-
-            if (_downloadCounts.ContainsKey(id))
+            if (_downloadCounts.TryGetValue(id, out var versions)
+                && versions.TryGetValue(version, out downloadCount))
             {
-                if (_downloadCounts[id].ContainsKey(version))
-                {
-                    downloadCount = _downloadCounts[id][version];
-                    return true;
-                }
+                return true;
             }
 
             downloadCount = 0;
@@ -127,78 +119,102 @@ public void Refresh()
                 finally
                 {
                     _isRefreshing = false;
-                    LastRefresh = DateTime.UtcNow;
                 }
             }
         }
 
+        /// <summary>
+        /// This method is added for unit testing purposes.
+        /// </summary>
+        protected virtual int CalculateSum(ConcurrentDictionary<string, int> versions)
+        {
+            return versions.Sum(kvp => kvp.Value);
+        }
+
+        /// <summary>
+        /// This method is added for unit testing purposes. It can return a null stream if the blob does not exist
+        /// and assumes the caller will properly dispose of the returned stream.
+        /// </summary>
+        protected virtual Stream GetBlobStream()
+        {
+            var blob = GetBlobReference();
+            if (blob == null)
+            {
+                return null;
+            }
+
+            return blob.OpenRead();
+        }
+
         private void RefreshCore()
         {
             try
             {
-                var blob = GetBlobReference();
-                if (blob == null)
-                {
-                    return;
-                }
-
                 // The data in downloads.v1.json will be an array of Package records - which has Id, Array of Versions and download count.
                 // Sample.json : [["AutofacContrib.NSubstitute",["2.4.3.700",406],["2.5.0",137]],["Assman.Core",["2.0.7",138]]....
-                using (var jsonReader = new JsonTextReader(new StreamReader(blob.OpenRead())))
+                using (var blobStream = GetBlobStream())
                 {
-                    try
+                    if (blobStream == null)
                     {
-                        jsonReader.Read();
+                        return;
+                    }
 
-                        while (jsonReader.Read())
+                    using (var jsonReader = new JsonTextReader(new StreamReader(blobStream)))
+                    {
+                        try
                         {
-                            try
+                            jsonReader.Read();
+
+                            while (jsonReader.Read())
                             {
-                                if (jsonReader.TokenType == JsonToken.StartArray)
+                                try
                                 {
-                                    JToken record = JToken.ReadFrom(jsonReader);
-                                    string id = record[0].ToString().ToLowerInvariant();
-
-                                    // The second entry in each record should be an array of versions, if not move on to next entry.
-                                    // This is a check to safe guard against invalid entries.
-                                    if (record.Count() == 2 && record[1].Type != JTokenType.Array)
+                                    if (jsonReader.TokenType == JsonToken.StartArray)
                                     {
-                                        continue;
-                                    }
+                                        JToken record = JToken.ReadFrom(jsonReader);
+                                        string id = record[0].ToString().ToLowerInvariant();
 
-                                    if (!_downloadCounts.ContainsKey(id))
-                                    {
-                                        _downloadCounts.Add(id, new Dictionary<string, int>(StringComparer.OrdinalIgnoreCase));
-                                    }
-                                    var versions = _downloadCounts[id];
+                                        // The second entry in each record should be an array of versions, if not move on to next entry.
+                                        // This is a check to safe guard against invalid entries.
+                                        if (record.Count() == 2 && record[1].Type != JTokenType.Array)
+                                        {
+                                            continue;
+                                        }
 
-                                    foreach (JToken token in record)
-                                    {
-                                        if (token != null && token.Count() == 2)
+                                        var versions = _downloadCounts.GetOrAdd(
+                                            id,
+                                            _ => new ConcurrentDictionary<string, int>(StringComparer.OrdinalIgnoreCase));
+
+                                        foreach (JToken token in record)
                                         {
-                                            string version = token[0].ToString().ToLowerInvariant();
-                                            versions[version] = token[1].ToObject<int>();
+                                            if (token != null && token.Count() == 2)
+                                            {
+                                                var version = token[0].ToString();
+                                                var downloadCount = token[1].ToObject<int>();
+
+                                                versions.AddOrSet(version, downloadCount);
+                                            }
                                         }
                                     }
                                 }
-                            }
-                            catch (JsonReaderException ex)
-                            {
-                                _telemetryClient.TrackException(ex, new Dictionary<string, string>
+                                catch (JsonReaderException ex)
                                 {
-                                    { "Origin", TelemetryOriginForRefreshMethod },
-                                    { "AdditionalInfo", "Invalid entry found in downloads.v1.json." }
-                                });
+                                    _telemetryClient.TrackException(ex, new Dictionary<string, string>
+                                    {
+                                        { "Origin", TelemetryOriginForRefreshMethod },
+                                        { "AdditionalInfo", "Invalid entry found in downloads.v1.json." }
+                                    });
+                                }
                             }
                         }
-                    }
-                    catch (JsonReaderException ex)
-                    {
-                        _telemetryClient.TrackException(ex, new Dictionary<string, string>
+                        catch (JsonReaderException ex)
                         {
-                            { "Origin", TelemetryOriginForRefreshMethod },
-                            { "AdditionalInfo", "Data present in downloads.v1.json is invalid. Couldn't get download data." }
-                        });
+                            _telemetryClient.TrackException(ex, new Dictionary<string, string>
+                            {
+                                { "Origin", TelemetryOriginForRefreshMethod },
+                                { "AdditionalInfo", "Data present in downloads.v1.json is invalid. Couldn't get download data." }
+                            });
+                        }
                     }
                 }
             }
diff --git a/src/NuGetGallery/Services/DeleteAccountService.cs b/src/NuGetGallery/Services/DeleteAccountService.cs
index 1932461bc1..4a795217e4 100644
--- a/src/NuGetGallery/Services/DeleteAccountService.cs
+++ b/src/NuGetGallery/Services/DeleteAccountService.cs
@@ -1,5 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 using System;
 using System.Collections.Generic;
 using System.Globalization;
@@ -50,30 +51,20 @@ IAuditingService auditingService
             _auditingService = auditingService ?? throw new ArgumentNullException(nameof(auditingService));
         }
 
-        /// <summary>
-        /// Will clean-up the data related with an user account.
-        /// The result will be:
-        /// 1. The user will be removed as owner from its owned packages.
-        /// 2. Any of the packages that become orphaned as its result will be unlisted if the unlistOrphanPackages is set to true.
-        /// 3. Any owned namespaces will be released.
-        /// 4. The user credentials will be cleaned.
-        /// 5. The user data will be cleaned.
-        /// </summary>
-        /// <param name="userToBeDeleted">The user to be deleted.</param>
-        /// <param name="admin">The admin that will perform the delete action.</param>
-        /// <param name="signature">The admin signature.</param>
-        /// <param name="unlistOrphanPackages">If the orphaned packages will unlisted.</param>
-        /// <param name="commitAsTransaction">If the data will be persisted as a transaction.</param>
-        /// <returns></returns>
-        public async Task<DeleteUserAccountStatus> DeleteGalleryUserAccountAsync(User userToBeDeleted, User admin, string signature, bool unlistOrphanPackages, bool commitAsTransaction)
+        public async Task<DeleteUserAccountStatus> DeleteAccountAsync(User userToBeDeleted,
+            User userToExecuteTheDelete,
+            bool commitAsTransaction,
+            AccountDeletionOrphanPackagePolicy orphanPackagePolicy = AccountDeletionOrphanPackagePolicy.DoNotAllowOrphans,
+            string signature = null)
         {
             if (userToBeDeleted == null)
             {
                 throw new ArgumentNullException(nameof(userToBeDeleted));
             }
-            if (admin == null)
+
+            if (userToExecuteTheDelete == null)
             {
-                throw new ArgumentNullException(nameof(admin));
+                throw new ArgumentNullException(nameof(userToExecuteTheDelete));
             }
 
             if (userToBeDeleted.IsDeleted)
@@ -87,91 +78,51 @@ public async Task<DeleteUserAccountStatus> DeleteGalleryUserAccountAsync(User us
                     AccountName = userToBeDeleted.Username
                 };
             }
+            
+            return await RunAccountDeletionTask(
+                () => DeleteAccountImplAsync(
+                    userToBeDeleted, 
+                    userToExecuteTheDelete,
+                    orphanPackagePolicy,
+                    signature ?? userToExecuteTheDelete.Username),
+                userToBeDeleted,
+                userToExecuteTheDelete,
+                commitAsTransaction);
+        }
 
-            // The deletion of Organization and Organization member accounts is disabled for now.
-            if (userToBeDeleted is Organization)
-            {
-                return new DeleteUserAccountStatus()
-                {
-                    Success = false,
-                    Description = string.Format(CultureInfo.CurrentCulture,
-                        Strings.AccountDelete_OrganizationDeleteNotImplemented,
-                        userToBeDeleted.Username),
-                    AccountName = userToBeDeleted.Username
-                };
-            }
-            else if (userToBeDeleted.Organizations.Any())
+        private async Task DeleteAccountImplAsync(User userToBeDeleted, User userToExecuteTheDelete, AccountDeletionOrphanPackagePolicy orphanPackagePolicy, string signature)
+        {
+            await RemoveReservedNamespaces(userToBeDeleted);
+            await RemovePackageOwnership(userToBeDeleted, userToExecuteTheDelete, orphanPackagePolicy);
+            await RemoveMemberships(userToBeDeleted, userToExecuteTheDelete, orphanPackagePolicy, signature);
+            await RemoveSecurityPolicies(userToBeDeleted);
+            await RemoveUserCredentials(userToBeDeleted);
+            await RemovePackageOwnershipRequests(userToBeDeleted);
+
+            var organizationToBeDeleted = userToBeDeleted as Organization;
+            if (organizationToBeDeleted != null)
             {
-                return new DeleteUserAccountStatus()
-                {
-                    Success = false,
-                    Description = string.Format(CultureInfo.CurrentCulture,
-                        Strings.AccountDelete_OrganizationMemberDeleteNotImplemented,
-                        userToBeDeleted.Username),
-                    AccountName = userToBeDeleted.Username
-                };
+                await RemoveMembers(organizationToBeDeleted);
             }
 
-            try
+            if (!userToBeDeleted.Confirmed)
             {
-                // The support requests db and gallery db are different.
-                // TransactionScope can be used for doing transaction actions across db on the same server but not on different servers.
-                // The below code will clean first the suppport requests and after the gallery data.
-                // The order is important in order to allow the admin the oportunity to execute this step again.
-                await RemoveSupportRequests(userToBeDeleted);
-
-                if (commitAsTransaction)
-                {
-                    using (var strategy = new SuspendDbExecutionStrategy())
-                    using (var transaction = _entitiesContext.GetDatabase().BeginTransaction())
-                    {
-                        await DeleteGalleryUserAccountImplAsync(userToBeDeleted, admin, signature, unlistOrphanPackages);
-                        transaction.Commit();
-                    }
-                }
-                else
-                {
-                    await DeleteGalleryUserAccountImplAsync(userToBeDeleted, admin, signature, unlistOrphanPackages);
-                }
-                await _auditingService.SaveAuditRecordAsync(new DeleteAccountAuditRecord(username: userToBeDeleted.Username,
-                    status: DeleteAccountAuditRecord.ActionStatus.Success,
-                    action: AuditedDeleteAccountAction.DeleteAccount,
-                    adminUsername: admin.Username));
-                return new DeleteUserAccountStatus()
-                {
-                    Success = true,
-                    Description = string.Format(CultureInfo.CurrentCulture,
-                        Strings.AccountDelete_Success,
-                        userToBeDeleted.Username),
-                    AccountName = userToBeDeleted.Username
-                };
+                // Unconfirmed users should be hard-deleted.
+                // Another account with the same username can be created.
+                await RemoveUser(userToBeDeleted);
             }
-            catch(Exception e)
+            else
             {
-                QuietLog.LogHandledException(e);
-                return new DeleteUserAccountStatus()
-                {
-                    Success = true,
-                    Description = string.Format(CultureInfo.CurrentCulture,
-                        Strings.AccountDelete_Fail,
-                        userToBeDeleted.Username, e),
-                    AccountName = userToBeDeleted.Username
-                };
+                // Confirmed users should be soft-deleted.
+                // Another account with the same username cannot be created.
+                await RemoveUserDataInUserTable(userToBeDeleted);
+                await InsertDeleteAccount(
+                    userToBeDeleted, 
+                    userToExecuteTheDelete, 
+                    signature);
             }
         }
 
-        private async Task DeleteGalleryUserAccountImplAsync(User userToBeDeleted, User admin, string signature, bool unlistOrphanPackages)
-        {
-            var ownedPackages = _packageService.FindPackagesByAnyMatchingOwner(userToBeDeleted, includeUnlisted: true, includeVersions: true).ToList();
-
-            await RemoveOwnership(userToBeDeleted, admin, unlistOrphanPackages, ownedPackages);
-            await RemoveReservedNamespaces(userToBeDeleted);
-            await RemoveSecurityPolicies(userToBeDeleted);
-            await RemoveUserCredentials(userToBeDeleted);
-            await RemoveUserDataInUserTable(userToBeDeleted);
-            await InsertDeleteAccount(userToBeDeleted, admin, signature);
-        }
-
         private async Task InsertDeleteAccount(User user, User admin, string signature)
         {
             var accountDelete = new AccountDelete
@@ -212,16 +163,108 @@ private async Task RemoveReservedNamespaces(User user)
             }
         }
 
-        private async Task RemoveOwnership(User user, User admin, bool unlistOrphanPackages, List<Package> packages)
+        private async Task RemovePackageOwnership(User user, User requestingUser, AccountDeletionOrphanPackagePolicy orphanPackagePolicy)
+        {
+            foreach (var package in GetPackagesOwnedByUser(user))
+            {
+                var owners = user is Organization ? package.PackageRegistration.Owners : _packageService.GetPackageUserAccountOwners(package);
+                if (owners.Count() <= 1)
+                {
+                    // Package will be orphaned by removing ownership.
+                    if (orphanPackagePolicy == AccountDeletionOrphanPackagePolicy.DoNotAllowOrphans)
+                    {
+                        throw new InvalidOperationException($"Deleting user '{user.Username}' will make package '{package.PackageRegistration.Id}' an orphan, but no orphans were expected.");
+                    }
+                    else if (orphanPackagePolicy == AccountDeletionOrphanPackagePolicy.UnlistOrphans)
+                    {
+                        await _packageService.MarkPackageUnlistedAsync(package, commitChanges: true);
+                    }
+                }
+
+                await _packageOwnershipManagementService.RemovePackageOwnerAsync(package.PackageRegistration, requestingUser, user, commitAsTransaction:false);
+            }
+        }
+
+        private bool WillPackageBeOrphaned(User user, Package package)
+        {
+            var owners = user is Organization ? package.PackageRegistration.Owners : _packageService.GetPackageUserAccountOwners(package);
+            return owners.Count() <= 1;
+        }
+
+        private List<Package> GetPackagesOwnedByUser(User user)
+        {
+            return _packageService.FindPackagesByAnyMatchingOwner(user, includeUnlisted: true, includeVersions: true).ToList();
+        }
+
+        private async Task RemovePackageOwnershipRequests(User user)
+        {
+            var requests = _packageOwnershipManagementService.GetPackageOwnershipRequests(newOwner: user).ToList();
+            foreach (var request in requests)
+            {
+                await _packageOwnershipManagementService.DeletePackageOwnershipRequestAsync(request.PackageRegistration, request.NewOwner);
+            }
+        }
+        
+        private async Task RemoveMemberships(User user, User requestingUser, AccountDeletionOrphanPackagePolicy orphanPackagePolicy, string signature)
         {
-            foreach (var package in packages)
+            foreach (var membership in user.Organizations.ToArray())
             {
-                if (unlistOrphanPackages && _packageService.GetPackageUserAccountOwners(package).Count() <= 1)
+                var organization = membership.Organization;
+                var members = organization.Members.ToList();
+                var collaborators = members.Where(m => !m.IsAdmin).ToList();
+                var memberCount = members.Count();
+                user.Organizations.Remove(membership);
+
+                if (memberCount < 2)
+                {
+                    // The user we are deleting is the only member of the organization.
+                    // We should delete the entire organization.
+                    await DeleteAccountImplAsync(organization, requestingUser, orphanPackagePolicy, signature);
+                }
+                else if (memberCount - 1 <= collaborators.Count())
                 {
-                    await _packageService.MarkPackageUnlistedAsync(package, commitChanges: true);
+                    // All other members of this organization are collaborators, so we should promote them to administrators.
+                    foreach (var collaborator in collaborators)
+                    {
+                        collaborator.IsAdmin = true;
+                    }
                 }
-                await _packageOwnershipManagementService.RemovePackageOwnerAsync(package.PackageRegistration, admin, user, commitAsTransaction:false);
             }
+
+            foreach (var membershipRequest in user.OrganizationRequests.ToArray())
+            {
+                user.OrganizationRequests.Remove(membershipRequest);
+            }
+
+            foreach (var transformationRequest in user.OrganizationMigrationRequests.ToArray())
+            {
+                user.OrganizationMigrationRequests.Remove(transformationRequest);
+                transformationRequest.NewOrganization.OrganizationMigrationRequest = null;
+            }
+
+            var migrationRequest = user.OrganizationMigrationRequest;
+            user.OrganizationMigrationRequest = null;
+            if (migrationRequest != null)
+            {
+                migrationRequest.AdminUser.OrganizationMigrationRequests.Remove(migrationRequest);
+            }
+
+            await _entitiesContext.SaveChangesAsync();
+        }
+
+        private async Task RemoveMembers(Organization organization)
+        {
+            foreach (var membership in organization.Members.ToList())
+            {
+                organization.Members.Remove(membership);
+            }
+
+            foreach (var memberRequest in organization.MemberRequests.ToList())
+            {
+                organization.MemberRequests.Remove(memberRequest);
+            }
+
+            await _entitiesContext.SaveChangesAsync();
         }
 
         private async Task RemoveUserDataInUserTable(User user)
@@ -234,5 +277,63 @@ private async Task RemoveSupportRequests(User user)
         {
             await _supportRequestService.DeleteSupportRequestsAsync(user.Username);
         }
+
+        private async Task RemoveUser(User user)
+        {
+            _userRepository.DeleteOnCommit(user);
+            await _userRepository.CommitChangesAsync();
+        }
+
+        private async Task<DeleteUserAccountStatus> RunAccountDeletionTask(Func<Task> getTask, User userToBeDeleted, User requestingUser, bool commitAsTransaction)
+        {
+            try
+            {
+                // The support requests DB and gallery DB are different.
+                // TransactionScope can be used for doing transaction actions across db on the same server but not on different servers.
+                // The below code will clean the suppport requests before the gallery data.
+                // The order is important in order to allow the admin the opportunity to execute this step again.
+                await RemoveSupportRequests(userToBeDeleted);
+
+                if (commitAsTransaction)
+                {
+                    using (var strategy = new SuspendDbExecutionStrategy())
+                    using (var transaction = _entitiesContext.GetDatabase().BeginTransaction())
+                    {
+                        await getTask();
+                        transaction.Commit();
+                    }
+                }
+                else
+                {
+                    await getTask();
+                }
+
+                await _auditingService.SaveAuditRecordAsync(new DeleteAccountAuditRecord(username: userToBeDeleted.Username,
+                    status: DeleteAccountAuditRecord.ActionStatus.Success,
+                    action: AuditedDeleteAccountAction.DeleteAccount,
+                    adminUsername: requestingUser.Username));
+
+                return new DeleteUserAccountStatus()
+                {
+                    Success = true,
+                    Description = string.Format(CultureInfo.CurrentCulture,
+                        Strings.AccountDelete_Success,
+                        userToBeDeleted.Username),
+                    AccountName = userToBeDeleted.Username
+                };
+            }
+            catch (Exception e)
+            {
+                QuietLog.LogHandledException(e);
+                return new DeleteUserAccountStatus()
+                {
+                    Success = false,
+                    Description = string.Format(CultureInfo.CurrentCulture,
+                        Strings.AccountDelete_Fail,
+                        userToBeDeleted.Username, e),
+                    AccountName = userToBeDeleted.Username
+                };
+            }
+        }
     }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery/Services/FileSystemFileStorageService.cs b/src/NuGetGallery/Services/FileSystemFileStorageService.cs
index 2c0846b25c..1b57169905 100644
--- a/src/NuGetGallery/Services/FileSystemFileStorageService.cs
+++ b/src/NuGetGallery/Services/FileSystemFileStorageService.cs
@@ -146,7 +146,7 @@ public Task SaveFileAsync(string folderName, string fileName, Stream packageFile
             var dirPath = Path.GetDirectoryName(filePath);
 
             _fileSystemService.CreateDirectory(dirPath);
-                        
+
             try
             {
                 using (var file = _fileSystemService.OpenWrite(filePath, overwrite))
@@ -156,8 +156,8 @@ public Task SaveFileAsync(string folderName, string fileName, Stream packageFile
             }
             catch (IOException ex)
             {
-                throw new InvalidOperationException(
-                    String.Format(
+                throw new FileAlreadyExistsException(
+                    string.Format(
                         CultureInfo.CurrentCulture,
                         "There is already a file with name {0} in folder {1}.",
                         fileName,
@@ -206,14 +206,14 @@ public Task<string> CopyFileAsync(
             var destFilePath = BuildPath(_configuration.FileStorageDirectory, destFolderName, destFileName);
 
             _fileSystemService.CreateDirectory(Path.GetDirectoryName(destFilePath));
-            
+
             try
             {
                 _fileSystemService.Copy(srcFilePath, destFilePath, overwrite: false);
             }
             catch (IOException e)
             {
-                throw new InvalidOperationException("Could not copy because destination file already exists", e);
+                throw new FileAlreadyExistsException("Could not copy because destination file already exists", e);
             }
 
             return Task.FromResult<string>(null);
diff --git a/src/NuGetGallery/Services/ICertificateService.cs b/src/NuGetGallery/Services/ICertificateService.cs
new file mode 100644
index 0000000000..0a4ed424d7
--- /dev/null
+++ b/src/NuGetGallery/Services/ICertificateService.cs
@@ -0,0 +1,53 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using System.Web;
+
+namespace NuGetGallery
+{
+    public interface ICertificateService
+    {
+        /// <summary>
+        /// Add a certificate to the database if the certificate does not already exist.
+        /// </summary>
+        /// <param name="file">The certificate file.</param>
+        /// <returns>A task that represents the asynchronous operation.
+        /// The task result (<see cref="Task{TResult}.Result" />) returns a <see cref="Certificate" /> 
+        /// entity.</returns>
+        /// <exception cref="ArgumentNullException">Thrown if <paramref name="file" /> is <c>null</c>.</exception>
+        Task<Certificate> AddCertificateAsync(HttpPostedFileBase file);
+
+        /// <summary>
+        /// Activates an existing certificate for an account.
+        /// </summary>
+        /// <param name="thumbprint">The certificate thumbprint.</param>
+        /// <param name="account">The account.</param>
+        /// <returns>A task that represents the asynchronous operation.</returns>
+        /// <exception cref="ArgumentException">Thrown if <paramref name="thumbprint" /> is <c>null</c>
+        /// or empty or if a certificate with the specified thumbprint does not exist.</exception>
+        /// <exception cref="ArgumentNullException">Thrown if <paramref name="account" /> is <c>null</c>.</exception>
+        Task ActivateCertificateAsync(string thumbprint, User account);
+
+        /// <summary>
+        /// Deactivates an existing certificate for an account.
+        /// </summary>
+        /// <param name="thumbprint">The certificate thumbprint.</param>
+        /// <param name="account">The account.</param>
+        /// <returns>A task that represents the asynchronous operation.</returns>
+        /// <exception cref="ArgumentException">Thrown if <paramref name="thumbprint" /> is <c>null</c>
+        /// or empty or if a certificate with the specified thumbprint does not exist.</exception>
+        /// <exception cref="ArgumentNullException">Thrown if <paramref name="account" /> is <c>null</c>.</exception>
+        Task DeactivateCertificateAsync(string thumbprint, User account);
+
+        /// <summary>
+        /// Gets certificates associated with the specified account.
+        /// </summary>
+        /// <param name="account">The account.</param>
+        /// <returns>An enumerable of <see cref="Certificate" /> entities.</returns>
+        /// <exception cref="ArgumentNullException">Thrown if <paramref name="account" /> is <c>null</c>.</exception>
+        IEnumerable<Certificate> GetCertificates(User account);
+    }
+}
\ No newline at end of file
diff --git a/src/NuGetGallery/Services/ICertificateValidator.cs b/src/NuGetGallery/Services/ICertificateValidator.cs
new file mode 100644
index 0000000000..a082cf7bf4
--- /dev/null
+++ b/src/NuGetGallery/Services/ICertificateValidator.cs
@@ -0,0 +1,21 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Web;
+
+namespace NuGetGallery
+{
+    /// <summary>
+    /// Represents a certificate validator.
+    /// </summary>
+    public interface ICertificateValidator
+    {
+        /// <summary>
+        /// Validates a certificate.
+        /// </summary>
+        /// <param name="file">A certificate file.</param>
+        /// <exception cref="ArgumentNullException">Thrown if <paramref name="file" /> is <c>null</c>.</exception>
+        void Validate(HttpPostedFileBase file);
+    }
+}
\ No newline at end of file
diff --git a/src/NuGetGallery/Services/IDeleteAccountService.cs b/src/NuGetGallery/Services/IDeleteAccountService.cs
index 6c7eb0ffd6..94682a318a 100644
--- a/src/NuGetGallery/Services/IDeleteAccountService.cs
+++ b/src/NuGetGallery/Services/IDeleteAccountService.cs
@@ -9,14 +9,23 @@ namespace NuGetGallery
     public interface IDeleteAccountService
     {
         /// <summary>
-        /// Deletes an user gallery account.
+        /// Will clean-up the data related with an user account.
+        /// The result will be:
+        /// 1. The user will be removed as owner from its owned packages.
+        /// 2. Any of the packages that become orphaned as its result will be handled according to <paramref name="orphanPackagePolicy"/>.
+        /// 3. Any owned namespaces will be released.
+        /// 4. The user credentials will be cleaned.
+        /// 5. The user data will be cleaned.
         /// </summary>
         /// <param name="userToBeDeleted">The user to be deleted.</param>
-        /// <param name="admin">The admin that will execute the delete action.</param>
-        /// <param name="signature">The admin signature.</param>
-        /// <param name="unsignOrphanPackages">True if the orphan packages will be unlisted.</param>
-        /// <param name="commitAsTransaction">True if the changes will commited as a transaction.</param>
-        /// <returns></returns>
-        Task<DeleteUserAccountStatus> DeleteGalleryUserAccountAsync(User userToBeDeleted, User admin, string signature, bool unsignOrphanPackages, bool commitAsTransaction);
+        /// <param name="userToExecuteTheDelete">The user deleting the account.</param>
+        /// <param name="orphanPackagePolicy">If deleting the account creates any orphaned packages, a <see cref="AccountDeletionOrphanPackagePolicy"/> that describes how those orphans should be handled.</param>
+        /// <param name="commitAsTransaction">Whether or not to commit the changes as a transaction.</param>
+        /// <param name="signature">The signature of the user deleting the account.</param>
+        Task<DeleteUserAccountStatus> DeleteAccountAsync(User userToBeDeleted,
+            User userToExecuteTheDelete,
+            bool commitAsTransaction,
+            AccountDeletionOrphanPackagePolicy orphanPackagePolicy = AccountDeletionOrphanPackagePolicy.DoNotAllowOrphans,
+            string signature = null);
     }
 }
diff --git a/src/NuGetGallery/Services/IMessageService.cs b/src/NuGetGallery/Services/IMessageService.cs
index 17e7ff9eab..159dbc0114 100644
--- a/src/NuGetGallery/Services/IMessageService.cs
+++ b/src/NuGetGallery/Services/IMessageService.cs
@@ -27,7 +27,7 @@ public interface IMessageService
         void SendContactSupportEmail(ContactSupportRequest request);
         void SendPackageAddedNotice(Package package, string packageUrl, string packageSupportUrl, string emailSettingsUrl);
         void SendPackageUploadedNotice(Package package, string packageUrl, string packageSupportUrl, string emailSettingsUrl);
-        void SendAccountDeleteNotice(MailAddress mailAddress, string userName);
+        void SendAccountDeleteNotice(User user);
         void SendPackageDeletedNotice(Package package, string packageUrl, string packageSupportUrl);
         void SendSigninAssistanceEmail(MailAddress emailAddress, IEnumerable<Credential> credentials);
         void SendOrganizationTransformRequest(User accountToTransform, User adminUser, string profileUrl, string confirmationUrl, string rejectionUrl);
diff --git a/src/NuGetGallery/Services/IPackageService.cs b/src/NuGetGallery/Services/IPackageService.cs
index 3d2562c71a..ada26712e0 100644
--- a/src/NuGetGallery/Services/IPackageService.cs
+++ b/src/NuGetGallery/Services/IPackageService.cs
@@ -16,8 +16,6 @@ namespace NuGetGallery
     /// </summary>
     public interface IPackageService : ICorePackageService
     {
-        PackageRegistration FindPackageRegistrationById(string id);
-
         /// <summary>
         /// Gets the package with the given ID and version when exists;
         /// otherwise gets the latest package version for the given package ID matching the provided constraints.
@@ -86,5 +84,24 @@ public interface IPackageService : ICorePackageService
         /// <param name="package">The package.</param>
         /// <returns>The list of package owners that are not organizations.</returns>
         IEnumerable<User> GetPackageUserAccountOwners(Package package);
+
+        /// <summary>
+        /// Sets the required signer on all owned package registrations.
+        /// </summary>
+        /// <param name="signer">A signer or <c>null</c> if none.</param>
+        /// <returns>A task that represents the asynchronous operation.</returns>
+        /// <exception cref="ArgumentNullException">Thrown if <paramref name="signer" />
+        /// is <c>null</c>.</exception>
+        Task SetRequiredSignerAsync(User signer);
+
+        /// <summary>
+        /// Sets the required signer on an owned package registration.
+        /// </summary>
+        /// <param name="registration">A package registration.</param>
+        /// <param name="signer">A signer or <c>null</c> if none.</param>
+        /// <returns>A task that represents the asynchronous operation.</returns>
+        /// <exception cref="ArgumentNullException">Thrown if <paramref name="registration" />
+        /// is <c>null</c>.</exception>
+        Task SetRequiredSignerAsync(PackageRegistration registration, User signer);
     }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery/Services/ITelemetryService.cs b/src/NuGetGallery/Services/ITelemetryService.cs
index ae0977dea9..43cd6440ca 100644
--- a/src/NuGetGallery/Services/ITelemetryService.cs
+++ b/src/NuGetGallery/Services/ITelemetryService.cs
@@ -35,6 +35,8 @@ public interface ITelemetryService
 
         void TrackNewUserRegistrationEvent(User user, Credential identity);
 
+        void TrackUserChangedMultiFactorAuthentication(User user, bool enabledMultiFactorAuth);
+
         void TrackNewCredentialCreated(User user, Credential credential);
 
         /// <summary>
@@ -47,6 +49,38 @@ public interface ITelemetryService
         /// </summary>
         void TrackUserPackageDeleteExecuted(int packageKey, string packageId, string packageVersion, ReportPackageReason reason, bool success);
 
+        /// <summary>
+        /// A telemetry event emitted when a certificate is added to the database.
+        /// </summary>
+        /// <param name="thumbprint">The certificate thumbprint.</param>
+        /// <exception cref="ArgumentException">Thrown if <paramref name="thumbprint" /> is <c>null</c>
+        /// or empty.</exception>
+        void TrackCertificateAdded(string thumbprint);
+
+        /// <summary>
+        /// A telemetry event emitted when a certificate is activated for an account.
+        /// </summary>
+        /// <param name="thumbprint">The certificate thumbprint.</param>
+        /// <exception cref="ArgumentException">Thrown if <paramref name="thumbprint" /> is <c>null</c>
+        /// or empty.</exception>
+        void TrackCertificateActivated(string thumbprint);
+
+        /// <summary>
+        /// A telemetry event emitted when a certificate is deactivated for an account.
+        /// </summary>
+        /// <param name="thumbprint">The certificate thumbprint.</param>
+        /// <exception cref="ArgumentException">Thrown if <paramref name="thumbprint" /> is <c>null</c>
+        /// or empty.</exception>
+        void TrackCertificateDeactivated(string thumbprint);
+
+        /// <summary>
+        /// A telemetry event emitted when the required signer is set on a package registration.
+        /// </summary>
+        /// <param name="packageId">The package ID.</param>
+        /// <exception cref="ArgumentException">Thrown if <paramref name="thumbprint" /> is <c>null</c>
+        /// or empty.</exception>
+        void TrackRequiredSignerSet(string packageId);
+
         /// <summary>
         /// A telemetry event emitted when a user requests transformation of their account into an organization.
         /// </summary>
diff --git a/src/NuGetGallery/Services/IUserService.cs b/src/NuGetGallery/Services/IUserService.cs
index 1e9b1d7e5b..24bd2627b6 100644
--- a/src/NuGetGallery/Services/IUserService.cs
+++ b/src/NuGetGallery/Services/IUserService.cs
@@ -28,9 +28,9 @@ public interface IUserService
 
         IList<User> FindByUnconfirmedEmailAddress(string unconfirmedEmailAddress, string optionalUsername);
 
-        User FindByUsername(string username);
+        User FindByUsername(string username, bool includeDeleted = false);
 
-        User FindByKey(int key);
+        User FindByKey(int key, bool includeDeleted = false);
 
         Task<bool> ConfirmEmailAddress(User user, string token);
 
@@ -38,6 +38,8 @@ public interface IUserService
 
         Task CancelChangeEmailAddress(User user);
 
+        Task ChangeMultiFactorAuthentication(User user, bool enableMultiFactor);
+
         Task<IDictionary<int, string>> GetEmailAddressesForUserKeysAsync(IReadOnlyCollection<int> distinctUserKeys);
 
         bool CanTransformUserToOrganization(User accountToTransform, out string errorReason);
diff --git a/src/NuGetGallery/Services/LoginDiscontinuationConfiguration.cs b/src/NuGetGallery/Services/LoginDiscontinuationConfiguration.cs
index 7213ef3b4a..9c465441b0 100644
--- a/src/NuGetGallery/Services/LoginDiscontinuationConfiguration.cs
+++ b/src/NuGetGallery/Services/LoginDiscontinuationConfiguration.cs
@@ -17,15 +17,13 @@ public class LoginDiscontinuationConfiguration : ILoginDiscontinuationConfigurat
         internal HashSet<string> ExceptionsForEmailAddresses { get; }
         internal HashSet<string> ForceTransformationToOrganizationForEmailAddresses { get; }
         internal HashSet<OrganizationTenantPair> EnabledOrganizationAadTenants { get; }
-        internal bool OrganizationsEnabledForAll { get; }
 
         public LoginDiscontinuationConfiguration()
             : this(Enumerable.Empty<string>(), 
                   Enumerable.Empty<string>(), 
                   Enumerable.Empty<string>(), 
                   Enumerable.Empty<string>(),
-                  Enumerable.Empty<OrganizationTenantPair>(),
-                  organizationsEnabledForAll: false)
+                  Enumerable.Empty<OrganizationTenantPair>())
         {
         }
 
@@ -35,15 +33,13 @@ public LoginDiscontinuationConfiguration(
             IEnumerable<string> discontinuedForDomains,
             IEnumerable<string> exceptionsForEmailAddresses,
             IEnumerable<string> forceTransformationToOrganizationForEmailAddresses,
-            IEnumerable<OrganizationTenantPair> enabledOrganizationAadTenants,
-            bool organizationsEnabledForAll)
+            IEnumerable<OrganizationTenantPair> enabledOrganizationAadTenants)
         {
             DiscontinuedForEmailAddresses = new HashSet<string>(discontinuedForEmailAddresses, StringComparer.OrdinalIgnoreCase);
             DiscontinuedForDomains = new HashSet<string>(discontinuedForDomains, StringComparer.OrdinalIgnoreCase);
             ExceptionsForEmailAddresses = new HashSet<string>(exceptionsForEmailAddresses, StringComparer.OrdinalIgnoreCase);
             ForceTransformationToOrganizationForEmailAddresses = new HashSet<string>(forceTransformationToOrganizationForEmailAddresses, StringComparer.OrdinalIgnoreCase);
             EnabledOrganizationAadTenants = new HashSet<OrganizationTenantPair>(enabledOrganizationAadTenants, new OrganizationTenantPairComparer());
-            OrganizationsEnabledForAll = organizationsEnabledForAll;
         }
 
         public bool IsLoginDiscontinued(AuthenticatedUser authUser)
@@ -73,13 +69,6 @@ public bool IsUserOnWhitelist(User user)
                 DiscontinuedForEmailAddresses.Contains(email.Address);
         }
 
-        public bool AreOrganizationsSupportedForUser(User user)
-        {
-            return OrganizationsEnabledForAll || 
-                (user != null && 
-                    (user.Organizations.Any() || IsUserOnWhitelist(user)));
-        }
-
         public bool ShouldUserTransformIntoOrganization(User user)
         {
             if (user == null)
@@ -101,7 +90,6 @@ public interface ILoginDiscontinuationConfiguration
     {
         bool IsLoginDiscontinued(AuthenticatedUser authUser);
         bool IsUserOnWhitelist(User user);
-        bool AreOrganizationsSupportedForUser(User user);
         bool ShouldUserTransformIntoOrganization(User user);
         bool IsTenantIdPolicySupportedForOrganization(string emailAddress, string tenantId);
     }
diff --git a/src/NuGetGallery/Services/MessageService.cs b/src/NuGetGallery/Services/MessageService.cs
index e7b27c068c..75619bafdd 100644
--- a/src/NuGetGallery/Services/MessageService.cs
+++ b/src/NuGetGallery/Services/MessageService.cs
@@ -638,29 +638,17 @@ private void SendSupportMessage(User user, string body, string subject)
 
         public void SendPackageUploadedNotice(Package package, string packageUrl, string packageSupportUrl, string emailSettingsUrl)
         {
-            string subject = "[{0}] Package uploaded - {1} {2}";
-            string body = @"The package [{1} {2}]({3}) was just uploaded to {0}. If this was not intended, please [contact support]({4}).
+            string subject = $"[{Config.GalleryOwner.DisplayName}] Package uploaded - {package.PackageRegistration.Id} {package.Version}";
+            string body = $@"The package [{package.PackageRegistration.Id} {package.Version}]({packageUrl}) was recently uploaded to {Config.GalleryOwner.DisplayName} by {package.User.Username}. If this was not intended, please [contact support]({packageSupportUrl}).
 
 Note: This package has not been published yet. It will appear in search results and will be available for install/restore after both validation and indexing are complete. Package validation and indexing may take up to an hour.
 
 -----------------------------------------------
 <em style=""font-size: 0.8em;"">
-    To stop receiving emails as an owner of this package, sign in to the {0} and
-    [change your email notification settings]({5}).
+    To stop receiving emails as an owner of this package, sign in to the {Config.GalleryOwner.DisplayName} and
+    [change your email notification settings]({emailSettingsUrl}).
 </em>";
 
-            body = String.Format(
-                CultureInfo.CurrentCulture,
-                body,
-                Config.GalleryOwner.DisplayName,
-                package.PackageRegistration.Id,
-                package.Version,
-                packageUrl,
-                packageSupportUrl,
-                emailSettingsUrl);
-
-            subject = String.Format(CultureInfo.CurrentCulture, subject, Config.GalleryOwner.DisplayName, package.PackageRegistration.Id, package.Version);
-
             using (var mailMessage = new MailMessage())
             {
                 mailMessage.Subject = subject;
@@ -676,7 +664,7 @@ [change your email notification settings]({5}).
             }
         }
 
-        public void SendAccountDeleteNotice(MailAddress mailAddress, string account)
+        public void SendAccountDeleteNotice(User user)
         {
             string body = @"We received a request to delete your account {0}. If you did not initiate this request, please contact the {1} team immediately.
 {2}When your account will be deleted, we will:{2}
@@ -692,7 +680,7 @@ public void SendAccountDeleteNotice(MailAddress mailAddress, string account)
             body = String.Format(
                 CultureInfo.CurrentCulture,
                 body,
-                account,
+                user,
                 Config.GalleryOwner.DisplayName,
                 Environment.NewLine);
 
@@ -702,7 +690,7 @@ public void SendAccountDeleteNotice(MailAddress mailAddress, string account)
                 mailMessage.Body = body;
                 mailMessage.From = Config.GalleryNoReplyAddress;
 
-                mailMessage.To.Add(mailAddress.Address);
+                mailMessage.To.Add(user.ToMailAddress());
                 SendMessage(mailMessage);
             }
         }
diff --git a/src/NuGetGallery/Services/PackageService.cs b/src/NuGetGallery/Services/PackageService.cs
index 45513aee66..2a19c890c4 100644
--- a/src/NuGetGallery/Services/PackageService.cs
+++ b/src/NuGetGallery/Services/PackageService.cs
@@ -12,27 +12,31 @@
 using NuGet.Versioning;
 using NuGetGallery.Auditing;
 using NuGetGallery.Packaging;
+using NuGetGallery.Security;
 
 namespace NuGetGallery
 {
     public class PackageService : CorePackageService, IPackageService
     {
-        private readonly IEntityRepository<PackageRegistration> _packageRegistrationRepository;
         private readonly IPackageNamingConflictValidator _packageNamingConflictValidator;
         private readonly IAuditingService _auditingService;
         private readonly ITelemetryService _telemetryService;
+        private readonly ISecurityPolicyService _securityPolicyService;
 
         public PackageService(
             IEntityRepository<PackageRegistration> packageRegistrationRepository,
             IEntityRepository<Package> packageRepository,
+            IEntityRepository<Certificate> certificateRepository,
             IPackageNamingConflictValidator packageNamingConflictValidator,
             IAuditingService auditingService,
-            ITelemetryService telemetryService) : base(packageRepository)
+            ITelemetryService telemetryService,
+            ISecurityPolicyService securityPolicyService)
+            : base(packageRepository, packageRegistrationRepository, certificateRepository)
         {
-            _packageRegistrationRepository = packageRegistrationRepository ?? throw new ArgumentNullException(nameof(packageRegistrationRepository));
             _packageNamingConflictValidator = packageNamingConflictValidator ?? throw new ArgumentNullException(nameof(packageNamingConflictValidator));
             _auditingService = auditingService ?? throw new ArgumentNullException(nameof(auditingService));
             _telemetryService = telemetryService ?? throw new ArgumentNullException(nameof(telemetryService));
+            _securityPolicyService = securityPolicyService ?? throw new ArgumentNullException(nameof(securityPolicyService));
         }
 
         /// <summary>
@@ -110,16 +114,16 @@ public async Task<Package> CreatePackageAsync(PackageArchiveReader nugetPackage,
             return package;
         }
 
-        public virtual PackageRegistration FindPackageRegistrationById(string id)
+        public override PackageRegistration FindPackageRegistrationById(string packageId)
         {
-            if (id == null)
+            if (packageId == null)
             {
-                throw new ArgumentNullException(nameof(id));
+                throw new ArgumentNullException(nameof(packageId));
             }
 
             return _packageRegistrationRepository.GetAll()
                 .Include(pr => pr.Owners)
-                .SingleOrDefault(pr => pr.Id == id);
+                .SingleOrDefault(pr => pr.Id == packageId);
         }
 
         public virtual Package FindPackageByIdAndVersion(
@@ -220,7 +224,7 @@ public virtual Package FindAbsoluteLatestPackageById(string id, int? semVerLevel
 
         public IEnumerable<Package> FindPackagesByOwner(User user, bool includeUnlisted, bool includeVersions = false)
         {
-            return GetPackagesForOwners(new [] { user.Key }, includeUnlisted, includeVersions);
+            return GetPackagesForOwners(new[] { user.Key }, includeUnlisted, includeVersions);
         }
 
         /// <summary>
@@ -348,7 +352,13 @@ public async Task PublishPackageAsync(Package package, bool commitChanges = true
         public async Task AddPackageOwnerAsync(PackageRegistration package, User newOwner)
         {
             package.Owners.Add(newOwner);
+
             await _packageRepository.CommitChangesAsync();
+
+            if (_securityPolicyService.IsSubscribed(newOwner, AutomaticallyOverwriteRequiredSignerPolicy.PolicyName))
+            {
+                await SetRequiredSignerAsync(package, newOwner);
+            }
         }
 
         public async Task RemovePackageOwnerAsync(PackageRegistration package, User user)
@@ -430,7 +440,7 @@ public async Task MarkPackageUnlistedAsync(Package package, bool commitChanges =
         private PackageRegistration CreateOrGetPackageRegistration(User owner, User currentUser, PackageMetadata packageMetadata, bool isVerified)
         {
             var packageRegistration = FindPackageRegistrationById(packageMetadata.Id);
-            
+
             if (packageRegistration == null)
             {
                 if (_packageNamingConflictValidator.IdConflictsWithExistingPackageTitle(packageMetadata.Id))
@@ -707,5 +717,126 @@ public virtual async Task UpdatePackageVerifiedStatusAsync(IReadOnlyCollection<P
                 await _packageRegistrationRepository.CommitChangesAsync();
             }
         }
+
+        /// <summary>
+        /// Asynchronously sets the signer as the required signer on all package registrations owned by the signer.
+        /// </summary>
+        /// <param name="signer">A user.</param>
+        /// <returns>A task that represents the asynchronous operation.</returns>
+        /// <exception cref="ArgumentNullException">Thrown if <paramref name="signer" /> is <c>null</c>.</exception>
+        public async Task SetRequiredSignerAsync(User signer)
+        {
+            if (signer == null)
+            {
+                throw new ArgumentNullException(nameof(signer));
+            }
+
+            var registrations = FindPackageRegistrationsByOwner(signer);
+            var auditRecords = new List<PackageRegistrationAuditRecord>();
+            var packageIds = new List<string>();
+            var isCommitRequired = false;
+
+            foreach (var registration in registrations)
+            {
+                string previousRequiredSigner = null;
+                string newRequiredSigner = null;
+
+                if (!registration.RequiredSigners.Contains(signer))
+                {
+                    previousRequiredSigner = registration.RequiredSigners.FirstOrDefault()?.Username;
+
+                    registration.RequiredSigners.Clear();
+
+                    isCommitRequired = true;
+
+                    registration.RequiredSigners.Add(signer);
+
+                    newRequiredSigner = signer.Username;
+
+                    var auditRecord = PackageRegistrationAuditRecord.CreateForSetRequiredSigner(
+                        registration,
+                        previousRequiredSigner,
+                        newRequiredSigner);
+
+                    auditRecords.Add(auditRecord);
+                    packageIds.Add(registration.Id);
+                }
+            }
+
+            if (isCommitRequired)
+            {
+                await _packageRegistrationRepository.CommitChangesAsync();
+
+                foreach (var auditRecord in auditRecords)
+                {
+                    await _auditingService.SaveAuditRecordAsync(auditRecord);
+                }
+
+                foreach (var packageId in packageIds)
+                {
+                    _telemetryService.TrackRequiredSignerSet(packageId);
+                }
+            }
+        }
+
+        /// <summary>
+        /// Asynchronously sets the signer as the required signer on a single package registration owned by the signer.
+        /// </summary>
+        /// <param name="registration">A package registration.</param>
+        /// <param name="signer">A user.  May be <c>null</c>.</param>
+        /// <returns>A task that represents the asynchronous operation.</returns>
+        /// <exception cref="ArgumentNullException">Thrown if <paramref name="registration" /> is <c>null</c>.</exception>
+        public async Task SetRequiredSignerAsync(PackageRegistration registration, User signer)
+        {
+            if (registration == null)
+            {
+                throw new ArgumentNullException(nameof(registration));
+            }
+
+            var isCommitRequired = false;
+
+            string previousRequiredSigner = null;
+            string newRequiredSigner = null;
+
+            if (signer == null)
+            {
+                var currentRequiredSigner = registration.RequiredSigners.FirstOrDefault();
+
+                if (currentRequiredSigner != null)
+                {
+                    previousRequiredSigner = currentRequiredSigner.Username;
+
+                    registration.RequiredSigners.Clear();
+
+                    isCommitRequired = true;
+                }
+            }
+            else if (!registration.RequiredSigners.Contains(signer))
+            {
+                previousRequiredSigner = registration.RequiredSigners.FirstOrDefault()?.Username;
+
+                registration.RequiredSigners.Clear();
+
+                isCommitRequired = true;
+
+                registration.RequiredSigners.Add(signer);
+
+                newRequiredSigner = signer.Username;
+            }
+
+            if (isCommitRequired)
+            {
+                await _packageRegistrationRepository.CommitChangesAsync();
+
+                var auditRecord = PackageRegistrationAuditRecord.CreateForSetRequiredSigner(
+                    registration,
+                    previousRequiredSigner,
+                    newRequiredSigner);
+
+                await _auditingService.SaveAuditRecordAsync(auditRecord);
+
+                _telemetryService.TrackRequiredSignerSet(registration.Id);
+            }
+        }
     }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery/Services/TelemetryService.cs b/src/NuGetGallery/Services/TelemetryService.cs
index 346c282c3b..063d9dc870 100644
--- a/src/NuGetGallery/Services/TelemetryService.cs
+++ b/src/NuGetGallery/Services/TelemetryService.cs
@@ -24,6 +24,8 @@ internal class Events
             public const string CredentialAdded = "CredentialAdded";
             public const string UserPackageDeleteCheckedAfterHours = "UserPackageDeleteCheckedAfterHours";
             public const string UserPackageDeleteExecuted = "UserPackageDeleteExecuted";
+            public const string UserMultiFactorAuthenticationEnabled = "UserMultiFactorAuthenticationEnabled";
+            public const string UserMultiFactorAuthenticationDisabled = "UserMultiFactorAuthenticationDisabled";
             public const string PackageReflow = "PackageReflow";
             public const string PackageUnlisted = "PackageUnlisted";
             public const string PackageListed = "PackageListed";
@@ -35,6 +37,10 @@ internal class Events
             public const string OrganizationTransformDeclined = "OrganizationTransformDeclined";
             public const string OrganizationTransformCancelled = "OrganizationTransformCancelled";
             public const string OrganizationAdded = "OrganizationAdded";
+            public const string CertificateAdded = "CertificateAdded";
+            public const string CertificateActivated = "CertificateActivated";
+            public const string CertificateDeactivated = "CertificateDeactivated";
+            public const string PackageRegistrationRequiredSignerSet = "PackageRegistrationRequiredSignerSet";
         }
 
         private IDiagnosticsSource _diagnosticsSource;
@@ -89,6 +95,9 @@ internal class Events
         public const string OrganizationAccountKey = "OrganizationAccountKey";
         public const string OrganizationIsRestrictedToOrganizationTenantPolicy = "OrganizationIsRestrictedToOrganizationTenantPolicy";
 
+        // Certificate properties
+        public const string Sha256Thumbprint = "Sha256Thumbprint";
+
         public TelemetryService(IDiagnosticsService diagnosticsService, ITelemetryClient telemetryClient = null)
         {
             if (diagnosticsService == null)
@@ -196,6 +205,13 @@ public void TrackNewUserRegistrationEvent(User user, Credential credential)
             TrackMetricForAccountActivity(Events.NewUserRegistration, user, credential);
         }
 
+        public void TrackUserChangedMultiFactorAuthentication(User user, bool enabledMultiFactorAuth)
+        {
+            TrackMetricForAccountActivity(enabledMultiFactorAuth ? Events.UserMultiFactorAuthenticationEnabled : Events.UserMultiFactorAuthenticationDisabled,
+                user,
+                credential: null);
+        }
+
         public void TrackNewCredentialCreated(User user, Credential credential)
         {
             TrackMetricForAccountActivity(Events.CredentialAdded, user, credential);
@@ -255,6 +271,33 @@ public void TrackPackageRevalidate(Package package)
             TrackMetricForPackage(Events.PackageRevalidate, package);
         }
 
+        public void TrackCertificateAdded(string thumbprint)
+        {
+            TrackMetricForCertificateActivity(Events.CertificateAdded, thumbprint);
+        }
+
+        public void TrackCertificateActivated(string thumbprint)
+        {
+            TrackMetricForCertificateActivity(Events.CertificateActivated, thumbprint);
+        }
+
+        public void TrackCertificateDeactivated(string thumbprint)
+        {
+            TrackMetricForCertificateActivity(Events.CertificateDeactivated, thumbprint);
+        }
+
+        public void TrackRequiredSignerSet(string packageId)
+        {
+            if (string.IsNullOrEmpty(packageId))
+            {
+                throw new ArgumentException(Strings.ArgumentCannotBeNullOrEmpty, nameof(packageId));
+            }
+
+            TrackMetric(Events.PackageRegistrationRequiredSignerSet, 1, properties => {
+                properties.Add(PackageId, packageId);
+            });
+        }
+
         public void TrackException(Exception exception, Action<Dictionary<string, string>> addProperties)
         {
             var telemetryProperties = new Dictionary<string, string>();
@@ -271,11 +314,6 @@ private void TrackMetricForAccountActivity(string eventName, User user, Credenti
                 throw new ArgumentNullException(nameof(user));
             }
 
-            if (credential == null)
-            {
-                throw new ArgumentNullException(nameof(credential));
-            }
-
             TrackMetric(eventName, 1, properties => {
                 properties.Add(ClientVersion, GetClientVersion());
                 properties.Add(ProtocolVersion, GetProtocolVersion());
@@ -284,6 +322,18 @@ private void TrackMetricForAccountActivity(string eventName, User user, Credenti
             });
         }
 
+        private void TrackMetricForCertificateActivity(string eventName, string thumbprint)
+        {
+            if (string.IsNullOrEmpty(thumbprint))
+            {
+                throw new ArgumentException(Strings.ArgumentCannotBeNullOrEmpty, nameof(thumbprint));
+            }
+
+            TrackMetric(eventName, 1, properties => {
+                properties.Add(Sha256Thumbprint, thumbprint);
+            });
+        }
+
         private static string GetClientVersion()
         {
             return HttpContext.Current?.Request?.Headers[Constants.ClientVersionHeaderName];
@@ -312,7 +362,7 @@ private static string GetAccountCreationDate(User user)
 
         private static string GetRegistrationMethod(Credential cred)
         {
-            return cred.Type;
+            return cred?.Type ?? "";
         }
 
         private static string GetApiKeyCreationDate(User user, IIdentity identity)
diff --git a/src/NuGetGallery/Services/UserService.cs b/src/NuGetGallery/Services/UserService.cs
index c71ddef8cf..9c159ae184 100644
--- a/src/NuGetGallery/Services/UserService.cs
+++ b/src/NuGetGallery/Services/UserService.cs
@@ -36,6 +36,8 @@ public class UserService : IUserService
 
         public IDateTimeProvider DateTimeProvider { get; protected set; }
 
+        public ITelemetryService TelemetryService { get; protected set; }
+
         protected UserService() { }
 
         public UserService(
@@ -48,7 +50,8 @@ public UserService(
             IContentObjectService contentObjectService,
             ISecurityPolicyService securityPolicyService,
             IDateTimeProvider dateTimeProvider,
-            ICredentialBuilder credentialBuilder)
+            ICredentialBuilder credentialBuilder,
+            ITelemetryService telemetryService)
             : this()
         {
             Config = config;
@@ -60,6 +63,7 @@ public UserService(
             ContentObjectService = contentObjectService;
             SecurityPolicyService = securityPolicyService;
             DateTimeProvider = dateTimeProvider;
+            TelemetryService = telemetryService;
         }
 
         public async Task<MembershipRequest> AddMembershipRequestAsync(Organization organization, string memberName, bool isAdmin)
@@ -214,12 +218,16 @@ public async Task<Membership> AddMemberAsync(Organization organization, string m
                     IsAdmin = request.IsAdmin
                 };
                 organization.Members.Add(membership);
+
+                await Auditing.SaveAuditRecordAsync(new UserAuditRecord(organization, AuditedUserAction.AddOrganizationMember, membership));
             }
             else
             {
                 // If the user is already a member, update the existing membership.
                 // If the request grants admin but this member is not an admin, grant admin to the member.
                 membership.IsAdmin = membership.IsAdmin || request.IsAdmin;
+
+                await Auditing.SaveAuditRecordAsync(new UserAuditRecord(organization, AuditedUserAction.UpdateOrganizationMember, membership));
             }
 
             await EntitiesContext.SaveChangesAsync();
@@ -247,6 +255,9 @@ public async Task<Membership> UpdateMemberAsync(Organization organization, strin
                 }
 
                 membership.IsAdmin = isAdmin;
+
+                await Auditing.SaveAuditRecordAsync(new UserAuditRecord(organization, AuditedUserAction.UpdateOrganizationMember, membership));
+
                 await EntitiesContext.SaveChangesAsync();
             }
 
@@ -273,6 +284,9 @@ public async Task<User> DeleteMemberAsync(Organization organization, string memb
             }
 
             organization.Members.Remove(membership);
+
+            await Auditing.SaveAuditRecordAsync(new UserAuditRecord(organization, AuditedUserAction.RemoveOrganizationMember, membership));
+
             await EntitiesContext.SaveChangesAsync();
 
             return memberToRemove;
@@ -338,18 +352,26 @@ public virtual IList<User> FindByUnconfirmedEmailAddress(string unconfirmedEmail
             }
         }
 
-        public virtual User FindByUsername(string username)
+        public virtual User FindByUsername(string username, bool includeDeleted = false)
         {
-            return UserRepository.GetAll()
-                .Include(u => u.Roles)
+            var users = UserRepository.GetAll();
+            if (!includeDeleted)
+            {
+                users = users.Where(u => !u.IsDeleted);
+            }
+            return users.Include(u => u.Roles)
                 .Include(u => u.Credentials)
                 .SingleOrDefault(u => u.Username == username);
         }
 
-        public virtual User FindByKey(int key)
+        public virtual User FindByKey(int key, bool includeDeleted = false)
         {
-            return UserRepository.GetAll()
-                .Include(u => u.Roles)
+            var users = UserRepository.GetAll();
+            if (!includeDeleted)
+            {
+                users = users.Where(u => !u.IsDeleted);
+            }
+            return users.Include(u => u.Roles)
                 .Include(u => u.Credentials)
                 .SingleOrDefault(u => u.Key == key);
         }
@@ -376,6 +398,14 @@ public async Task CancelChangeEmailAddress(User user)
             await UserRepository.CommitChangesAsync();
         }
 
+        public virtual async Task ChangeMultiFactorAuthentication(User user, bool enableMultiFactor)
+        {
+            user.EnableMultiFactorAuthentication = enableMultiFactor;
+            await UserRepository.CommitChangesAsync();
+
+            TelemetryService.TrackUserChangedMultiFactorAuthentication(user, enableMultiFactor);
+        }
+
         public async Task<IDictionary<int, string>> GetEmailAddressesForUserKeysAsync(IReadOnlyCollection<int> distinctUserKeys)
         {
             var results = await UserRepository.GetAll()
@@ -454,11 +484,6 @@ public bool CanTransformUserToOrganization(User accountToTransform, out string e
             {
                 errorReason = Strings.TransformAccount_AccountHasMemberships;
             }
-            else if (!ContentObjectService.LoginDiscontinuationConfiguration.AreOrganizationsSupportedForUser(accountToTransform))
-            {
-                errorReason = String.Format(CultureInfo.CurrentCulture,
-                    Strings.Organizations_NotSupportedForAccount, accountToTransform.Username);
-            }
 
             return errorReason == null;
         }
@@ -492,18 +517,17 @@ public bool CanTransformUserToOrganization(User accountToTransform, User adminUs
         public async Task<bool> TransformUserToOrganization(User accountToTransform, User adminUser, string token)
         {
             await SubscribeOrganizationToTenantPolicyIfTenantIdIsSupported(accountToTransform, adminUser);
-            
-            return await EntitiesContext.TransformUserToOrganization(accountToTransform, adminUser, token);
+            var result = await EntitiesContext.TransformUserToOrganization(accountToTransform, adminUser, token);
+            if (result)
+            {
+                await Auditing.SaveAuditRecordAsync(new UserAuditRecord(accountToTransform, AuditedUserAction.TransformOrganization, adminUser, affectedMemberIsAdmin: true));
+            }
+
+            return result;
         }
 
         public async Task<Organization> AddOrganizationAsync(string username, string emailAddress, User adminUser)
         {
-            if (!ContentObjectService.LoginDiscontinuationConfiguration.AreOrganizationsSupportedForUser(adminUser))
-            {
-                throw new EntityException(String.Format(CultureInfo.CurrentCulture,
-                    Strings.Organizations_NotSupportedForAccount, adminUser.Username));
-            }
-
             var existingUserWithIdentity = EntitiesContext.Users
                 .FirstOrDefault(u => u.Username == username || u.EmailAddress == emailAddress);
             if (existingUserWithIdentity != null)
@@ -538,6 +562,8 @@ public async Task<Organization> AddOrganizationAsync(string username, string ema
 
             await SubscribeOrganizationToTenantPolicyIfTenantIdIsSupported(organization, adminUser, commitChanges: false);
 
+            await Auditing.SaveAuditRecordAsync(new UserAuditRecord(organization, AuditedUserAction.AddOrganization, membership));
+
             await EntitiesContext.SaveChangesAsync();
 
             return organization;
diff --git a/src/NuGetGallery/Strings.Designer.cs b/src/NuGetGallery/Strings.Designer.cs
index 162f686c2c..fc0291249c 100644
--- a/src/NuGetGallery/Strings.Designer.cs
+++ b/src/NuGetGallery/Strings.Designer.cs
@@ -96,15 +96,6 @@ public static string AccountDelete_OrganizationDeleteNotImplemented {
             }
         }
         
-        /// <summary>
-        ///   Looks up a localized string similar to Account &apos;{0}&apos; cannot be deleted because it is a member of an organization. The user needs to be manually removed from any organizations before the account can be deleted..
-        /// </summary>
-        public static string AccountDelete_OrganizationMemberDeleteNotImplemented {
-            get {
-                return ResourceManager.GetString("AccountDelete_OrganizationMemberDeleteNotImplemented", resourceCulture);
-            }
-        }
-        
         /// <summary>
         ///   Looks up a localized string similar to The account:{0} was deleted succesfully..
         /// </summary>
@@ -125,7 +116,7 @@ public static string AccountDelete_SupportRequestTitle {
         
         /// <summary>
         ///   Looks up a localized string similar to The account with the email {0} is linked to another Microsoft account.
-        ///If you wish to update the linked Microsoft account you can do so from the account settings page..
+        ///If you would like to update the linked Microsoft account you can do so from the account settings page..
         /// </summary>
         public static string AccountIsLinkedToAnotherExternalAccount {
             get {
@@ -133,6 +124,15 @@ public static string AccountIsLinkedToAnotherExternalAccount {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to An exception was encoutered while trying to delete the account. Please contact support for assistance..
+        /// </summary>
+        public static string AccountSelfDelete_Fail {
+            get {
+                return ResourceManager.GetString("AccountSelfDelete_Fail", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to User &apos;{0}&apos; is already a member of this organization..
         /// </summary>
@@ -459,6 +459,15 @@ public static string ApiKeyUserAccountIsUnconfirmed {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to The argument cannot be null or empty..
+        /// </summary>
+        public static string ArgumentCannotBeNullOrEmpty {
+            get {
+                return ResourceManager.GetString("ArgumentCannotBeNullOrEmpty", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to The &apos;{0}&apos; authentication provider is disabled and cannot be used to authenticate
         ///.
@@ -532,6 +541,24 @@ public static string CannotRemoveOnlyLoginCredential {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to The certificate does not exist..
+        /// </summary>
+        public static string CertificateDoesNotExist {
+            get {
+                return ResourceManager.GetString("CertificateDoesNotExist", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to A certificate file is required..
+        /// </summary>
+        public static string CertificateFileIsRequired {
+            get {
+                return ResourceManager.GetString("CertificateFileIsRequired", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Failed to update the Microsoft account with &apos;{0}&apos;. This could happen if it is already linked to another NuGet account. Contact support for more information..
         /// </summary>
@@ -714,7 +741,7 @@ public static string DisplayPackage_SecurePushRequired {
         }
         
         /// <summary>
-        ///   Looks up a localized string similar to The email address &apos;{0}&apos; is being used..
+        ///   Looks up a localized string similar to The email address &apos;{0}&apos; is already in use by a different account..
         /// </summary>
         public static string EmailAddressBeingUsed {
             get {
@@ -1012,6 +1039,33 @@ public static string MissingRequiredConfigurationValue {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Two-factor authentication has been disabled for your account. Please close all sessions for Microsoft accounts before you log into {0} to prevent automatic enabling of this setting..
+        /// </summary>
+        public static string MultiFactorAuth_Disabled {
+            get {
+                return ResourceManager.GetString("MultiFactorAuth_Disabled", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Two-factor authentication is enabled for your account. It will be enforced the next time you log into {0}..
+        /// </summary>
+        public static string MultiFactorAuth_Enabled {
+            get {
+                return ResourceManager.GetString("MultiFactorAuth_Enabled", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to We noticed you used two-factor authentication for login. We have enabled your account to use two-factor authentication going forward..
+        /// </summary>
+        public static string MultiFactorAuth_LoginUpdate {
+            get {
+                return ResourceManager.GetString("MultiFactorAuth_LoginUpdate", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Multiple Credentials match &apos;{0}&apos; credential with Key {1}.
         /// </summary>
@@ -1363,6 +1417,69 @@ public static string RemoveOwner_NotOwner {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to At least one package owner has no certificate while at least one other package owner has at least one certificate, which means future package submissions may be unsigned or signed with any certificate registered to any owner..
+        /// </summary>
+        public static string RequiredSigner_AnyWithMixedResult {
+            get {
+                return ResourceManager.GetString("RequiredSigner_AnyWithMixedResult", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to All package owners have at least one certificate, which means future package submissions must be signed..
+        /// </summary>
+        public static string RequiredSigner_AnyWithSignedResult {
+            get {
+                return ResourceManager.GetString("RequiredSigner_AnyWithSignedResult", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to All package owners have at least one certificate, which means future package submissions must be signed..
+        /// </summary>
+        public static string RequiredSigner_AnyWithUnsignedResult {
+            get {
+                return ResourceManager.GetString("RequiredSigner_AnyWithUnsignedResult", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Are you sure you want to change the required signer for this package?.
+        /// </summary>
+        public static string RequiredSigner_Confirm {
+            get {
+                return ResourceManager.GetString("RequiredSigner_Confirm", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to &apos;{0}&apos; currently has at least one certificate, which means future package submissions must be signed..
+        /// </summary>
+        public static string RequiredSigner_OwnerHasAtLeastOneCertificate {
+            get {
+                return ResourceManager.GetString("RequiredSigner_OwnerHasAtLeastOneCertificate", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to &apos;{0}&apos; currently has no certificate, which means future package submissions must be unsigned..
+        /// </summary>
+        public static string RequiredSigner_OwnerHasNoCertificate {
+            get {
+                return ResourceManager.GetString("RequiredSigner_OwnerHasNoCertificate", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to This action will change the required signer to &apos;{0}&apos; for all future submissions for this package..
+        /// </summary>
+        public static string RequiredSigner_ThisAction {
+            get {
+                return ResourceManager.GetString("RequiredSigner_ThisAction", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to The namespace &apos;{0}&apos; contains invalid characters. Examples of valid namespaces include &apos;MyNamespace&apos; and &apos;MyNamespace.&apos;..
         /// </summary>
@@ -2047,6 +2164,60 @@ public static string UserPackageDeleteSupportRequestMessage {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to The file exceeds the size limit of {0} bytes..
+        /// </summary>
+        public static string ValidateCertificate_FileTooLarge {
+            get {
+                return ResourceManager.GetString("ValidateCertificate_FileTooLarge", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to The file must be a DER encoded binary X.509 certificate..
+        /// </summary>
+        public static string ValidateCertificate_InvalidEncoding {
+            get {
+                return ResourceManager.GetString("ValidateCertificate_InvalidEncoding", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to The file length is invalid..
+        /// </summary>
+        public static string ValidateCertificate_InvalidFileLength {
+            get {
+                return ResourceManager.GetString("ValidateCertificate_InvalidFileLength", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to The file extension must be {0}..
+        /// </summary>
+        public static string ValidateCertificate_InvalidFileType {
+            get {
+                return ResourceManager.GetString("ValidateCertificate_InvalidFileType", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to The file stream is invalid..
+        /// </summary>
+        public static string ValidateCertificate_InvalidStream {
+            get {
+                return ResourceManager.GetString("ValidateCertificate_InvalidStream", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to The file stream must be seekable..
+        /// </summary>
+        public static string ValidateCertificate_StreamMustBeSeekable {
+            get {
+                return ResourceManager.GetString("ValidateCertificate_StreamMustBeSeekable", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to User &apos;{0}&apos; does not have the rights to upload new versions of package &apos;{1}&apos;..
         /// </summary>
diff --git a/src/NuGetGallery/Strings.resx b/src/NuGetGallery/Strings.resx
index 8ec8012996..f44b2e4260 100644
--- a/src/NuGetGallery/Strings.resx
+++ b/src/NuGetGallery/Strings.resx
@@ -118,7 +118,7 @@
     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
   <data name="EmailAddressBeingUsed" xml:space="preserve">
-    <value>The email address '{0}' is being used.</value>
+    <value>The email address '{0}' is already in use by a different account.</value>
   </data>
   <data name="UsernameNotAvailable" xml:space="preserve">
     <value>The username '{0}' is not available.</value>
@@ -670,9 +670,6 @@ For more information, please contact '{2}'.</value>
   <data name="AccountDelete_OrganizationDeleteNotImplemented" xml:space="preserve">
     <value>Account '{0}' cannot be deleted because it is an organization. The organization must be manually migrated to a user account without memberships before the account can be deleted.</value>
   </data>
-  <data name="AccountDelete_OrganizationMemberDeleteNotImplemented" xml:space="preserve">
-    <value>Account '{0}' cannot be deleted because it is a member of an organization. The user needs to be manually removed from any organizations before the account can be deleted.</value>
-  </data>
   <data name="PackageIsLocked" xml:space="preserve">
     <value>Package '{0}' has been locked. This means you cannot publish a new version or change the listing status of a published package version. Please contact support@nuget.org.</value>
   </data>
@@ -729,7 +726,7 @@ For more information, please contact '{2}'.</value>
   </data>
   <data name="AccountIsLinkedToAnotherExternalAccount" xml:space="preserve">
     <value>The account with the email {0} is linked to another Microsoft account.
-If you wish to update the linked Microsoft account you can do so from the account settings page.</value>
+If you would like to update the linked Microsoft account you can do so from the account settings page.</value>
   </data>
   <data name="ChangeCredential_Failed" xml:space="preserve">
     <value>Failed to update the Microsoft account with '{0}'. This could happen if it is already linked to another NuGet account. Contact support for more information.</value>
@@ -845,4 +842,64 @@ If you wish to update the linked Microsoft account you can do so from the accoun
   <data name="Organizations_NotSupportedForAccount" xml:space="preserve">
     <value>Account '{0}' does not support organizations.</value>
   </data>
+  <data name="AccountSelfDelete_Fail" xml:space="preserve">
+    <value>An exception was encoutered while trying to delete the account. Please contact support for assistance.</value>
+  </data>
+  <data name="ValidateCertificate_FileTooLarge" xml:space="preserve">
+    <value>The file exceeds the size limit of {0} bytes.</value>
+  </data>
+  <data name="ValidateCertificate_InvalidEncoding" xml:space="preserve">
+    <value>The file must be a DER encoded binary X.509 certificate.</value>
+  </data>
+  <data name="ValidateCertificate_InvalidFileLength" xml:space="preserve">
+    <value>The file length is invalid.</value>
+  </data>
+  <data name="ValidateCertificate_InvalidFileType" xml:space="preserve">
+    <value>The file extension must be {0}.</value>
+  </data>
+  <data name="ValidateCertificate_InvalidStream" xml:space="preserve">
+    <value>The file stream is invalid.</value>
+  </data>
+  <data name="ValidateCertificate_StreamMustBeSeekable" xml:space="preserve">
+    <value>The file stream must be seekable.</value>
+  </data>
+  <data name="ArgumentCannotBeNullOrEmpty" xml:space="preserve">
+    <value>The argument cannot be null or empty.</value>
+  </data>
+  <data name="CertificateDoesNotExist" xml:space="preserve">
+    <value>The certificate does not exist.</value>
+  </data>
+  <data name="CertificateFileIsRequired" xml:space="preserve">
+    <value>A certificate file is required.</value>
+  </data>
+  <data name="MultiFactorAuth_Enabled" xml:space="preserve">
+    <value>Two-factor authentication is enabled for your account. It will be enforced the next time you log into {0}.</value>
+  </data>
+  <data name="MultiFactorAuth_LoginUpdate" xml:space="preserve">
+    <value>We noticed you used two-factor authentication for login. We have enabled your account to use two-factor authentication going forward.</value>
+  </data>
+  <data name="MultiFactorAuth_Disabled" xml:space="preserve">
+    <value>Two-factor authentication has been disabled for your account. Please close all sessions for Microsoft accounts before you log into {0} to prevent automatic enabling of this setting.</value>
+  </data>
+  <data name="RequiredSigner_AnyWithMixedResult" xml:space="preserve">
+    <value>At least one package owner has no certificate while at least one other package owner has at least one certificate, which means future package submissions may be unsigned or signed with any certificate registered to any owner.</value>
+  </data>
+  <data name="RequiredSigner_AnyWithSignedResult" xml:space="preserve">
+    <value>All package owners have at least one certificate, which means future package submissions must be signed.</value>
+  </data>
+  <data name="RequiredSigner_AnyWithUnsignedResult" xml:space="preserve">
+    <value>All package owners have at least one certificate, which means future package submissions must be signed.</value>
+  </data>
+  <data name="RequiredSigner_Confirm" xml:space="preserve">
+    <value>Are you sure you want to change the required signer for this package?</value>
+  </data>
+  <data name="RequiredSigner_OwnerHasAtLeastOneCertificate" xml:space="preserve">
+    <value>'{0}' currently has at least one certificate, which means future package submissions must be signed.</value>
+  </data>
+  <data name="RequiredSigner_OwnerHasNoCertificate" xml:space="preserve">
+    <value>'{0}' currently has no certificate, which means future package submissions must be unsigned.</value>
+  </data>
+  <data name="RequiredSigner_ThisAction" xml:space="preserve">
+    <value>This action will change the required signer to '{0}' for all future submissions for this package.</value>
+  </data>
 </root>
\ No newline at end of file
diff --git a/src/NuGetGallery/Telemetry/Obfuscator.cs b/src/NuGetGallery/Telemetry/Obfuscator.cs
index 4543d62ffd..d2c463f641 100644
--- a/src/NuGetGallery/Telemetry/Obfuscator.cs
+++ b/src/NuGetGallery/Telemetry/Obfuscator.cs
@@ -16,24 +16,28 @@ internal static class Obfuscator
 
         internal static readonly HashSet<string> ObfuscatedActions = new HashSet<string>(StringComparer.OrdinalIgnoreCase)
         {
-            "Organizations/ManageOrganization",
+            "Organizations/AddMember",
+            "Organizations/AddCertificate",
+            "Organizations/CancelMemberRequest",
             "Organizations/ChangeEmailSubscription",
+            "Organizations/ConfirmMemberRequest",
+            "Organizations/DeleteCertificate",
+            "Organizations/DeleteMember",
+            "Organizations/GetCertificate",
+            "Organizations/GetCertificates",
+            "Organizations/ManageOrganization",
+            "Organizations/RejectMemberRequest",
+            "Organizations/UpdateMember",
+            "Packages/CancelPendingOwnershipRequest",
             "Packages/ConfirmPendingOwnershipRequest",
             "Packages/RejectPendingOwnershipRequest",
-            "Packages/CancelPendingOwnershipRequest",
+            "Packages/SetRequiredSigner",
             "Users/Confirm",
             "Users/ConfirmTransform",
             "Users/Delete",
             "Users/Profiles",
-            "Users/ResetPassword",
-            "Users/ConfirmTransform",
             "Users/RejectTransform",
-            "Organizations/AddMember",
-            "Organizations/ConfirmMemberRequest",
-            "Organizations/RejectMemberRequest",
-            "Organizations/CancelMemberRequest",
-            "Organizations/UpdateMember",
-            "Organizations/DeleteMember",
+            "Users/ResetPassword",
         };
 
         internal static string DefaultObfuscatedUrl(Uri url)
diff --git a/src/NuGetGallery/UrlExtensions.cs b/src/NuGetGallery/UrlExtensions.cs
index 2558ca63b0..754073867e 100644
--- a/src/NuGetGallery/UrlExtensions.cs
+++ b/src/NuGetGallery/UrlExtensions.cs
@@ -485,6 +485,103 @@ public static string UploadPackageProgress(this UrlHelper url, bool relativeUrl
             return GetRouteLink(url, RouteName.UploadPackageProgress, relativeUrl);
         }
 
+        public static string AddUserCertificate(this UrlHelper url, bool relativeUrl = true)
+        {
+            return GetRouteLink(url, RouteName.AddUserCertificate, relativeUrl);
+        }
+
+        public static string GetUserCertificates(this UrlHelper url, bool relativeUrl = true)
+        {
+            return GetRouteLink(url, RouteName.GetUserCertificates, relativeUrl);
+        }
+
+        public static string AddOrganizationCertificate(this UrlHelper url, string accountName, bool relativeUrl = true)
+        {
+            return GetRouteLink(
+                url,
+                RouteName.AddOrganizationCertificate,
+                relativeUrl,
+                routeValues: new RouteValueDictionary
+                {
+                    { "accountName", accountName }
+                });
+        }
+
+        public static string GetOrganizationCertificates(this UrlHelper url, string accountName, bool relativeUrl = true)
+        {
+            return GetRouteLink(
+                url,
+                RouteName.GetOrganizationCertificates,
+                relativeUrl,
+                routeValues: new RouteValueDictionary
+                {
+                    { "accountName", accountName }
+                });
+        }
+
+        public static RouteUrlTemplate<string> DeleteUserCertificateTemplate(
+            this UrlHelper url,
+            bool relativeUrl = true)
+        {
+            var routesGenerator = new Dictionary<string, Func<string, object>>
+            {
+                { "thumbprint", x => x }
+            };
+
+            Func<RouteValueDictionary, string> linkGenerator = rv => GetRouteLink(
+                url,
+                RouteName.DeleteUserCertificate,
+                relativeUrl,
+                routeValues: rv);
+
+            return new RouteUrlTemplate<string>(linkGenerator, routesGenerator);
+        }
+
+        public static RouteUrlTemplate<string> DeleteOrganizationCertificateTemplate(
+            this UrlHelper url,
+            string accountName,
+            bool relativeUrl = true)
+        {
+            var routesGenerator = new Dictionary<string, Func<string, object>>
+            {
+                { "accountName", x => accountName },
+                { "thumbprint", x => x }
+            };
+
+            Func<RouteValueDictionary, string> linkGenerator = rv => GetRouteLink(
+                url,
+                RouteName.DeleteOrganizationCertificate,
+                relativeUrl,
+                routeValues: rv);
+
+            return new RouteUrlTemplate<string>(linkGenerator, routesGenerator);
+        }
+
+        /// <summary>
+        /// Initializes a package registration link that can be resolved at a later time.
+        /// 
+        /// Callers should only use this API if they need to generate many links, such as the ManagePackages view
+        /// does. This template reduces the calls to RouteCollection.GetVirtualPath which can be expensive. Callers
+        /// that only need a single link should call Url.Package instead.
+        public static RouteUrlTemplate<IPackageVersionModel> SetRequiredSignerTemplate(
+            this UrlHelper url,
+            bool relativeUrl = true)
+        {
+            var routesGenerator = new Dictionary<string, Func<IPackageVersionModel, object>>
+            {
+                { "id", p => p.Id },
+                { "username", p => "{username}" }
+            };
+
+            Func<RouteValueDictionary, string> linkGenerator = rv => GetRouteLink(
+                url,
+                RouteName.SetRequiredSigner,
+                relativeUrl,
+                routeValues: rv);
+
+            return new RouteUrlTemplate<IPackageVersionModel>(linkGenerator, routesGenerator);
+        }
+
         public static string User(
             this UrlHelper url,
             User user,
@@ -881,6 +978,18 @@ public static string DeleteOrganizationMember(this UrlHelper url, string account
                 });
         }
 
+        public static string DeleteOrganization(this UrlHelper url, string accountName, bool relativeUrl = true)
+        {
+            return GetActionLink(url,
+                "DeleteRequest",
+                "Organizations",
+                relativeUrl,
+                routeValues: new RouteValueDictionary
+                {
+                    { "accountName", accountName }
+                });
+        }
+
         public static string ManageMyPackages(this UrlHelper url, bool relativeUrl = true)
         {
             return GetActionLink(url, "Packages", "Users", relativeUrl);
@@ -1175,7 +1284,7 @@ public static string Authenticate(this UrlHelper url, string providerName, strin
                 {
                     { "provider", providerName },
                     { "returnUrl", returnUrl }
-                }, 
+                },
                 interceptReturnUrl: false);
         }
 
diff --git a/src/NuGetGallery/ViewModels/AccountViewModel.cs b/src/NuGetGallery/ViewModels/AccountViewModel.cs
index d5d5ac31ce..ab46258116 100644
--- a/src/NuGetGallery/ViewModels/AccountViewModel.cs
+++ b/src/NuGetGallery/ViewModels/AccountViewModel.cs
@@ -5,22 +5,25 @@
 
 namespace NuGetGallery
 {
+    public abstract class AccountViewModel<T> : AccountViewModel where T : User
+    {
+        public T Account { get; set; }
+
+        public override User User => Account;
+    }
+
     public abstract class AccountViewModel
     {
-        public User Account { get; set; }
+        public virtual User User { get; }
 
-        public bool IsOrganization
-        {
-            get
-            {
-                return Account is Organization;
-            }
-        }
+        public bool IsOrganization => User is Organization;
 
         public string AccountName { get; set; }
 
         public bool CanManage { get; set; }
 
+        public bool WasMultiFactorAuthenticated { get; set; }
+
         public IList<string> CuratedFeeds { get; set; }
 
         public ChangeEmailViewModel ChangeEmail { get; set; }
diff --git a/src/NuGetGallery/ViewModels/ChangePasswordViewModel.cs b/src/NuGetGallery/ViewModels/ChangePasswordViewModel.cs
index 1d6ed137d9..35f931130d 100644
--- a/src/NuGetGallery/ViewModels/ChangePasswordViewModel.cs
+++ b/src/NuGetGallery/ViewModels/ChangePasswordViewModel.cs
@@ -10,8 +10,8 @@ namespace NuGetGallery
     public class ChangePasswordViewModel
     {
         [Required]
-        [Display(Name = "Enable Password Login")]
-        public bool EnablePasswordLogin { get; set; }
+        [Display(Name = "Disable Password Login")]
+        public bool DisablePasswordLogin { get; set; }
 
         [Required]
         [Display(Name = "Current Password")]
diff --git a/src/NuGetGallery/ViewModels/DeleteAccountViewModel.cs b/src/NuGetGallery/ViewModels/DeleteAccountViewModel.cs
index 1923d3ee3b..6654c8de51 100644
--- a/src/NuGetGallery/ViewModels/DeleteAccountViewModel.cs
+++ b/src/NuGetGallery/ViewModels/DeleteAccountViewModel.cs
@@ -4,25 +4,51 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using NuGetGallery.Areas.Admin;
+using NuGetGallery.Areas.Admin.Models;
 
 namespace NuGetGallery
 {
-    public class DeleteAccountViewModel
+    public class DeleteAccountViewModel<TAccount> : DeleteAccountViewModel where TAccount : User
+    {
+        public DeleteAccountViewModel(
+            TAccount accountToDelete,
+            User currentUser,
+            IPackageService packageService,
+            Func<ListPackageItemViewModel, bool> packageIsOrphaned)
+            : base(accountToDelete, currentUser, packageService, packageIsOrphaned)
+        {
+            Account = accountToDelete;
+        }
+
+        public TAccount Account { get; set; }
+    }
+
+    public class DeleteAccountViewModel : IDeleteAccountViewModel
     {
         private Lazy<bool> _hasOrphanPackages;
 
-        public DeleteAccountViewModel()
+        public DeleteAccountViewModel(
+            User userToDelete,
+            User currentUser,
+            IPackageService packageService,
+            Func<ListPackageItemViewModel, bool> packageIsOrphaned)
         {
-            _hasOrphanPackages = new Lazy<bool>(() => Packages.Any(p => p.HasSingleOwner));
-        }
+            User = userToDelete;
 
-        public List<ListPackageItemViewModel> Packages { get; set; }
+            Packages = packageService
+                 .FindPackagesByAnyMatchingOwner(User, includeUnlisted: true)
+                 .Select(p => new ListPackageItemViewModel(p, currentUser))
+                 .ToList();
 
-        public User User { get; set; }
+            _hasOrphanPackages = new Lazy<bool>(() => Packages.Any(packageIsOrphaned));
+        }
+
+        public List<ListPackageItemViewModel> Packages { get; }
 
-        public string AccountName { get; set; }
+        public User User { get; }
 
-        public bool HasPendingRequests { get; set; }
+        public string AccountName => User.Username;
 
         public bool HasOrphanPackages
         {
@@ -32,4 +58,11 @@ public bool HasOrphanPackages
             }
         }
     }
+
+    public interface IDeleteAccountViewModel
+    {
+        string AccountName { get; }
+
+        bool HasOrphanPackages { get; }
+    }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery/ViewModels/DeleteOrganizationViewModel.cs b/src/NuGetGallery/ViewModels/DeleteOrganizationViewModel.cs
new file mode 100644
index 0000000000..af9ef7b12a
--- /dev/null
+++ b/src/NuGetGallery/ViewModels/DeleteOrganizationViewModel.cs
@@ -0,0 +1,26 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.Linq;
+
+namespace NuGetGallery
+{
+    public class DeleteOrganizationViewModel : DeleteAccountViewModel<Organization>
+    {
+        public DeleteOrganizationViewModel(
+            Organization organizationToDelete, 
+            User currentUser, 
+            IPackageService packageService)
+            : base(organizationToDelete, currentUser, packageService, p => p.HasSingleOrganizationOwner)
+        {
+            AdditionalMembers = organizationToDelete.Members
+                .Where(m => !m.Member.MatchesUser(currentUser))
+                .Select(m => new OrganizationMemberViewModel(m));
+        }
+        
+        public IEnumerable<OrganizationMemberViewModel> AdditionalMembers { get; set; }
+
+        public bool HasAdditionalMembers => AdditionalMembers.Any();
+    }
+}
\ No newline at end of file
diff --git a/src/NuGetGallery/ViewModels/DeleteUserViewModel.cs b/src/NuGetGallery/ViewModels/DeleteUserViewModel.cs
new file mode 100644
index 0000000000..6871b49f62
--- /dev/null
+++ b/src/NuGetGallery/ViewModels/DeleteUserViewModel.cs
@@ -0,0 +1,34 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.Linq;
+using NuGetGallery.Areas.Admin;
+using NuGetGallery.Areas.Admin.Models;
+
+namespace NuGetGallery
+{
+    public class DeleteUserViewModel : DeleteAccountViewModel<User>
+    {
+        public DeleteUserViewModel(
+            User userToDelete,
+            User currentUser,
+            IPackageService packageService,
+            ISupportRequestService supportRequestService)
+            : base(userToDelete, currentUser, packageService, p => p.HasSingleUserOwner)
+        {
+            Organizations = userToDelete.Organizations
+                .Select(u => new ManageOrganizationsItemViewModel(u, packageService));
+
+            HasPendingRequests = supportRequestService.GetIssues()
+                .Where(issue => 
+                    (issue.UserKey.HasValue && issue.UserKey.Value == userToDelete.Key) &&
+                    string.Equals(issue.IssueTitle, Strings.AccountDelete_SupportRequestTitle) &&
+                    issue.Key != IssueStatusKeys.Resolved).Any();
+        }
+
+        public IEnumerable<ManageOrganizationsItemViewModel> Organizations { get; }
+
+        public bool HasPendingRequests { get; }
+    }
+}
\ No newline at end of file
diff --git a/src/NuGetGallery/ViewModels/ListCertificateItemViewModel.cs b/src/NuGetGallery/ViewModels/ListCertificateItemViewModel.cs
new file mode 100644
index 0000000000..adb32ac690
--- /dev/null
+++ b/src/NuGetGallery/ViewModels/ListCertificateItemViewModel.cs
@@ -0,0 +1,26 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace NuGetGallery
+{
+    public sealed class ListCertificateItemViewModel
+    {
+        public string Sha1Thumbprint { get; }
+        public bool CanDelete { get; }
+        public string DeleteUrl { get; }
+
+        public ListCertificateItemViewModel(Certificate certificate, string deleteUrl)
+        {
+            if (certificate == null)
+            {
+                throw new ArgumentNullException(nameof(certificate));
+            }
+
+            Sha1Thumbprint = certificate.Sha1Thumbprint;
+            CanDelete = !string.IsNullOrEmpty(deleteUrl);
+            DeleteUrl = deleteUrl;
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/NuGetGallery/ViewModels/ListPackageItemRequiredSignerViewModel.cs b/src/NuGetGallery/ViewModels/ListPackageItemRequiredSignerViewModel.cs
new file mode 100644
index 0000000000..80a8bac8ec
--- /dev/null
+++ b/src/NuGetGallery/ViewModels/ListPackageItemRequiredSignerViewModel.cs
@@ -0,0 +1,190 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using NuGetGallery.Security;
+
+namespace NuGetGallery
+{
+    public sealed class ListPackageItemRequiredSignerViewModel : ListPackageItemViewModel
+    {
+        // username must be an empty string because <select /> option values are based on username
+        // and this "user" must be distinguishable from an account named "Any" and any other user;  null won't work.
+        private static readonly SignerViewModel AnySigner = 
+            new SignerViewModel(username: "", displayText: "Any");
+
+        public SignerViewModel RequiredSigner { get; set; }
+        public string RequiredSignerMessage { get; set; }
+        public IEnumerable<SignerViewModel> AllSigners { get; set; }
+        public bool ShowRequiredSigner { get; set; }
+        public bool ShowTextBox { get; set; }
+        public bool CanEditRequiredSigner { get; set; }
+
+        public ListPackageItemRequiredSignerViewModel(
+            Package package,
+            User currentUser,
+            ISecurityPolicyService securityPolicyService,
+            bool wasMultiFactorAuthenticated)
+            : base(package, currentUser)
+        {
+            if (package == null)
+            {
+                throw new ArgumentNullException(nameof(package));
+            }
+
+            if (currentUser == null)
+            {
+                throw new ArgumentNullException(nameof(currentUser));
+            }
+
+            if (securityPolicyService == null)
+            {
+                throw new ArgumentNullException(nameof(securityPolicyService));
+            }
+
+            var owners = package.PackageRegistration?.Owners ?? Enumerable.Empty<User>();
+
+            if (owners.Any())
+            {
+                ShowRequiredSigner = true;
+
+                var currentUserCanManageRequiredSigner = false;
+                var currentUserHasRequiredSignerControl = false;
+                var noOwnerHasRequiredSignerControl = true;
+
+                foreach (var owner in owners)
+                {
+                    if (!currentUserCanManageRequiredSigner &&
+                        ActionsRequiringPermissions.ManagePackageRequiredSigner.CheckPermissions(currentUser, owner, package)
+                            == PermissionsCheckResult.Allowed)
+                    {
+                        currentUserCanManageRequiredSigner = true;
+                    }
+
+                    if (!currentUserHasRequiredSignerControl)
+                    {
+                        if (securityPolicyService.IsSubscribed(owner, ControlRequiredSignerPolicy.PolicyName))
+                        {
+                            noOwnerHasRequiredSignerControl = false;
+
+                            if (owner == currentUser)
+                            {
+                                currentUserHasRequiredSignerControl = true;
+                            }
+                            else
+                            {
+                                currentUserHasRequiredSignerControl = (owner as Organization)?.GetMembershipOfUser(currentUser)?.IsAdmin ?? false;
+                            }
+                        }
+                    }
+                }
+
+                CanEditRequiredSigner = currentUserCanManageRequiredSigner &&
+                    (currentUserHasRequiredSignerControl || noOwnerHasRequiredSignerControl);
+
+                var requiredSigner = package.PackageRegistration?.RequiredSigners.FirstOrDefault();
+
+                if (requiredSigner == null)
+                {
+                    if (owners.Count() == 1)
+                    {
+                        RequiredSigner = Convert(owners.Single());
+                    }
+                    else
+                    {
+                        RequiredSigner = AnySigner;
+                    }
+                }
+                else
+                {
+                    RequiredSigner = Convert(requiredSigner);
+                }
+
+                if (CanEditRequiredSigner)
+                {
+                    if (owners.Count() == 1)
+                    {
+                        if (requiredSigner != null && requiredSigner != currentUser)
+                        {
+                            // Suppose users A and B own a package and user A is the required signer.
+                            // Then suppose user A removes herself as package owner.
+                            // User B must be able to change the required signer.
+                            AllSigners = new[] { RequiredSigner, Convert(currentUser) };
+                        }
+                        else
+                        {
+                            AllSigners = Enumerable.Empty<SignerViewModel>();
+                            CanEditRequiredSigner = false;
+                            ShowTextBox = true;
+                        }
+                    }
+                    else
+                    {
+                        AllSigners = new[] { AnySigner }.Concat(owners.Select(owner => Convert(owner)));
+                    }
+                }
+                else
+                {
+                    AllSigners = new[] { RequiredSigner };
+
+                    var ownersWithRequiredSignerControl = owners.Where(
+                        owner => securityPolicyService.IsSubscribed(owner, ControlRequiredSignerPolicy.PolicyName));
+
+                    RequiredSignerMessage = GetRequiredSignerMessage(ownersWithRequiredSignerControl);
+                }
+
+                CanEditRequiredSigner &= wasMultiFactorAuthenticated;
+            }
+        }
+
+        private static SignerViewModel Convert(User user)
+        {
+            if (user == null)
+            {
+                return null;
+            }
+
+            var certificatesCount = user.UserCertificates.Count();
+            var displayText = $"{user.Username} ({certificatesCount} certificate{(certificatesCount == 1 ? string.Empty : "s")})";
+
+            return new SignerViewModel(user.Username, displayText, certificatesCount > 0);
+        }
+
+        private static string GetRequiredSignerMessage(IEnumerable<User> users)
+        {
+            var count = users.Count();
+
+            if (count == 0)
+            {
+                return null;
+            }
+
+            var builder = new StringBuilder();
+
+            builder.AppendFormat("The signing owner is managed by the ");
+
+            if (count == 1)
+            {
+                builder.Append($"'{users.Single().Username}' account.");
+            }
+            else if (count == 2)
+            {
+                builder.Append($"'{users.First().Username}' and '{users.Last().Username}' accounts.");
+            }
+            else
+            {
+                foreach (var user in users.Take(count - 1))
+                {
+                    builder.Append($"'{user.Username}', ");
+                }
+
+                builder.Append($"and '{users.Last().Username}' accounts.");
+            }
+
+            return builder.ToString();
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/NuGetGallery/ViewModels/ListPackageItemViewModel.cs b/src/NuGetGallery/ViewModels/ListPackageItemViewModel.cs
index f68d9ff7ef..e2ccab3401 100644
--- a/src/NuGetGallery/ViewModels/ListPackageItemViewModel.cs
+++ b/src/NuGetGallery/ViewModels/ListPackageItemViewModel.cs
@@ -3,6 +3,7 @@
 
 using System.Collections.Generic;
 using System.Linq;
+using System.Text;
 using NuGetGallery.Helpers;
 
 namespace NuGetGallery
@@ -12,6 +13,8 @@ public class ListPackageItemViewModel : PackageViewModel
         private const int _descriptionLengthLimit = 300;
         private const string _omissionString = "...";
 
+        private string _signatureInformation;
+
         public ListPackageItemViewModel(Package package, User currentUser)
             : base(package)
         {
@@ -45,6 +48,18 @@ public ListPackageItemViewModel(Package package, User currentUser)
         public string ShortDescription { get; set; }
         public bool IsDescriptionTruncated { get; set; }
         public bool? IsVerified { get; set; }
+        public string SignatureInformation
+        {
+            get
+            {
+                if (CanDisplayPrivateMetadata && _signatureInformation == null)
+                {
+                    _signatureInformation = GetSignerInformation();
+                }
+
+                return _signatureInformation;
+            }
+        }
 
         public bool UseVersion
         {
@@ -57,7 +72,7 @@ public bool UseVersion
             }
         }
 
-        public bool HasSingleOwner
+        public bool HasSingleUserOwner
         {
             get
             {
@@ -81,6 +96,8 @@ public bool HasSingleOwner
             }
         }
 
+        public bool HasSingleOrganizationOwner => Owners.Distinct().Count() < 2;
+
         public bool CanDisplayPrivateMetadata { get; set; }
         public bool CanEdit { get; set; }
         public bool CanUnlistOrRelist { get; set; }
@@ -92,5 +109,43 @@ private static bool CanPerformAction(User currentUser, Package package, ActionRe
         {
             return action.CheckPermissionsOnBehalfOfAnyAccount(currentUser, package) == PermissionsCheckResult.Allowed;
         }
+
+        private string GetSignerInformation()
+        {
+            if (_package.Certificate == null)
+            {
+                return null;
+            }
+
+            var owners = _package.PackageRegistration?.Owners ?? Enumerable.Empty<User>();
+            var signers = owners.Where(owner => owner.UserCertificates.Any(uc => uc.CertificateKey == _package.CertificateKey));
+            var signersCount = signers.Count();
+
+            var builder = new StringBuilder();
+
+            builder.Append($"Signed with");
+
+            if (signersCount == 1)
+            {
+                builder.Append($" {signers.Single().Username}'s");
+            }
+            else if (signersCount == 2)
+            {
+                builder.Append($" {signers.First().Username} and {signers.Last().Username}'s");
+            }
+            else if (signersCount != 0)
+            {
+                foreach (var signer in signers.Take(signersCount - 1))
+                {
+                    builder.Append($" {signer.Username},");
+                }
+
+                builder.Append($" and {signers.Last().Username}'s");
+            }
+
+            builder.Append($" certificate ({_package.Certificate.Sha1Thumbprint})");
+
+            return builder.ToString();
+        }
     }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery/ViewModels/ManagePackagesListViewModel.cs b/src/NuGetGallery/ViewModels/ManagePackagesListViewModel.cs
index a75438ff11..cc67127315 100644
--- a/src/NuGetGallery/ViewModels/ManagePackagesListViewModel.cs
+++ b/src/NuGetGallery/ViewModels/ManagePackagesListViewModel.cs
@@ -1,5 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
 using System.Collections.Generic;
 
 namespace NuGetGallery
diff --git a/src/NuGetGallery/ViewModels/ManagePackagesViewModel.cs b/src/NuGetGallery/ViewModels/ManagePackagesViewModel.cs
index 1d233e6cda..f4995ea4e2 100644
--- a/src/NuGetGallery/ViewModels/ManagePackagesViewModel.cs
+++ b/src/NuGetGallery/ViewModels/ManagePackagesViewModel.cs
@@ -7,14 +7,18 @@ namespace NuGetGallery
 {
     public class ManagePackagesViewModel
     {
+        public virtual User User { get; set; }
+
         public IEnumerable<ListPackageOwnerViewModel> Owners { get; set; }
 
-        public IEnumerable<ListPackageItemViewModel> ListedPackages { get; set; }
+        public IEnumerable<ListPackageItemRequiredSignerViewModel> ListedPackages { get; set; }
 
-        public IEnumerable<ListPackageItemViewModel> UnlistedPackages { get; set; }
+        public IEnumerable<ListPackageItemRequiredSignerViewModel> UnlistedPackages { get; set; }
 
         public OwnerRequestsViewModel OwnerRequests { get; set; }
 
         public ReservedNamespaceListViewModel ReservedNamespaces { get; set; }
+
+        public bool WasMultiFactorAuthenticated { get; set; }
     }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery/ViewModels/OrganizationAccountViewModel.cs b/src/NuGetGallery/ViewModels/OrganizationAccountViewModel.cs
index 19d35750ce..ca1a3b8d52 100644
--- a/src/NuGetGallery/ViewModels/OrganizationAccountViewModel.cs
+++ b/src/NuGetGallery/ViewModels/OrganizationAccountViewModel.cs
@@ -5,10 +5,12 @@
 
 namespace NuGetGallery
 {
-    public class OrganizationAccountViewModel : AccountViewModel
+    public class OrganizationAccountViewModel : AccountViewModel<Organization>
     {
         public IEnumerable<OrganizationMemberViewModel> Members { get; set; }
 
         public bool RequiresTenant { get; set; }
+
+        public bool CanManageMemberships { get; set; }
     }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery/ViewModels/OrganizationMemberViewModel.cs b/src/NuGetGallery/ViewModels/OrganizationMemberViewModel.cs
index bc6fa8f9c3..344dd6b79b 100644
--- a/src/NuGetGallery/ViewModels/OrganizationMemberViewModel.cs
+++ b/src/NuGetGallery/ViewModels/OrganizationMemberViewModel.cs
@@ -9,32 +9,29 @@ namespace NuGetGallery
     public class OrganizationMemberViewModel
     {
         public OrganizationMemberViewModel(Membership membership)
+            : this(membership?.Member)
         {
-            var member = membership?.Member ?? throw new ArgumentNullException(nameof(membership));
-
-            Username = member.Username;
             IsAdmin = membership.IsAdmin;
             Pending = false;
-            GravatarUrl = GravatarHelper.Url(member.EmailAddress, Constants.GravatarElementSize);
         }
 
         public OrganizationMemberViewModel(MembershipRequest request)
+            : this(request?.NewMember)
         {
-            if (request == null)
-            {
-                throw new ArgumentNullException(nameof(request));
-            }
+            IsAdmin = request.IsAdmin;
+            Pending = true;
+        }
 
-            var member = request.NewMember;
+        private OrganizationMemberViewModel(User member)
+        {
             if (member == null)
             {
-                throw new ArgumentNullException(nameof(request.NewMember));
+                throw new ArgumentNullException(nameof(member));
             }
 
             Username = member.Username;
-            IsAdmin = request.IsAdmin;
-            Pending = true;
-            GravatarUrl = GravatarHelper.Url(member.EmailAddress, Constants.GravatarElementSize);
+            EmailAddress = member.EmailAddress;
+            GravatarUrl = GravatarHelper.Url(EmailAddress, Constants.GravatarElementSize);
         }
 
         public string Username { get; }
@@ -43,6 +40,8 @@ public OrganizationMemberViewModel(MembershipRequest request)
 
         public bool Pending { get; }
 
+        public string EmailAddress { get; }
+
         public string GravatarUrl { get; }
     }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery/ViewModels/PackageHeadingModel.cs b/src/NuGetGallery/ViewModels/PackageHeadingModel.cs
index 9ad26512f4..8646dc7a0b 100644
--- a/src/NuGetGallery/ViewModels/PackageHeadingModel.cs
+++ b/src/NuGetGallery/ViewModels/PackageHeadingModel.cs
@@ -11,6 +11,7 @@ public class PackageHeadingModel
         public string Id { get; }
         public string Version { get; }
         public bool ShowProfileBreadcrumb { get; }
+
         public string PackageDisplay
         {
             get
@@ -25,6 +26,7 @@ public string PackageDisplay
                 }
             }
         }
+
         public bool LinkIdOnly => string.IsNullOrEmpty(Version);
 
         public PackageHeadingModel(User currentUser, Package package, string pageHeading, bool linkIdOnly = false)
diff --git a/src/NuGetGallery/ViewModels/PackageManagerViewModel.cs b/src/NuGetGallery/ViewModels/PackageManagerViewModel.cs
index 5c78a6073f..7905f8f2cb 100644
--- a/src/NuGetGallery/ViewModels/PackageManagerViewModel.cs
+++ b/src/NuGetGallery/ViewModels/PackageManagerViewModel.cs
@@ -27,5 +27,22 @@ public class PackageManagerViewModel
         /// A string that represents the command used to install a specific package.
         /// </summary>
         public string InstallPackageCommand { get; set; }
+
+        /// <summary>
+        /// The alert message that contains clarifications about the command/scenario
+        /// </summary>
+        public string AlertMessage { get; set; }
+
+        /// <summary>
+        /// The level with which the above message will be displayed.
+        /// </summary>
+        public AlertLevel AlertLevel { get; set; }
+    }
+
+    public enum AlertLevel
+    {
+        None,
+        Info,
+        Warning
     }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery/ViewModels/PackageViewModel.cs b/src/NuGetGallery/ViewModels/PackageViewModel.cs
index 02c9b8cd6c..a82a939b09 100644
--- a/src/NuGetGallery/ViewModels/PackageViewModel.cs
+++ b/src/NuGetGallery/ViewModels/PackageViewModel.cs
@@ -1,35 +1,38 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using NuGet.Versioning;
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using NuGet.Versioning;
 
 namespace NuGetGallery
 {
     public class PackageViewModel : IPackageVersionModel
     {
-        private readonly Package _package;
-        private readonly bool _isSemVer2;
+        protected readonly Package _package;
         private string _pendingTitle;
-        private string _fullVersion;
 
         private readonly PackageStatus _packageStatus;
         internal readonly NuGetVersion NuGetVersion;
 
         public PackageViewModel(Package package)
         {
+            if (package == null)
+            {
+                throw new ArgumentNullException(nameof(package));
+            }
+
             _package = package;
 
-            _fullVersion = NuGetVersionFormatter.ToFullStringOrFallback(package.Version, fallback: package.Version);
-            _isSemVer2 = package.SemVerLevelKey == SemVerLevelKey.SemVer2;
+            FullVersion = NuGetVersionFormatter.ToFullStringOrFallback(package.Version, fallback: package.Version);
+            IsSemVer2 = package.SemVerLevelKey == SemVerLevelKey.SemVer2;
 
             Version = String.IsNullOrEmpty(package.NormalizedVersion) ?
                 NuGetVersionFormatter.Normalize(package.Version) :
                 package.NormalizedVersion;
 
-            NuGetVersion = NuGetVersion.Parse(_fullVersion);
+            NuGetVersion = NuGetVersion.Parse(FullVersion);
 
             Description = package.Description;
             ReleaseNotes = package.ReleaseNotes;
@@ -43,6 +46,7 @@ public PackageViewModel(Package package)
             LatestStableVersionSemVer2 = package.IsLatestStableSemVer2;
             LastUpdated = package.Published;
             Listed = package.Listed;
+            IsDotnetToolPackageType = package.PackageTypes.Any(e => e.Name.Equals("DotnetTool", StringComparison.OrdinalIgnoreCase));
             _packageStatus = package.PackageStatusKey;
             DownloadCount = package.DownloadCount;
             Prerelease = package.IsPrerelease;
@@ -71,6 +75,7 @@ public PackageViewModel(Package package)
         public bool Prerelease { get; set; }
         public int DownloadCount { get; set; }
         public bool Listed { get; set; }
+        public bool IsDotnetToolPackageType { get; set; }
         public bool FailedValidation => _packageStatus == PackageStatus.FailedValidation;
         public bool Available => _packageStatus == PackageStatus.Available;
         public bool Validating => _packageStatus == PackageStatus.Validating;
@@ -87,8 +92,8 @@ public string Id
         }
 
         public string Version { get; set; }
-        public string FullVersion => _fullVersion;
-        public bool IsSemVer2 => _isSemVer2;
+        public string FullVersion { get; }
+        public bool IsSemVer2 { get; }
 
         public string Title
         {
diff --git a/src/NuGetGallery/ViewModels/SignerViewModel.cs b/src/NuGetGallery/ViewModels/SignerViewModel.cs
new file mode 100644
index 0000000000..59e8d4cdac
--- /dev/null
+++ b/src/NuGetGallery/ViewModels/SignerViewModel.cs
@@ -0,0 +1,19 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace NuGetGallery
+{
+    public sealed class SignerViewModel
+    {
+        public string Username { get; }
+        public string DisplayText { get; }
+        public bool? HasCertificate { get; }
+
+        public SignerViewModel(string username, string displayText, bool? hasCertificate = null)
+        {
+            Username = username;
+            DisplayText = displayText;
+            HasCertificate = hasCertificate;
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/NuGetGallery/ViewModels/ThirdPartyPackageManagerViewModel.cs b/src/NuGetGallery/ViewModels/ThirdPartyPackageManagerViewModel.cs
index ae51115852..befeecfce8 100644
--- a/src/NuGetGallery/ViewModels/ThirdPartyPackageManagerViewModel.cs
+++ b/src/NuGetGallery/ViewModels/ThirdPartyPackageManagerViewModel.cs
@@ -14,5 +14,12 @@ public class ThirdPartyPackageManagerViewModel : PackageManagerViewModel
         /// for support.
         /// </summary>
         public string ContactUrl { get; set; }
+
+        public ThirdPartyPackageManagerViewModel(string contactUrl)
+        {
+            ContactUrl = contactUrl;
+            AlertLevel = AlertLevel.Warning;
+            AlertMessage = string.Format("The NuGet Team does not provide support for this client. Please contact its <a href=\"{0}\">maintainers</a> for support.", contactUrl);
+        }
     }
 }
\ No newline at end of file
diff --git a/src/NuGetGallery/ViewModels/UserAccountViewModel.cs b/src/NuGetGallery/ViewModels/UserAccountViewModel.cs
index 2957a2360f..ea8b113b51 100644
--- a/src/NuGetGallery/ViewModels/UserAccountViewModel.cs
+++ b/src/NuGetGallery/ViewModels/UserAccountViewModel.cs
@@ -5,7 +5,7 @@
 
 namespace NuGetGallery
 {
-    public class UserAccountViewModel : AccountViewModel
+    public class UserAccountViewModel : AccountViewModel<User>
     {
         public ChangePasswordViewModel ChangePassword { get; set; }
 
diff --git a/src/NuGetGallery/ViewModels/UserProfileModel.cs b/src/NuGetGallery/ViewModels/UserProfileModel.cs
index 11ea43c523..e988347d01 100644
--- a/src/NuGetGallery/ViewModels/UserProfileModel.cs
+++ b/src/NuGetGallery/ViewModels/UserProfileModel.cs
@@ -30,6 +30,7 @@ public UserProfileModel(User user, User currentUser, List<ListPackageItemViewMod
             PagedPackages = AllPackages.Skip(PackagePageSize * pageIndex)
                                        .Take(PackagePageSize).ToList();
 
+            CanManageAccount = ActionsRequiringPermissions.ManageAccount.CheckPermissions(currentUser, user) == PermissionsCheckResult.Allowed;
             CanViewAccount = ActionsRequiringPermissions.ViewAccount.CheckPermissions(currentUser, user) == PermissionsCheckResult.Allowed;
         }
 
@@ -45,6 +46,7 @@ public UserProfileModel(User user, User currentUser, List<ListPackageItemViewMod
         public int PackagePage { get; private set; }
         public int PackagePageSize { get; private set; }
         public IPreviousNextPager Pager { get; private set; }
+        public bool CanManageAccount { get; private set; }
         public bool CanViewAccount { get; private set; }
 
         public bool UserIsOrganization
diff --git a/src/NuGetGallery/Views/Authentication/LinkExternal.cshtml b/src/NuGetGallery/Views/Authentication/LinkExternal.cshtml
index aa6b04c789..1f4a8af66f 100644
--- a/src/NuGetGallery/Views/Authentication/LinkExternal.cshtml
+++ b/src/NuGetGallery/Views/Authentication/LinkExternal.cshtml
@@ -8,16 +8,16 @@
 }
 
 <section role="main" class="container main-container page-sign-in">
-    <div class="row">
-        <div class="col-xs-12">
-            <h1 class="text-center">Link @Model.External.ProviderAccountNoun</h1>
+    @if (Model.External.FoundExistingUser)
+    {
+        <div class="row">
+            <div class="col-xs-12">
+                <h1 class="text-center">Link @Model.External.ProviderAccountNoun</h1>
+            </div>
         </div>
-    </div>
-    <div class="row">
-        <div class="@ViewHelpers.GetColumnClasses(ViewBag)">
-            @if (Model.External.FoundExistingUser)
-            {
-                if (Model.External.ExistingUserCanBeLinked)
+        <div class="row">
+            <div class="@ViewHelpers.GetColumnClasses(ViewBag)">
+                @if (Model.External.ExistingUserCanBeLinked)
                 {
                     <p class="text-center">
                         We found an account with this email address. Sign in with your NuGet.org password to link with this Microsoft account.
@@ -29,7 +29,7 @@
                         Please <a href="mailto:@Config.Current.GalleryOwner.Address">contact support</a> if you need more assistance.
                     </p>
 
-                    @Html.Partial("_SignIn", Model);
+                    @Html.Partial("_SignIn", Model)
                 }
                 else
                 {
@@ -40,7 +40,7 @@
                                 The account with the email @Model.SignIn.UserNameOrEmail is linked to another Microsoft account.
                             </p>
                             <p class="text-center">
-                                If you wish to update the linked Microsoft account you can do so from the account settings page.
+                                If you would like to update the linked Microsoft account you can do so from the account settings page.
                             </p>
                             break;
                         case AssociateExternalAccountViewModel.ExistingUserLinkingErrorType.AccountIsOrganization:
@@ -48,7 +48,7 @@
                                 The email @Model.SignIn.UserNameOrEmail is linked to an organization.
                             </p>
                             <p class="text-center">
-                                If you wish to manage the organization account, you must sign in as one of its admins.
+                                If you would like to manage the organization account, you must sign in as one of its admins.
                             </p>
                             break;
                         default:
@@ -62,9 +62,18 @@
                         Please <a href="mailto:@Config.Current.GalleryOwner.Address">contact support</a> if you need more assistance.
                     </p>
                 }
-            }
-            else
-            {
+            </div>
+        </div>
+    }
+    else
+    {
+        <div class="row">
+            <div class="col-xs-12">
+                <h1 class="text-center">Register @Model.External.ProviderAccountNoun</h1>
+            </div>
+        </div>
+        <div class="row">
+            <div class="@ViewHelpers.GetColumnClasses(ViewBag)">
                 <p class="text-center">
                     Looks like we don't have an account with this email address (@Model.Register.EmailAddress) in our records.
                 </p>
@@ -72,8 +81,8 @@
                     Please provide a username so that we can create an account for you!
                 </p>
 
-                @Html.Partial("_Register", Model);
-            }
+                @Html.Partial("_Register", Model)
+            </div>
         </div>
-    </div>
+    }
 </section>
\ No newline at end of file
diff --git a/src/NuGetGallery/Views/Authentication/SignIn.cshtml b/src/NuGetGallery/Views/Authentication/SignIn.cshtml
index 2ad71927d4..1ec3d2d40b 100644
--- a/src/NuGetGallery/Views/Authentication/SignIn.cshtml
+++ b/src/NuGetGallery/Views/Authentication/SignIn.cshtml
@@ -43,13 +43,15 @@
                     </a>
                 </div>
             </div>
-            <div class="row text-center create-provider-account">
-                    <span>
-                        <a href="#" id="signin-assistance">Need assistance signing in?</a>
-                    </span>
-            </div>
+            <br/>
         }
 
+        <div class="row text-center create-provider-account">
+            <span>
+                <a href="#" id="signin-assistance">Need assistance signing in?</a>
+            </span>
+        </div>
+
         <div class="row nuget-signin">
             <div class="@ViewHelpers.GetColumnClasses(ViewBag) text-center">
                 <p class="text-center">
diff --git a/src/NuGetGallery/Views/Authentication/_SigninAssistance.cshtml b/src/NuGetGallery/Views/Authentication/_SigninAssistance.cshtml
index 4a87517ef0..ca025810f6 100644
--- a/src/NuGetGallery/Views/Authentication/_SigninAssistance.cshtml
+++ b/src/NuGetGallery/Views/Authentication/_SigninAssistance.cshtml
@@ -24,7 +24,7 @@
                             <div class="text-row">
                                 <label for="newOwnerUserName">Please enter the username</label>
                                 <input type="text" id="usernameForAssistance" name="usernameForAssistance" data-bind="value: usernameForAssistance" aria-required="true" class="form-control" />
-                                <div class="text-danger form-error-message" id="warning-message" data-bind="text: message"></div>
+                                <div class="text-danger form-error-message" data-bind="text: message"></div>
                             </div>
                         </div>
                         <div class="form-button-node username-submit">
@@ -40,7 +40,7 @@
                             <div class="text-row">
                                 <input class="form-control" type="text" id="emailAddress" name="emailAddress" data-bind="value: inputEmailAddress" aria-required="true" />
                             </div>
-                            <div class="text-danger form-error-message" id="warning-message" data-bind="text: message"></div>
+                            <div class="text-danger form-error-message" data-bind="text: message"></div>
                         </div>
                         <div class="form-button-node email-submit">
                             <input type="submit" class="btn btn-primary btn-block action-button" data-bind="click: sendEmailNotification" value="Next" />
diff --git a/src/NuGetGallery/Views/Organizations/Add.cshtml b/src/NuGetGallery/Views/Organizations/Add.cshtml
index 0ecd62ed93..5b43377fd8 100644
--- a/src/NuGetGallery/Views/Organizations/Add.cshtml
+++ b/src/NuGetGallery/Views/Organizations/Add.cshtml
@@ -17,7 +17,7 @@
     <div class="row">
         <div class="@ViewHelpers.GetColumnClasses(ViewBag)">
             @ViewHelpers.OrganizationsBreadcrumb(Url, CurrentUser, true, @<text>Add</text>)
-            <p class="text-center">
+            <p>
                 Organizations allow you to manage and publish packages as a team or a group. <a href="https://go.microsoft.com/fwlink/?linkid=870439">Learn more.</a>
             </p>
             @if (errorMessage != null)
@@ -41,15 +41,15 @@
                         <div class="form-group @Html.HasErrorFor(m => m.OrganizationName)" id="@organizationNameTextGroupId">
                             @Html.ShowLabelFor(m => m.OrganizationName)
                             @Html.ShowTextBoxFor(m => m.OrganizationName)
-                            @Html.ShowValidationMessagesFor(m => m.OrganizationName)
                             <span class="ms-font-s">This will be your organization account on <i id="@organizationNameTextId">@Url.User("{username}", relativeUrl: false)</i>.</span>
+                            @Html.ShowValidationMessagesFor(m => m.OrganizationName)
                         </div>
 
                         <div class="form-group @Html.HasErrorFor(m => m.OrganizationEmailAddress)" id="@emailBoxGroupId">
                             @Html.ShowLabelFor(m => m.OrganizationEmailAddress)
                             @Html.ShowTextBoxFor(m => m.OrganizationEmailAddress)
-                            @Html.ShowValidationMessagesFor(m => m.OrganizationEmailAddress)
                             <span class="ms-font-s">Users can contact your organization at this email address.</span>
+                            @Html.ShowValidationMessagesFor(m => m.OrganizationEmailAddress)
                         </div>
 
                         <div class="form-group row">
diff --git a/src/NuGetGallery/Views/Organizations/DeleteAccount.cshtml b/src/NuGetGallery/Views/Organizations/DeleteAccount.cshtml
new file mode 100644
index 0000000000..064ee2a1e3
--- /dev/null
+++ b/src/NuGetGallery/Views/Organizations/DeleteAccount.cshtml
@@ -0,0 +1,83 @@
+@model DeleteOrganizationViewModel
+@{
+    ViewBag.Title = "Delete Organization " + Model.AccountName;
+    ViewBag.MdPageColumns = Constants.ColumnsFormMd;
+    Layout = "~/Views/Shared/Gallery/Layout.cshtml";
+}
+
+<section role="main" class="container main-container page-delete-account">
+    <div class="form-group">
+        <div class="form-group package-controls">
+            @ViewHelpers.OrganizationsBreadcrumb(
+                Url, 
+                CurrentUser, 
+                true, 
+                @<text><a href="@Url.ManageMyOrganization(Model.AccountName)">@Model.AccountName</a></text>, 
+                @<text>Delete</text>)
+
+            @ViewHelpers.AlertWarning(@<text><strong class="keywords">Important</strong>
+                Once your organization is deleted you cannot undo it. <a href="https://go.microsoft.com/fwlink/?linkid=862770">Read more.</a>
+                </text>)
+            <p>
+                When your organization is deleted we will:<br />
+                <ul>
+                    <li>Remove your organization from ownership of any packages.</li>
+                    <li>Remove your organization from ownership of any ID prefix reservations and delete any ID prefix reservations that your organization was the only owner of.</li>
+                    <li>Not delete the NuGet packages associated with the organization.</li>
+                </ul>
+            </p>
+            @if (Model.HasOrphanPackages || Model.HasAdditionalMembers)
+            {
+                if (Model.HasOrphanPackages)
+                {
+                    <p>
+                        Before deleting your organization, you must transfer ownership of any package where you are the sole owner, using the <i>manage owners</i> <i class="ms-Icon ms-Icon--People" aria-hidden="true"></i> button for that package below. Read more about <a href="https://go.microsoft.com/fwlink/?linkid=862794">Manage package owners.</a>
+                    </p>
+                    @Html.Partial("~/Views/Users/_UserPackagesListForDeletedAccount.cshtml", Model)
+                }
+
+                if (Model.HasAdditionalMembers)
+                {
+                    <p>
+                        Before deleting your organization, you must remove any other members from it using the <a href="@Url.ManageMyOrganization(Model.AccountName)">manage organization</a> page.
+                    </p>
+                    @Html.Partial("_OrganizationMembersListForDeletedAccount", Model)
+                }
+            }
+            else
+            {
+                <div class="form-group danger-zone">
+                    <text>
+                        @using (Html.BeginForm("RequestAccountDeletion", "Organizations", FormMethod.Post, new { id = "delete-organization" }))
+                        {
+                            @Html.AntiForgeryToken()
+                            <p>
+                                <strong>By proceeding, I understand that I am relinquishing my organization's ownership of any packages and any package ID prefix reservations.</strong>
+                            </p>
+                            <div class="row form-group">
+                                <div class="col-sm-6">
+                                    <input type="submit" class="btn btn-primary btn-danger form-control" id="delete-organization" value="Delete organization" />
+                                </div>
+                                <div class="col-sm-6">
+                                    <a href="@Url.Home()" role="button" class="btn btn-default form-control" id="cancel-delete-organization">Cancel</a>
+                                </div>
+                            </div>
+                        }
+                    </text>
+                </div>
+            }
+        </div>
+    </div>
+</section>
+
+@section BottomScripts {
+    <script type="text/javascript">
+        $(function () {
+            $('#delete-organization').submit(function(e) {
+                if (!confirm('Are you sure you want to continue to delete this organization?')) {
+                    e.preventDefault();
+                }
+            });
+        });
+    </script>
+}
\ No newline at end of file
diff --git a/src/NuGetGallery/Views/Organizations/ManageOrganization.cshtml b/src/NuGetGallery/Views/Organizations/ManageOrganization.cshtml
index 730e41d3a1..2da1705216 100644
--- a/src/NuGetGallery/Views/Organizations/ManageOrganization.cshtml
+++ b/src/NuGetGallery/Views/Organizations/ManageOrganization.cshtml
@@ -1,6 +1,8 @@
 @model OrganizationAccountViewModel
 @using Newtonsoft.Json;
 @{
+    var account = Model.Account;
+
     ViewBag.Title = "Manage Organization";
     Layout = "~/Views/Shared/Gallery/Layout.cshtml";
 
@@ -8,9 +10,7 @@
 }
 
 <section role="main" class="container main-container page-manage-organizations">
-    <form id="AntiForgeryForm">
-        @Html.AntiForgeryToken()
-    </form>
+    @ViewHelpers.AjaxAntiForgeryToken(Html)
     <div class="row">
         <div class="col-md-12">
             @ViewHelpers.OrganizationsBreadcrumb(
@@ -21,9 +21,42 @@
         </div>
 
         <div class="@ViewHelpers.GetColumnClasses(ViewBag)">
-            @if (!Model.CanManage)
-            {
-                @ViewHelpers.AlertInfo(@<text>You are a collaborator of this organization. Only administrators can make changes.</text>);
+            @{
+                string membershipString;
+
+                var membership = Model.Account.GetMembershipOfUser(CurrentUser);
+                if (membership == null)
+                {
+                    membershipString = "You are not a member of this organization.";
+                }
+                else
+                {
+                    membershipString = membership.IsAdmin ?
+                        "You are an administrator of this organization." :
+                        "You are a collaborator of this organization.";
+                }
+
+                var permissionsString = "";
+                if (Model.CanManage)
+                {
+                    if (!Model.CanManageMemberships)
+                    {
+                        permissionsString = "You must be an administrator to change its members.";
+                    }
+                }
+                else
+                {
+                    permissionsString = Model.CanManageMemberships ?
+                        "You must be an administrator to make changes to its email settings and profile picture." :
+                        "You must be an administrator to make changes to it.";
+                }
+
+                if (!string.IsNullOrEmpty(permissionsString))
+                {
+                    permissionsString = " " + permissionsString;
+                }
+
+                @ViewHelpers.AlertInfo(@<text>@membershipString@permissionsString</text>)
             }
 
             @Html.Partial("_AccountConfirmationNotices", Model)
@@ -34,9 +67,34 @@
 
             @Html.Partial("_AccountProfilePicture", Model)
 
-            @Html.Partial("_OrganizationAccountManageMembers", Model)
+            <div id="manage-organization-members-container">
+                @Html.Partial("_OrganizationAccountManageMembers", Model)
+            </div>
 
             @Html.Partial("_AccountCuratedFeeds", Model)
+
+            @Html.Partial("_AccountCertificates", Model)
+
+            @if (Model.CanManage)
+            {
+                @ViewHelpers.Section(this,
+                    "delete-organization",
+                    @<text>Delete</text>,
+                    @<text>Delete this organization</text>,
+                    @<text>
+                        <div class="row form-group">
+                            <div class="col-sm-6">
+                                <a role="button" href="@Url.DeleteOrganization(Model.AccountName)"
+                                    class="btn btn-primary form-control">Delete</a>
+                            </div>
+                            <div class="col-sm-6">
+                                <a href="#" role="button" class="btn btn-default form-control" id="cancel-delete-organization">
+                                    Cancel
+                                </a>
+                            </div>
+                        </div>
+                    </text>)
+            }
         </div>
     </div>
 </section>
@@ -62,5 +120,16 @@
         }));
     </script>
     @ViewHelpers.SectionsScript(this);
+    @Scripts.Render("~/Scripts/gallery/certificates.js")
     @Scripts.Render("~/Scripts/gallery/page-manage-organization.min.js")
-}
+
+    <script type="text/javascript">
+        CertificatesManagement.init('@Url.AddOrganizationCertificate(account.Username)', '@Url.GetOrganizationCertificates(account.Username)');
+    </script>
+
+    <script type="text/html" id="validation-errors">
+        <div data-bind="foreach:$data" class="validation-error-message-list">
+            @ViewHelpers.AlertDanger(@<text><span data-bind="text:$data"></span></text>)
+        </div>
+    </script>
+}
\ No newline at end of file
diff --git a/src/NuGetGallery/Views/Organizations/_OrganizationAccountManageMembers.cshtml b/src/NuGetGallery/Views/Organizations/_OrganizationAccountManageMembers.cshtml
index 30e9a41e86..c8e847142a 100644
--- a/src/NuGetGallery/Views/Organizations/_OrganizationAccountManageMembers.cshtml
+++ b/src/NuGetGallery/Views/Organizations/_OrganizationAccountManageMembers.cshtml
@@ -16,8 +16,7 @@
 
 <script type="text/html" id="error-container">
     <p class="role-description" data-bind="visible: !Error()">
-        <span data-bind="text: NewMemberRoleDescription"></span>
-        <a href="https://go.microsoft.com/fwlink/?linkid=870439">Learn more.</a>
+        <span data-bind="text: NewMemberRoleDescription"></span>&nbsp;<a href="https://go.microsoft.com/fwlink/?linkid=870439#managing-organization-members">Learn more.</a>
     </p>
     <!-- ko if: Error -->
     @ViewHelpers.AlertDanger(@<text><span data-bind="html: Error"></span></text>)
@@ -27,34 +26,39 @@
 <script type="text/html" id="manage-members">
     <div class="col-md-12 manage-members-listing">
         <div class="panel-collapse collapse in" aria-expanded="true">
-            @if (Model.RequiresTenant)
-            {
-                @ViewHelpers.AlertInfo(@<text>Membership to this organization is restricted to users from the AAD tenant determined by its email address.</text>)
-            }
-            @if (Model.CanManage)
+            <div class="alert-container">
+                @if (Model.RequiresTenant)
+                {
+                    @ViewHelpers.AlertInfo(@<text>Membership to this organization is restricted to users from the AAD tenant determined by its email address.</text>)
+                }
+            </div>
+            @if (Model.CanManageMemberships)
             {
                 <div class="input-group col-xs-12">
-                    <div class="col-xs-8 icon-left heading-right">
-                        <input id="new-member-textbox" class="form-control" placeholder="Add existing NuGet.org user" data-bind="textInput: NewMemberUsername, submit: AddMember" aria-label="Enter username to add member"  />
-                    </div>
-                    <div class="col-xs-3 heading-left heading-right">
-                        <select class="form-control" data-bind="value: AddMemberRole, options: RoleNames" aria-label="Select new member role">
-                        </select>
-                    </div>
-                    <div class="text-center align-middle col-xs-1">
-                        <button class="btn" type="submit" title="Add new member" aria-label="Add new member" data-bind="click: AddMember">Add</button>
+                    <div class="row">
+                        <div class="col-xs-8">
+                            <input id="new-member-textbox" class="form-control" placeholder="Add existing NuGet.org user" data-bind="textInput: NewMemberUsername, submit: AddMember" aria-label="Enter username to add member"  />
+                        </div>
+                        <div class="col-xs-3">
+                            <select class="form-control" data-bind="value: AddMemberRole, options: RoleNames" aria-label="Select new member role">
+                            </select>
+                        </div>
+                        <div class="text-right col-xs-1">
+                            <button class="btn" type="submit" title="Add new member" aria-label="Add new member" data-bind="click: AddMember">Add</button>
+                        </div>
                     </div>
                 </div>
-                <div class="icon-left icon-right" data-bind="template: 'error-container'"></div>
+                <div data-bind="template: 'error-container'"></div>
             }
-            <table class="table">
-                <tbody data-bind="foreach: Members">
-                    <tr>
-                        <td class="align-middle row-center icon-left hidden-xs col-xs-1">
-                            <img data-bind="attr: { src: GravatarUrl, title: Username }" class="owner-image" alt="gravatar"
-                                 height="@Constants.GravatarElementSize" width="@Constants.GravatarElementSize">
-                        </td>
-                        <td class="align-middle heading-right row-center col-xs-8 col-sm-7">
+            <div class="member-item" data-bind="foreach: Members">
+                <hr data-bind="visible: $index()" />
+                <div class="row">
+                    <div class="col-xs-1 hidden-xs">
+                        <img data-bind="attr: { src: GravatarUrl, title: Username }" class="owner-image" alt="gravatar"
+                                height="36" width="36">
+                    </div>
+                    <div class="col-xs-8 col-sm-7 member-column">
+                        <div>
                             <a title="View Member Profile" data-bind="attr: { href: ProfileUrl }">
                                 <span data-bind="text: Username"></span>
                             </a>
@@ -64,31 +68,33 @@
                             <!-- ko if: Pending -->
                             <i>(pending)</i>
                             <!-- /ko -->
-                        </td>
-                        <td class="align-middle heading-left heading-right row-center col-xs-3">
-                            @if (Model.CanManage)
-                            {
-                                <select class="form-control" aria-label="Change member role"
-                                        data-bind="value: SelectedRole, options: OrganizationViewModel.RoleNames, event: { change: ToggleIsAdmin }">
-                                </select>
-                            }
-                            else
-                            {
-                                <span data-bind="text: SelectedRole()"></span>
-                            }
-                        </td>
-                        <!-- ko if: IsCurrentUser || @(Model.CanManage ? "true" : "false") -->
-                        <td class="text-center align-middle heading-right row-center col-xs-1">
+                        </div>
+                    </div>
+                    <div class="col-xs-3">
+                        @if (Model.CanManageMemberships)
+                        {
+                            <select class="form-control" aria-label="Change member role"
+                                    data-bind="value: SelectedRole, options: OrganizationViewModel.RoleNames, event: { change: ToggleIsAdmin }">
+                            </select>
+                        }
+                        else
+                        {
+                            <span data-bind="text: SelectedRole()"></span>
+                        }
+                    </div>
+                    <!-- ko if: IsCurrentUser || @(Model.CanManageMemberships ? "true" : "false") -->
+                    <div class="col-xs-1 text-right member-column">
+                        <div>
                             <span>
                                 <button class="btn-link" data-bind="click: DeleteMember, attr: { 'aria-label': 'Delete Member' }">
                                     <i class="ms-Icon ms-Icon--Cancel" aria-hidden="true"></i>
                                 </button>
                             </span>
-                        </td>
-                        <!-- /ko -->
-                    </tr>
-                </tbody>
-            </table>
+                        </div>
+                    </div>
+                    <!-- /ko -->
+                </div>
+            </div>
         </div>
     </div>
 </script>
diff --git a/src/NuGetGallery/Views/Organizations/_OrganizationMembersListForDeletedAccount.cshtml b/src/NuGetGallery/Views/Organizations/_OrganizationMembersListForDeletedAccount.cshtml
new file mode 100644
index 0000000000..fff8d4112e
--- /dev/null
+++ b/src/NuGetGallery/Views/Organizations/_OrganizationMembersListForDeletedAccount.cshtml
@@ -0,0 +1,33 @@
+@model DeleteOrganizationViewModel
+
+<div class="row user-package-list align-left">
+    <div class="col-md-12 align-left ">
+        <div class="panel-collapse collapse in" id="packages-Packages" aria-expanded="true">
+            <div class="list-packages" role="list">
+                <table class="table align-left">
+                    <thead>
+                        <tr class="manage-package-headings">
+                            <th class="hidden-xs"></th>
+                            <th>Username</th>
+                            <th>Membership</th>
+                        </tr>
+                    </thead>
+                    <tbody>
+                        @foreach (var member in @Model.AdditionalMembers)
+                        {
+                            <tr class="manage-package-listing">
+                                <td class="align-middle hidden-xs">
+                                    @GravatarHelper.Image(member.EmailAddress, 32)
+                                </td>
+                                <td class="align-middle package-id">
+                                    <a href="@Url.User(member.Username)">@member.Username.Abbreviate(35)</a>
+                                </td>
+                                <td class="align-middle text-nowrap">@(member.IsAdmin ? "Administrator" : "Collaborator")</td>
+                            </tr>
+                        }
+                    </tbody>
+                </table>
+            </div>
+        </div>
+    </div>
+</div>
\ No newline at end of file
diff --git a/src/NuGetGallery/Views/Packages/ConfirmOwner.cshtml b/src/NuGetGallery/Views/Packages/ConfirmOwner.cshtml
index 48697707e7..5855d74615 100644
--- a/src/NuGetGallery/Views/Packages/ConfirmOwner.cshtml
+++ b/src/NuGetGallery/Views/Packages/ConfirmOwner.cshtml
@@ -71,7 +71,7 @@
                 @* Note that we're not confirming that a request even exists for this user, it's just a string compare against the name in the URL *@
                 @ViewHelpers.AlertDanger(
                     @<text>
-                        This request link is for the user '@Model.Username'. If you wish to accept it,
+                        This request link is for the user '@Model.Username'. If you would like to accept it,
                         please sign in as that user and click the link again.
                     </text>
                 )
diff --git a/src/NuGetGallery/Views/Packages/Delete.cshtml b/src/NuGetGallery/Views/Packages/Delete.cshtml
index f0f734de13..858ca51222 100644
--- a/src/NuGetGallery/Views/Packages/Delete.cshtml
+++ b/src/NuGetGallery/Views/Packages/Delete.cshtml
@@ -55,7 +55,7 @@
                                        new
                                        {
                                            @class = "form-control",
-                                           title = "Selection A Version...",
+                                           title = "Select a version",
                                            id = "input-select-version"
                                        })
                     </div>
diff --git a/src/NuGetGallery/Views/Packages/DisplayPackage.cshtml b/src/NuGetGallery/Views/Packages/DisplayPackage.cshtml
index f5cfc46f37..472c7255f1 100644
--- a/src/NuGetGallery/Views/Packages/DisplayPackage.cshtml
+++ b/src/NuGetGallery/Views/Packages/DisplayPackage.cshtml
@@ -6,34 +6,54 @@
 
     var absolutePackageUrl = Url.Absolute(Url.Package(Model.Id));
 
-    var packageManagers = new PackageManagerViewModel[]
+    PackageManagerViewModel[] packageManagers;
+
+    if (Model.IsDotnetToolPackageType)
     {
-        new PackageManagerViewModel()
+        packageManagers = new PackageManagerViewModel[]
         {
-            Id = "package-manager",
-            Name = "Package Manager",
-            CommandPrefix = "PM> ",
-            InstallPackageCommand = string.Format("Install-Package {0} -Version {1}", Model.Id, Model.Version)
-        },
-
-        new PackageManagerViewModel()
+            new PackageManagerViewModel()
+            {
+                Id = "dotnet-cli",
+                Name = ".NET CLI",
+                CommandPrefix = "> ",
+                InstallPackageCommand = string.Format("dotnet tool install --global {0} --version {1}", Model.Id, Model.Version),
+                AlertLevel = AlertLevel.Info,
+                AlertMessage = string.Format("This package contains a <a href=\"{0}\">.NET Core Global Tool</a> you can call from the shell/command line.", "https://aka.ms/global-tools"),
+            }
+        };
+    }
+    else
+    {
+        packageManagers = new PackageManagerViewModel[]
         {
-            Id = "dotnet-cli",
-            Name = ".NET CLI",
-            CommandPrefix = "> ",
-            InstallPackageCommand = string.Format("dotnet add package {0} --version {1}", Model.Id, Model.Version)
-        },
+            new PackageManagerViewModel()
+            {
+                Id = "package-manager",
+                Name = "Package Manager",
+                CommandPrefix = "PM> ",
+                InstallPackageCommand = string.Format("Install-Package {0} -Version {1}", Model.Id, Model.Version)
+            },
 
-        new ThirdPartyPackageManagerViewModel()
-        {
-            Id = "paket-cli",
-            Name = "Paket CLI",
-            CommandPrefix = "> ",
-            InstallPackageCommand = string.Format("paket add {0} --version {1}", Model.Id, Model.Version),
-            ContactUrl = "https://fsprojects.github.io/Paket/contact.html"
-        },
-    };
+            new PackageManagerViewModel()
+            {
+                Id = "dotnet-cli",
+                Name = ".NET CLI",
+                CommandPrefix = "> ",
+                InstallPackageCommand = string.Format("dotnet add package {0} --version {1}", Model.Id, Model.Version)
+            },
+
+            new ThirdPartyPackageManagerViewModel("https://fsprojects.github.io/Paket/contact.html")
+            {
+                Id = "paket-cli",
+                Name = "Paket CLI",
+                CommandPrefix = "> ",
+                InstallPackageCommand = string.Format("paket add {0} --version {1}", Model.Id, Model.Version),
+            }
+        };
+    }
 }
+
 @section SocialMeta {
     @if (!String.IsNullOrWhiteSpace(ViewBag.FacebookAppID))
     {
@@ -96,20 +116,30 @@
                 </button>
             </div>
         </div>
-        @if (thirdPartyPackageManager != null)
+
+        @switch (packageManager.AlertLevel)
         {
-            @ViewHelpers.AlertWarning(
-                @<text>
-                    The NuGet Team does not provide support for this client.
-                    Please contact its <a href="@thirdPartyPackageManager.ContactUrl">maintainers</a> for support.
-                </text>)
+            case AlertLevel.Info:
+                @ViewHelpers.AlertInfo(
+                    @<text>
+                        @Html.Raw(packageManager.AlertMessage)
+                    </text>);
+                break;
+            case AlertLevel.Warning:
+                @ViewHelpers.AlertWarning(
+                    @<text>
+                        @Html.Raw(packageManager.AlertMessage)
+                    </text>);
+                break;
+            default:
+                break;
         }
     </div>
 }
 
 <section role="main" class="container main-container page-package-details">
     <div class="row">
-        <aside class="col-sm-1">
+        <aside aria-label="Package icon" class="col-sm-1">
             <h3>
                 <img class="package-icon img-responsive" aria-hidden="true" alt=""
                      src="@(PackageHelper.ShouldRenderUrl(Model.IconUrl) ? Model.IconUrl : Url.Absolute("~/Content/gallery/img/default-package-icon.svg"))"
@@ -384,7 +414,7 @@
                 <table class="table borderless">
                     <thead>
                         <tr>
-                            <th>Version</th>
+                            <th colspan="2">Version</th>
                             <th>Downloads</th>
                             <th>Last updated</th>
                             @if (Model.CanDisplayPrivateMetadata)
@@ -409,13 +439,19 @@
                                 rowCount++;
                                 @VersionListDivider(rowCount, versionsExpanded)
                                 <tr>
+                                    <td class="signature-info-cell">
+                                        @if (packageVersion.CanDisplayPrivateMetadata && !string.IsNullOrEmpty(packageVersion.SignatureInformation))
+                                        {
+                                            <i class="ms-Icon ms-Icon--Ribbon signature-info" title="@packageVersion.SignatureInformation"></i>
+                                        }
+                                    </td>
                                     <td>
-                                        <a href="@Url.Package(packageVersion)">
+                                        <a href="@Url.Package(packageVersion)" title="@packageVersion.FullVersion">
                                             <b>
-                                                @packageVersion.FullVersion.Abbreviate(15)
+                                                @packageVersion.FullVersion.Abbreviate(30)
                                                 @if (packageVersion.IsCurrent(Model))
                                                 {
-                                                    @:(current version)
+                                                    @:(current)
                                                 }
                                             </b>
                                         </a>
@@ -427,7 +463,9 @@
                                         <span data-datetime="@packageVersion.LastUpdated.ToString("O")">@packageVersion.LastUpdated.ToNuGetShortDateString()</span>
                                         @if (packageVersion.PushedBy != null)
                                         {
-                                            <span>by @packageVersion.PushedBy.Abbreviate(15)</span>
+                                            <text>
+                                                by <span title="@packageVersion.PushedBy">@packageVersion.PushedBy.Abbreviate(15)</span>
+                                            </text>
                                         }
                                     </td>
                                     @if (packageVersion.CanDisplayPrivateMetadata)
@@ -480,7 +518,7 @@
                 }
             </div>
         </article>
-        <aside class="col-sm-3 package-details-info">
+        <aside aria-label="Package details info" class="col-sm-3 package-details-info">
             <h2>Info</h2>
             <ul class="list-unstyled ms-Icon-ul">
                 <li>
diff --git a/src/NuGetGallery/Views/Packages/Edit.cshtml b/src/NuGetGallery/Views/Packages/Edit.cshtml
index 7350dfafeb..d74a935f32 100644
--- a/src/NuGetGallery/Views/Packages/Edit.cshtml
+++ b/src/NuGetGallery/Views/Packages/Edit.cshtml
@@ -19,9 +19,8 @@
                 "_PackageHeading", 
                 new PackageHeadingModel(
                     CurrentUser,
-                    Model.PackageVersions.First(), 
-                    "Edit",
-                    linkIdOnly: true))
+                    Model.PackageRegistration, 
+                    "Edit"))
 
             @if (Model.IsLocked)
             {
@@ -46,10 +45,10 @@
                         </a>
                     </h2>
                     <div class="collapse in" id="select-package-version-form" aria-expanded="true">
-                        <form id="cancel-form">
+                        <form aria-hidden="true" id="cancel-form">
                             @Html.AntiForgeryToken()
                         </form>
-                        <form id="select-version-form" enctype="multipart/form-data">
+                        <form aria-label="Select package version to edit" id="select-version-form" enctype="multipart/form-data">
                             @Html.AntiForgeryToken()
 
                             @Html.ValidationSummary(true)
@@ -60,7 +59,7 @@
                                                   new
                                                   {
                                                       @class = "form-control selectpicker show-tick show-menu-arrow btn-block",
-                                                      @title = "Select A Version...",
+                                                      @title = "Select a version",
                                                       @id = "input-select-version"
                                                   })
                                 </label>
diff --git a/src/NuGetGallery/Views/Packages/ManagePackageOwners.cshtml b/src/NuGetGallery/Views/Packages/ManagePackageOwners.cshtml
index 9b1c4d9149..0d58b13db3 100644
--- a/src/NuGetGallery/Views/Packages/ManagePackageOwners.cshtml
+++ b/src/NuGetGallery/Views/Packages/ManagePackageOwners.cshtml
@@ -37,7 +37,7 @@
                     <div class="col-md-1">
                         <img width="@Constants.GravatarElementSize"
                              height="@Constants.GravatarElementSize"
-                             data-bind="attr:{src: imageUrl}" />
+                             data-bind="attr: { src: imageUrl, 'aria-label': 'Profile picture for ' + name() }" />
                     </div>
                     <div class="col-md-8 ms-font-xl">
                         <span>
diff --git a/src/NuGetGallery/Views/Packages/UploadPackage.cshtml b/src/NuGetGallery/Views/Packages/UploadPackage.cshtml
index b39370aa05..335a01b771 100644
--- a/src/NuGetGallery/Views/Packages/UploadPackage.cshtml
+++ b/src/NuGetGallery/Views/Packages/UploadPackage.cshtml
@@ -10,7 +10,7 @@
     <div class="row">
         <div class="@ViewHelpers.GetColumnClasses(ViewBag)">
             @ViewHelpers.PackagesBreadcrumb(Url, CurrentUser, true, @<text>Upload</text>)
-            <div class="page-subheading text-center">
+            <div class="text-center">
                 <p class="message">Your package file will be uploaded and hosted on the @(Config.Current.Brand) server (@(Config.Current.SiteRoot)).</p>
             </div>
             <div id="upload-package-container">
@@ -22,10 +22,10 @@
                     </a>
                 </h2>
                 <div class="collapse in" id="upload-package-form" aria-expanded="true">
-                    <form id="cancel-form">
+                    <form aria-hidden="true" id="cancel-form">
                         @Html.AntiForgeryToken()
                     </form>
-                    <form id="uploadForm" enctype="multipart/form-data">
+                    <form aria-label="Upload a package" id="uploadForm" enctype="multipart/form-data">
                         @Html.AntiForgeryToken()
 
                         @Html.ValidationSummary(true)
diff --git a/src/NuGetGallery/Views/Packages/_EditForm.cshtml b/src/NuGetGallery/Views/Packages/_EditForm.cshtml
index 5d123c1b59..5d8b16d6ea 100644
--- a/src/NuGetGallery/Views/Packages/_EditForm.cshtml
+++ b/src/NuGetGallery/Views/Packages/_EditForm.cshtml
@@ -1,4 +1,4 @@
-<form id="edit-readme-form">
+<form aria-label="Edit your package" id="edit-readme-form">
     @Html.AntiForgeryToken()
         
     <div id="readme-collapser-container" class="hidden">
diff --git a/src/NuGetGallery/Views/Packages/_ValidationIssue.cshtml b/src/NuGetGallery/Views/Packages/_ValidationIssue.cshtml
index f0eaea4712..d6e16c0830 100644
--- a/src/NuGetGallery/Views/Packages/_ValidationIssue.cshtml
+++ b/src/NuGetGallery/Views/Packages/_ValidationIssue.cshtml
@@ -40,6 +40,24 @@
             <b>NU3007:</b> Package signatures must have format version 1.
         </text>
         break;
+    case ValidationIssueCode.AuthorCounterSignaturesNotSupported:
+        <text>
+            Author countersignatures are not supported.
+        </text>
+        break;
+    case ValidationIssueCode.PackageIsNotSigned:
+        <text>
+            <b>Package publishing failed.</b> The package must be signed with a registered certificate. <a href="https://aka.ms/nuget-signed-ref">Read more...</a>
+        </text>
+        break;
+    case ValidationIssueCode.PackageIsSignedWithUnauthorizedCertificate:
+        {
+            var typedIssue = (UnauthorizedCertificateFailure)Model;
+            <text>
+                <b>Package publishing failed.</b> The package was signed, but the signing certificate (SHA-1 thumbprint @typedIssue.Sha1Thumbprint) is not associated with your account. You must register this certificate to publish signed packages. <a href="https://aka.ms/nuget-signed-ref">Read more...</a>
+            </text>
+            break;
+        }
     default:
         <text>
             <strong>Package publishing failed.</strong> This package could not be published since package validation
diff --git a/src/NuGetGallery/Views/Packages/_VerifyForm.cshtml b/src/NuGetGallery/Views/Packages/_VerifyForm.cshtml
index 49cf340d0c..b1a7142d33 100644
--- a/src/NuGetGallery/Views/Packages/_VerifyForm.cshtml
+++ b/src/NuGetGallery/Views/Packages/_VerifyForm.cshtml
@@ -1,4 +1,4 @@
-<form id="verify-metadata-form">
+<form aria-label="Verify your package" id="verify-metadata-form">
     @Html.AntiForgeryToken()
 
     <div id="verify-collapser-container" class="hidden">
diff --git a/src/NuGetGallery/Views/Packages/_VerifyMetadata.cshtml b/src/NuGetGallery/Views/Packages/_VerifyMetadata.cshtml
index acdcbeb321..1853bac86f 100644
--- a/src/NuGetGallery/Views/Packages/_VerifyMetadata.cshtml
+++ b/src/NuGetGallery/Views/Packages/_VerifyMetadata.cshtml
@@ -143,7 +143,7 @@
                 <div class="verify-package-field row">
                     <div class="verify-package-field-heading col-sm-12">Icon Preview</div>
                     <div id="icon-preview-container" class="col-sm-1">
-                        <img class="package-icon img-responsive" id="icon-preview" data-bind="attr: { src: $data.IconUrl }" /> <!-- probably need to check this for safety-->
+                        <img class="package-icon img-responsive" id="icon-preview" aria-label="The icon of your package" data-bind="attr: { src: $data.IconUrl }" /> <!-- probably need to check this for safety-->
                     </div>
                 </div>
                 <!-- /ko -->
diff --git a/src/NuGetGallery/Views/Shared/ConfirmationRequired.cshtml b/src/NuGetGallery/Views/Shared/ConfirmationRequired.cshtml
index b8f69eef02..9a312e61fd 100644
--- a/src/NuGetGallery/Views/Shared/ConfirmationRequired.cshtml
+++ b/src/NuGetGallery/Views/Shared/ConfirmationRequired.cshtml
@@ -3,8 +3,8 @@
     ViewBag.Title = "Confirm Your "
         + (Model.IsOrganization ? "Organization " : "")
         + (Model.ConfirmingNewAccount ? "Account" : "Email");
-    ViewBag.SmPageColumns = Constants.ColumnsAuthenticationSm;
-    ViewBag.MdPageColumns = Constants.ColumnsAuthenticationMd;
+    ViewBag.SmPageColumns = Constants.ColumnsWideAuthenticationSm;
+    ViewBag.MdPageColumns = Constants.ColumnsWideAuthenticationMd;
     Layout = "~/Views/Shared/Gallery/Layout.cshtml";
 
     if (Model.IsOrganization)
diff --git a/src/NuGetGallery/Views/Shared/Gallery/Header.cshtml b/src/NuGetGallery/Views/Shared/Gallery/Header.cshtml
index c81adb44c5..eda32aa47c 100644
--- a/src/NuGetGallery/Views/Shared/Gallery/Header.cshtml
+++ b/src/NuGetGallery/Views/Shared/Gallery/Header.cshtml
@@ -1,5 +1,5 @@
 @{
-    var ShowWarningBanner = Config.Current.DeprecateNuGetPasswordLogins && User.HasPasswordLogin();
+    var ShowWarningIndicator = Config.Current.DeprecateNuGetPasswordLogins && (User.HasPasswordLogin() || (!User.HasMultiFactorAuthenticationEnabled() && User.WasMicrosoftAccountUsedForSignin()));
     var ShowPasswordDeprecationBanner = TempData.ContainsKey("ShowPasswordDeprecationWarning")
         && Convert.ToBoolean((string)TempData["ShowPasswordDeprecationWarning"])
         && Request.IsAuthenticated
@@ -36,9 +36,8 @@
 
 @helper DisplayNavigationItem(string tab, string url, bool bold = false, string title = null)
 {
-    <li class="@(ViewBag.Tab == tab ? "active" : string.Empty)"
-        aria-selected="@(ViewBag.Tab == tab ? "true" : "false")" role="presentation">
-        <a role="menuitem" href="@url" title="@title">
+    <li class="@(ViewBag.Tab == tab ? "active" : string.Empty)" role="presentation">
+        <a role="tab" aria-selected="@(ViewBag.Tab == tab ? "true" : "false")" href="@url" title="@title">
             @if (bold)
             {
                 @:<b>
@@ -56,7 +55,7 @@
     <div class="container">
         <div class="row">
             <div class="col-sm-12 text-center">
-                <a href="#skippedToContent" class="showOnFocus" title="Skip To Content" role="navigation">Skip To Content</a>
+                <a href="#skippedToContent" class="showOnFocus" title="Skip To Content">Skip To Content</a>
             </div>
         </div>
         <div class="row">
@@ -75,7 +74,7 @@
                     </a>
                 </div>
                 <div id="navbar" class="navbar-collapse collapse" role="menubar">
-                    <ul class="nav navbar-nav" role="menu">
+                    <ul class="nav navbar-nav" role="tablist">
                         @DisplayNavigationItem("Packages", Url.PackageList())
                         @DisplayNavigationItem("Upload", Url.UploadPackage())
                         @if (StatisticsHelper.IsStatisticsPageAvailable)
@@ -92,7 +91,7 @@
                     </ul>
                     @if (ShowAuthInHeader)
                     {
-                        <ul class="nav navbar-nav navbar-right navbar-seperated" role="menu">
+                        <ul class="nav navbar-nav navbar-right" role="tablist">
                             @if (!User.Identity.IsAuthenticated)
                             {
                                 var returnUrl = ViewData.ContainsKey(Constants.ReturnUrlViewDataKey) ? (string)ViewData[Constants.ReturnUrlViewDataKey] : Request.RawUrl;
@@ -100,11 +99,10 @@
                             }
                             else
                             {
-                                <li class="@(ViewBag.Tab == User.Identity.Name ? "active" : string.Empty) dropdown"
-                                    aria-selected="@(ViewBag.Tab == User.Identity.Name ? "true" : "false")" role="presentation">
-                                    <a href="#" role="menuitem" id="account-dropdown" class="dropdown-toggle" title="Open profile dropdown" data-toggle="dropdown">
+                                <li class="@(ViewBag.Tab == User.Identity.Name ? "active" : string.Empty) dropdown" role="presentation">
+                                    <a href="#" aria-selected="@(ViewBag.Tab == User.Identity.Name ? "true" : "false")" role="tab" id="account-dropdown" class="dropdown-toggle" title="Open profile dropdown" data-toggle="dropdown">
                                         <div>
-                                            @if (ShowWarningBanner)
+                                            @if (ShowWarningIndicator)
                                             {
                                                 <span class="ms-Icon ms-Icon--Warning warning-icon" aria-hidden="true"></span>
                                             }
@@ -133,7 +131,7 @@
                                         <li role="presentation">
                                             <a href="@Url.AccountSettings()" role="menuitem">
                                                 Account Settings
-                                                @if (ShowWarningBanner)
+                                                @if (ShowWarningIndicator)
                                                 {
                                                     <span class="ms-Icon ms-Icon--Warning warning-icon" aria-hidden="true"></span>
                                                 }
@@ -141,10 +139,7 @@
                                         </li>
                                         <li role="presentation"><a href="@Url.ManageMyApiKeys()" role="menuitem">API Keys</a></li>
                                         <li class="divider"></li>
-                                        @if (ContentObjectService.Value.LoginDiscontinuationConfiguration.AreOrganizationsSupportedForUser(CurrentUser))
-                                        {
-                                            <li role="presentation"><a href="@Url.ManageMyOrganizations()" role="menuitem">Manage Organizations</a></li>
-                                        }
+                                        <li role="presentation"><a href="@Url.ManageMyOrganizations()" role="menuitem">Manage Organizations</a></li>
                                         <li role="presentation"><a href="@Url.ManageMyPackages()" role="menuitem">Manage Packages</a></li>
                                         <li role="presentation"><a href="@Url.UploadPackage()" role="menuitem">Upload Package</a></li>
                                         <li class="divider"></li>
@@ -163,7 +158,7 @@
     {
         <div class="container search-container">
             <div class="row">
-                <form class="col-sm-12" action="@Url.PackageList()" method="get">
+                <form aria-label="Package search bar" class="col-sm-12" action="@Url.PackageList()" method="get">
                     @Html.Partial("_SearchBar")
                     @Html.Partial("_AutocompleteTemplate")
                 </form>
diff --git a/src/NuGetGallery/Views/Shared/_AccountCertificates.cshtml b/src/NuGetGallery/Views/Shared/_AccountCertificates.cshtml
new file mode 100644
index 0000000000..46ad579cf2
--- /dev/null
+++ b/src/NuGetGallery/Views/Shared/_AccountCertificates.cshtml
@@ -0,0 +1,94 @@
+@model AccountViewModel
+@{
+    var parent = (WebViewPage)TempData["Parent"];
+}
+
+@helper WarnFor2FARequirement()
+{
+    if (Model.User.EnableMultiFactorAuthentication)
+    {
+        @ViewHelpers.AlertWarning(@<text>You must log in using two-factor authentication before you can register or manage certificates.</text>)
+    }
+    else
+    {
+        @ViewHelpers.AlertWarning(@<text>You must enable two-factor authentication before you can register or manage certificates. This can be enabled in your <a href="@Url.AccountSettings()">Account Settings</a>.</text>)
+    }
+}
+
+@ViewHelpers.Section(
+    parent,
+    "certificates",
+    @<text>Certificates</text>,
+    @<text>
+        <span id="certificates-section-header"></span>
+    </text>,
+    @<text>
+        @ViewHelpers.AjaxAntiForgeryToken(Html)
+
+        <form id="addCertificateForm" enctype="multipart/form-data" aria-hidden="true">
+            @Html.AntiForgeryToken()
+        </form>
+
+        <div class="list-certificates">
+            @if (!Model.WasMultiFactorAuthenticated)
+            {
+                @WarnFor2FARequirement();
+            }
+
+            <div class="row" data-bind="ifnot: $data && $data.hasCertificates && $data.hasCertificates()">
+                <div class="col-xs-12 clearfix">
+                    All your packages need to be signed by one of the registered certificates.  <a href="https://docs.microsoft.com/en-us/nuget/reference/signed-packages-reference">Learn more about package signing.</a>
+                    <br /> <br />
+                </div>
+            </div>
+
+            <div data-bind="if: $data && $data.hasCertificates && $data.hasCertificates()">
+                <div class="panel-collapse collapse in" aria-expanded="true">
+                    <table class="table" role="list">
+                        <thead>
+                            <tr class="manage-certificate-headings">
+                                <th>Fingerprint</th>
+                                <th><span class="hidden">Icon</span></th>
+                            </tr>
+                        </thead>
+                        <tbody data-bind="foreach: $data.certificates">
+                            <tr class="manage-certificate-listing" role="listitem">
+                                <td class="align-middle" data-bind="text: Sha1Thumbprint"></td>
+                                <td class="text-right align-middle package-controls">
+                                    <span data-bind="visible: CanDelete">
+                                        <a class="btn" title="Delete certificate" tabindex="0" data-bind="attr: { 'data-href': DeleteUrl, 'aria-label': 'Delete certificate' }, click: $parent.deleteCertificate">
+                                            <i class="ms-Icon ms-Icon--Delete" aria-hidden="true"></i>
+                                        </a>
+                                    </span>
+                                </td>
+                            </tr>
+                        </tbody>
+                    </table>
+                </div>
+            </div>
+        </div>
+
+        @if (Model.WasMultiFactorAuthenticated && Model.CanManage)
+        {
+        <div class="collapse in row" id="upload-certificate-form" aria-expanded="true">
+            @Html.ValidationSummary(true)
+
+            <form id="uploadCertificateForm" class="certificates-form" enctype="multipart/form-data" aria-label="Register a certificate">
+                @Html.AntiForgeryToken()
+
+                <div class="col-sm-6">
+                    Register a certificate by uploading a certificate file (.cer).
+                </div>
+                <div class="col-sm-6">
+                    <label for="input-select-file" id="CertificateFileLabel" class="input-group-btn">
+                        <a id="register-new" class="btn btn-primary form-control" tabindex="0" aria-label="Browse for certificate" role="button">
+                            Register new<input type="file" name="uploadFile" accept=".cer" aria-labelledby="CertificateFileLabel" id="input-select-file" style="display:none;" />
+                        </a>
+                    </label>
+                </div>
+            </form>
+        </div>
+        <div id="validation-failure-container" class="hidden"></div>
+        }
+    </text>,
+    expanded: false)
\ No newline at end of file
diff --git a/src/NuGetGallery/Views/Shared/_AccountChangeNotifications.cshtml b/src/NuGetGallery/Views/Shared/_AccountChangeNotifications.cshtml
index af025c94fb..4433708f9e 100644
--- a/src/NuGetGallery/Views/Shared/_AccountChangeNotifications.cshtml
+++ b/src/NuGetGallery/Views/Shared/_AccountChangeNotifications.cshtml
@@ -53,7 +53,7 @@
             @(Model.ChangeNotifications.NotifyPackagePushed ? ViewBag.NotifyPackagePushedEnabled : ViewBag.NotifyPackagePushedNotEnabled)
         </text>,
         @<text>
-            @using (Html.BeginForm("ChangeEmailSubscription", controllerName))
+            @using (Html.BeginForm("ChangeEmailSubscription", controllerName, FormMethod.Post, new { aria_label = "Change email subscription settings" }))
             {
                 @Html.AntiForgeryToken()
 
@@ -63,6 +63,7 @@
                         <b>@ViewBag.EmailAllowedLabel</b>
                     </label>
                     <div id="emailallowed-label" class="label-sibling">@Html.Raw(ViewBag.EmailAllowedDescription)</div>
+                    @Html.ShowValidationMessagesFor(x => x.ChangeNotifications.EmailAllowed)
                 </div>
 
                 <div class="checkbox">
@@ -71,6 +72,7 @@
                         <b>@ViewBag.NotifyPackagePushedLabel</b>
                     </label>
                     <div id="notifypackagepushed-label" class="label-sibling">@ViewBag.NotifyPackagePushedDescription</div>
+                    @Html.ShowValidationMessagesFor(x => x.ChangeNotifications.NotifyPackagePushed)
                 </div>
 
                 <p><strong>Note: </strong>@ViewBag.PrivacyNotice</p>
diff --git a/src/NuGetGallery/Views/Shared/_AccountConfirmationNotices.cshtml b/src/NuGetGallery/Views/Shared/_AccountConfirmationNotices.cshtml
index b24f982c6b..ab70a46484 100644
--- a/src/NuGetGallery/Views/Shared/_AccountConfirmationNotices.cshtml
+++ b/src/NuGetGallery/Views/Shared/_AccountConfirmationNotices.cshtml
@@ -1,6 +1,6 @@
 @model AccountViewModel
 @{
-    var account = Model.Account;
+    var account = Model.User;
 
     if (Model.IsOrganization)
     {
diff --git a/src/NuGetGallery/Views/Shared/_AccountProfilePicture.cshtml b/src/NuGetGallery/Views/Shared/_AccountProfilePicture.cshtml
index 3348fe1c54..d684512799 100644
--- a/src/NuGetGallery/Views/Shared/_AccountProfilePicture.cshtml
+++ b/src/NuGetGallery/Views/Shared/_AccountProfilePicture.cshtml
@@ -24,7 +24,7 @@
 @ViewHelpers.Section(parent,
     "profile-picture",
     @<text>Profile Picture @(Model.HasUnconfirmedEmailAddress ? "(preview)" : string.Empty)</text>,
-    @<text>@ViewHelpers.GravatarImage(Model.CurrentEmailAddress, Model.Account.Username, Constants.GravatarElementSize)</text>,
+    @<text>@ViewHelpers.GravatarImage(Model.CurrentEmailAddress, Model.AccountName, Constants.GravatarElementSize)</text>,
     @<text>
         @if (Model.HasUnconfirmedEmailAddress)
         {
diff --git a/src/NuGetGallery/Views/Statistics/Index.cshtml b/src/NuGetGallery/Views/Statistics/Index.cshtml
index 33197d9ef9..38bda31ffc 100644
--- a/src/NuGetGallery/Views/Statistics/Index.cshtml
+++ b/src/NuGetGallery/Views/Statistics/Index.cshtml
@@ -17,7 +17,7 @@
 <section role="main" class="container main-container page-statistics-overview">
     <h1>Statistics</h1>
 
-    <span class="page-subheading ms-fontSize-l">
+    <span class="ms-fontSize-l">
         @Html.Partial("_LastUpdated", Model)
     </span>
 
diff --git a/src/NuGetGallery/Views/Statistics/PackageVersions.cshtml b/src/NuGetGallery/Views/Statistics/PackageVersions.cshtml
index 574f1fc246..f4763d002c 100644
--- a/src/NuGetGallery/Views/Statistics/PackageVersions.cshtml
+++ b/src/NuGetGallery/Views/Statistics/PackageVersions.cshtml
@@ -20,7 +20,7 @@
         <div class="col-xs-12">
             <h1>Most Downloaded Package Versions</h1>
 
-            <span class="page-subheading ms-fontSize-l" data-bind="text: showAllPackageDownloads() ? 'Top 500 Packages Over the Last 6 Weeks' : 'Top 500 Community Packages Over the Last 6 Weeks'">
+            <span class="ms-fontSize-l" data-bind="text: showAllPackageDownloads() ? 'Top 500 Packages Over the Last 6 Weeks' : 'Top 500 Community Packages Over the Last 6 Weeks'">
                 Top 500 Community Packages Over the Last 6 Weeks
             </span>
             <label class="show-all-packages-toggle pull-right">
diff --git a/src/NuGetGallery/Views/Statistics/Packages.cshtml b/src/NuGetGallery/Views/Statistics/Packages.cshtml
index ef371b1bd1..c2d776bc26 100644
--- a/src/NuGetGallery/Views/Statistics/Packages.cshtml
+++ b/src/NuGetGallery/Views/Statistics/Packages.cshtml
@@ -20,7 +20,7 @@
         <div class="col-xs-12">
             <h1>Most Downloaded Packages</h1>
 
-            <span class="page-subheading ms-fontSize-l" data-bind="text: showAllPackageDownloads() ? 'Top 100 Packages Over the Last 6 Weeks' : 'Top 100 Community Packages Over the Last 6 Weeks'">
+            <span class="ms-fontSize-l" data-bind="text: showAllPackageDownloads() ? 'Top 100 Packages Over the Last 6 Weeks' : 'Top 100 Community Packages Over the Last 6 Weeks'">
                 Top 100 Community Packages Over the Last 6 Weeks
             </span>
             <label class="show-all-packages-toggle pull-right">
diff --git a/src/NuGetGallery/Views/Statistics/_PivotTable.cshtml b/src/NuGetGallery/Views/Statistics/_PivotTable.cshtml
index 3db8fe17b8..e85f107eb2 100644
--- a/src/NuGetGallery/Views/Statistics/_PivotTable.cshtml
+++ b/src/NuGetGallery/Views/Statistics/_PivotTable.cshtml
@@ -23,7 +23,7 @@
 
 <script type="text/html" id="report-template">
     <div class="row">
-        <div data-bind="if: $data && LastUpdatedUtc" class="last-updated col-xs-12 page-subheading">
+        <div data-bind="if: $data && LastUpdatedUtc" class="last-updated col-xs-12">
             <span data-bind="text: 'Statistics last updated at ' + moment(LastUpdatedUtc).format('YYYY-MM-DD HH:mm:ss') + ' UTC.'"></span>
         </div>
     </div>
diff --git a/src/NuGetGallery/Views/Users/Account.cshtml b/src/NuGetGallery/Views/Users/Account.cshtml
index 66818bab89..007be287b5 100644
--- a/src/NuGetGallery/Views/Users/Account.cshtml
+++ b/src/NuGetGallery/Views/Users/Account.cshtml
@@ -31,15 +31,27 @@
             {
                 @Html.Partial("_UserAccountChangePassword", Model)
             }
-            
+
             @Html.Partial("_AccountProfilePicture", Model)
 
             @Html.Partial("_AccountCuratedFeeds", Model)
+
+            @Html.Partial("_AccountCertificates", Model)
         </div>
     </div>
 </section>
 
 @section bottomScripts {
     @ViewHelpers.SectionsScript(this)
+    @Scripts.Render("~/Scripts/gallery/certificates.js")
     @Scripts.Render("~/Scripts/gallery/page-account.min.js")
-}
+    <script type="text/javascript">
+        CertificatesManagement.init('@Url.AddUserCertificate()', '@Url.GetUserCertificates()');
+    </script>
+
+    <script type="text/html" id="validation-errors">
+        <div data-bind="foreach:$data" class="validation-error-message-list">
+            @ViewHelpers.AlertDanger(@<text><span data-bind="text:$data"></span></text>)
+        </div>
+    </script>
+}
\ No newline at end of file
diff --git a/src/NuGetGallery/Views/Users/ApiKeys.cshtml b/src/NuGetGallery/Views/Users/ApiKeys.cshtml
index f2bef7ee2d..8e9cca7344 100644
--- a/src/NuGetGallery/Views/Users/ApiKeys.cshtml
+++ b/src/NuGetGallery/Views/Users/ApiKeys.cshtml
@@ -7,9 +7,7 @@
 }
 
 <section role="main" class="container main-container page-api-keys">
-    <form id="AntiForgeryForm">
-        @Html.AntiForgeryToken()
-    </form>
+    @ViewHelpers.AjaxAntiForgeryToken(Html)
     <div class="row">
         <div class="@ViewHelpers.GetColumnClasses(ViewBag)">
             @ViewHelpers.BreadcrumbWithProfile(Url, CurrentUser, true, @<text>API keys</text>)
diff --git a/src/NuGetGallery/Views/Users/DeleteAccount.cshtml b/src/NuGetGallery/Views/Users/DeleteAccount.cshtml
index 04b8e44360..99d61f166b 100644
--- a/src/NuGetGallery/Views/Users/DeleteAccount.cshtml
+++ b/src/NuGetGallery/Views/Users/DeleteAccount.cshtml
@@ -1,5 +1,5 @@
 @using NuGetGallery
-@model NuGetGallery.DeleteAccountViewModel
+@model NuGetGallery.DeleteUserViewModel
 @{
     ViewBag.Title = "Delete Account " + Model.AccountName;
     ViewBag.MdPageColumns = Constants.ColumnsFormMd;
@@ -26,15 +26,16 @@
                 }
                 else
                 {
-                    @ViewHelpers.AlertWarning(@<text><strong class="keywords">Important</strong> <br />
-                        Once your account is deleted you cannot undo it. <a href="https://go.microsoft.com/fwlink/?linkid=862770">Read more.</a><br />
+                    @ViewHelpers.AlertWarning(@<text><strong class="keywords">Important</strong>
+                        Once your account is deleted you cannot undo it. <a href="https://go.microsoft.com/fwlink/?linkid=862770">Read more.</a>
                     </text>)
                     <p>
-                        When you account is deleted we will<br />
+                        When you account is deleted we will:<br />
                         <ul>
                             <li>Revoke your api key(s).</li>
                             <li>Remove you as the owner for any packages you own.</li>
                             <li>Remove your ownership from any ID prefix reservations and delete any ID prefix reservations that you were the only owner of.</li>
+                            <li>Remove you from any organizations that you are a member of.</li>
                             <li>Not delete the NuGet packages associated with the account.</li>
                         </ul>
                     </p>
@@ -43,15 +44,21 @@
                             @ViewHelpers.AlertDanger(@<text>One or more packages do not have co-owners.</text>)
                     }
                     <p>
-                        Before submitting the request, it is recommended that you transfer ownership of any package where you are the sole owner, using the <i>manage owners</i> <i class="ms-Icon ms-Icon--People" aria-hidden="true"></i> button for that package below. Read more about <a href="https://go.microsoft.com/fwlink/?linkid=862794">Manage package owners.</a>
-                        This will enable us to expedite processing your request.<br />
-                        If you choose to proceed without fixing this issue, someone from the NuGet team may reach out and work with you to find a resolution.
+                        It is recommended that you transfer ownership of any package where you are the sole owner, using the <i>manage owners</i> <i class="ms-Icon ms-Icon--People" aria-hidden="true"></i> button for that package below. Read more about <a href="https://go.microsoft.com/fwlink/?linkid=862794">Manage package owners.</a>
                     </p>
                     <div class="form-group">
-                        @{
-                            @Html.Partial("_UserPackagesListForDeletedAccount", new ManagePackagesListViewModel(@Model.Packages, "Packages"))
-                        }
+                        @Html.Partial("_UserPackagesListForDeletedAccount", Model)
                     </div>
+                    <p>
+                        It is also recommended that you transfer ownership of any organization where you are the sole member, using the <i>edit organization</i> <i class="ms-Icon ms-Icon--Edit" aria-hidden="true"></i> button for that organization below. Read more about <a href="https://go.microsoft.com/fwlink/?linkid=870439">Organizations.</a>
+                    </p>
+                    <div class="form-group">
+                        @Html.Partial("_UserOrganizationsListForDeletedAccount", Model.Organizations)
+                    </div>
+                    <p>
+                        We can expedite processing your deletion request if you are not the sole owner of any packages or organizations.<br />
+                        If you choose to proceed as the sole owner of any packages or organizations, someone from the NuGet team may reach out and work with you to find a resolution.
+                    </p>
                     <div class="form-group danger-zone">
                         <text>
                             @using (Html.BeginForm("RequestAccountDeletion", "Users", FormMethod.Post, new { id = "delete-form" }))
@@ -62,7 +69,7 @@
                                 </p>
                                 <div class="row form-group">
                                     <div class="col-sm-6">
-                                        <input type="submit" class="btn btn-primary btn-danger form-control" id="delete-account" value="Submit request to delete my account." />
+                                        <input type="submit" class="btn btn-primary btn-danger form-control" id="delete-account" value="Submit request to delete my account" />
                                     </div>
                                     <div class="col-sm-6">
                                         <a href="@Url.Home()" role="button" class="btn btn-default form-control" id="cancel-delete-account">Cancel</a>
diff --git a/src/NuGetGallery/Views/Users/Organizations.cshtml b/src/NuGetGallery/Views/Users/Organizations.cshtml
index bbf84c40e3..c7ee41260e 100644
--- a/src/NuGetGallery/Views/Users/Organizations.cshtml
+++ b/src/NuGetGallery/Views/Users/Organizations.cshtml
@@ -9,15 +9,11 @@
         <div class="col-md-12">
             <div class="breadcrumb-menu">
                 <div>
-                    @ViewHelpers.BreadcrumbWithProfile(Url, CurrentUser, false, @<text>Organizations</text>)
-                </div>
-                <div>
-                    @if (Model.Organizations.Any())
-                    {
-                        <form action="@Url.AddOrganization()">
-                            <input type="submit" class="btn btn-primary" value="Add new" />
-                        </form>
-                    }
+                    @ViewHelpers.BreadcrumbWithProfile(
+                        Url, 
+                        CurrentUser, 
+                        false, 
+                        @<text>Organizations&nbsp;<span aria-hidden="true" class="ms-font-xxl organizations-divider">|</span>&nbsp;<a href="@Url.AddOrganization()">Add new</a></text>)
                 </div>
             </div>
             <hr class="breadcrumb-divider"/>
@@ -27,7 +23,7 @@
                 var orgCount = Model.Organizations.Count();
                 var orgCountString = orgCount > 1 ? orgCount + " organizations" : orgCount + " organization";
 
-                <div class="subtitle">
+                <div>
                     <p>You have @(orgCountString).</p>
                 </div>
                 <table class="table user-package-list">
@@ -93,21 +89,17 @@
             }
             else
             {
-                <div class="subtitle text-center">
-                    <img width="260" height="150" alt="Learn to use packages"
+                <p>Organizations allow you to manage and publish packages as a team or a group. <a href="https://go.microsoft.com/fwlink/?linkid=870439">Learn more.</a></p>
+                <div class="organizations-empty text-center">
+                    <img width="260" height="150" alt="You are not a member of any organizations"
                          src="~/Content/gallery/img/manage-organizations.svg"
                          @ViewHelpers.ImageFallback(Url.Absolute("~/Content/gallery/img/manage-organizations-260x150.png")) />
                 </div>
                 <div class="subtitle text-center">
-                    <p>Organizations allow you to manage and publish packages as a team or a group.</p>
-                </div>
-                <div class="subtitle text-center">
-                    <form action="@Url.AddOrganization()">
-                        <input type="submit" class="btn btn-primary" value="Add new organization" />
-                    </form>
+                    <p>You are not a member of any organizations. Get started by <a href="@Url.AddOrganization()">adding a new organization.</a></p>
                 </div>
                 <div class="subtitle text-center">
-                    <a href="@Url.TransformAccount()">Transform your account into an organization</a>
+                    You can also <a href="@Url.TransformAccount()">transform your account into an organization.</a>
                 </div>
             }
         </div>
diff --git a/src/NuGetGallery/Views/Users/Packages.cshtml b/src/NuGetGallery/Views/Users/Packages.cshtml
index 9942caefad..08087978a1 100644
--- a/src/NuGetGallery/Views/Users/Packages.cshtml
+++ b/src/NuGetGallery/Views/Users/Packages.cshtml
@@ -7,6 +7,8 @@
 }
 
 <section role="main" class="container main-container page-manage-packages">
+    @ViewHelpers.AjaxAntiForgeryToken(Html)
+
     <div class="row">
         <div class="@ViewHelpers.GetColumnClasses(ViewBag)">
             <div class="breadcrumb-menu">
@@ -20,7 +22,7 @@
                     </span>
                 </div>
             </div>
-            <hr class="breadcrumb-divider"/>
+            <hr class="breadcrumb-divider" />
 
             @ViewHelpers.Section(this, "listed", @<text>Published Packages</text>,
                 @<text>
@@ -45,57 +47,72 @@
             @if (Model.ReservedNamespaces.ReservedNamespaces.Any())
             {
                 @ViewHelpers.Section(this, "namespaces",
-                    @<text>Reserved Namespaces</text>,
-                    @<text>
-                        <span id="namespaces-data" data-bind="text: ReservedNamespaces.VisibleNamespacesHeading()"></span>
-                    </text>,
-                    @<text>
-                        <div class="row user-package-list">
-                            <div data-bind="template: { name: 'manage-namespaces', data: ReservedNamespaces }"></div>
-                        </div>
-                    </text>, expanded: false)
+                        @<text>Reserved Namespaces</text>,
+                        @<text>
+                            <span id="namespaces-data" data-bind="text: ReservedNamespaces.VisibleNamespacesHeading()"></span>
+                        </text>,
+                        @<text>
+                            <div class="row user-package-list">
+                                <div data-bind="template: { name: 'manage-namespaces', data: ReservedNamespaces }"></div>
+                            </div>
+                        </text>, expanded: false)
             }
 
             @if (Model.OwnerRequests.Received.Requests.Any())
             {
                 @ViewHelpers.Section(this, "requests-received",
-                    @<text>Ownership Requests (Received)</text>,
-                    @<text>
-                        <span id="requests-received-data" data-bind="text: RequestsReceived.VisibleRequestsHeading()"></span>
-                    </text>,
-                    @<text>
-                        <div class="row user-package-list">
-                            <div data-bind="template: { name: 'manage-owner-requests', data: RequestsReceived }"></div>
-                        </div>
-                    </text>, expanded: false)
+                        @<text>Ownership Requests (Received)</text>,
+                        @<text>
+                            <span id="requests-received-data" data-bind="text: RequestsReceived.VisibleRequestsHeading()"></span>
+                        </text>,
+                        @<text>
+                            <div class="row user-package-list">
+                                <div data-bind="template: { name: 'manage-owner-requests', data: RequestsReceived }"></div>
+                            </div>
+                        </text>, expanded: false)
             }
 
             @if (Model.OwnerRequests.Sent.Requests.Any())
             {
                 @ViewHelpers.Section(this, "requests-sent",
-                    @<text>Ownership Requests (Sent)</text>,
-                    @<text>
-                        <span id="requests-sent-data" data-bind="text: RequestsSent.VisibleRequestsHeading()"></span>
-                    </text>,
-                    @<text>
-                        <div class="row user-package-list">
-                            <div data-bind="template: { name: 'manage-owner-requests', data: RequestsSent }"></div>
-                        </div>
-                    </text>, expanded: false)
+                        @<text>Ownership Requests (Sent)</text>,
+                        @<text>
+                            <span id="requests-sent-data" data-bind="text: RequestsSent.VisibleRequestsHeading()"></span>
+                        </text>,
+                        @<text>
+                            <div class="row user-package-list">
+                                <div data-bind="template: { name: 'manage-owner-requests', data: RequestsSent }"></div>
+                            </div>
+                        </text>, expanded: false)
             }
         </div>
     </div>
 </section>
 
 <script type="text/html" id="manage-packages">
+    @if (!Model.WasMultiFactorAuthenticated)
+    {
+    <div data-bind="visible: Packages.length > 0">
+        @if (Model.User.EnableMultiFactorAuthentication)
+        {
+            @ViewHelpers.AlertWarning(@<text>You must log in using two-factor authentication before you can change package signing requirements.</text>)
+        }
+        else
+        {
+            @ViewHelpers.AlertWarning(@<text>You must enable two-factor authentication before you can change package signing requirements. This can be enabled in your <a href="@Url.AccountSettings()">Account Settings</a>.</text>)
+        }
+    </div>
+    }
     <div class="col-md-12">
         <div class="panel-collapse collapse in" aria-expanded="true">
-            <table class="table">
+            <!-- ko if: VisiblePackagesCount -->
+            <table class="table inner-table">
                 <thead>
                     <tr class="manage-package-headings">
                         <th class="hidden-xs"><span class="hidden">Package Icon</span></th>
                         <th>Package ID</th>
                         <th>Owners</th>
+                        <th>Signing Owner</th>
                         <th>Downloads</th>
                         <th>Latest Version</th>
                         <th><span class="hidden">Icon</span></th>
@@ -123,6 +140,23 @@
                                 <!-- /ko -->
                             </span>
                         </td>
+                        <td class="align-middle">
+                            <!-- ko if: $data.ShowTextBox -->
+                            <span data-bind="text: RequiredSigner" />
+                            <!-- /ko -->
+                            <!-- ko ifnot: $data.ShowTextBox -->
+                            <select class="form-control"
+                                    aria-label="Select the signing owner"
+                                    data-bind="options: AllSigners,
+                                    optionsText: 'OptionText',
+                                    optionsValue: 'Username',
+                                    enable: CanEditRequiredSigner,
+                                    visible: ShowRequiredSigner,
+                                    value: RequiredSigner,
+                                    event: { change: $data.OnRequiredSignerChange },
+                                    attr: { title: RequiredSignerMessage }"></select>
+                            <!-- /ko -->
+                        </td>
                         <td class="align-middle text-nowrap">
                             <span data-bind="text: FormattedDownloadCount"></span>
                         </td>
@@ -155,6 +189,10 @@
                     </tr>
                 </tbody>
             </table>
+            <!-- /ko -->
+            <!-- ko ifnot: VisiblePackagesCount -->
+            <span>There are no packages that fit this criteria.</span>
+            <!-- /ko -->
         </div>
     </div>
 </script>
@@ -162,7 +200,8 @@
 <script type="text/html" id="manage-namespaces">
     <div class="col-md-12">
         <div class="panel-collapse collapse in" aria-expanded="true">
-            <table class="table">
+            <!-- ko if: VisibleNamespacesCount -->
+            <table class="table inner-table">
                 <thead>
                     <tr class="manage-package-headings">
                         <th class="hidden-xs"><span class="hidden">Reserved Namespace Icon</span></th>
@@ -193,6 +232,10 @@
                     </tr>
                 </tbody>
             </table>
+            <!-- /ko -->
+            <!-- ko ifnot: VisibleNamespacesCount -->
+            <span>There are no reserved namespaces that fit this criteria.</span>
+            <!-- /ko -->
         </div>
     </div>
 </script>
@@ -200,7 +243,8 @@
 <script type="text/html" id="manage-owner-requests">
     <div class="col-md-12">
         <div class="panel-collapse collapse in" aria-expanded="true">
-            <table class="table">
+            <!-- ko if: VisibleRequestsCount -->
+            <table class="table inner-table">
                 <thead>
                     <tr class="manage-package-headings">
                         <th class="hidden-xs"><span class="hidden">Package Icon</span></th>
@@ -249,6 +293,10 @@
                     </tr>
                 </tbody>
             </table>
+            <!-- /ko -->
+            <!-- ko ifnot: VisibleRequestsCount -->
+            <span>There are no requests that fit this criteria.</span>
+            <!-- /ko -->
         </div>
     </div>
 </script>
@@ -262,6 +310,7 @@
     private RouteUrlTemplate<IPackageVersionModel> editUrlTemplate;
     private RouteUrlTemplate<IPackageVersionModel> manageOwnersUrlTemplate;
     private RouteUrlTemplate<IPackageVersionModel> deleteUrlTemplate;
+    private RouteUrlTemplate<IPackageVersionModel> setRequiredSignerUrlTemplate;
 
     private RouteUrlTemplate<string> searchUrlTemplate;
 
@@ -269,7 +318,7 @@
     private RouteUrlTemplate<OwnerRequestsListItemViewModel> rejectUrlTemplate;
     private RouteUrlTemplate<OwnerRequestsListItemViewModel> cancelUrlTemplate;
 
-    dynamic GetSerializablePackage(ListPackageItemViewModel p)
+    dynamic GetSerializablePackage(ListPackageItemRequiredSignerViewModel p)
     {
         if (packageUrlTemplate == null)
         {
@@ -291,12 +340,21 @@
             deleteUrlTemplate = Url.DeletePackageTemplate();
         }
 
+        if (setRequiredSignerUrlTemplate == null)
+        {
+            setRequiredSignerUrlTemplate = Url.SetRequiredSignerTemplate();
+        }
+
         return new
         {
             Id = p.Id.Abbreviate(40),
             Owners = GetSerializableOwners(p.Owners),
             p.TotalDownloadCount,
             LatestVersion = p.FullVersion.Abbreviate(15),
+            RequiredSigner = GetSerializableSigner(p.RequiredSigner),
+            p.RequiredSignerMessage,
+            AllSigners = GetSerializableSigners(p.AllSigners),
+            SetRequiredSignerUrl = setRequiredSignerUrlTemplate.Resolve(p),
             PackageIconUrl = PackageHelper.ShouldRenderUrl(p.IconUrl) ? p.IconUrl : null,
             PackageUrl = packageUrlTemplate.Resolve(p),
             EditUrl = editUrlTemplate.Resolve(p),
@@ -304,7 +362,10 @@
             DeleteUrl = deleteUrlTemplate.Resolve(p),
             CanEdit = p.CanEdit,
             CanManageOwners = p.CanManageOwners,
-            CanDelete = p.CanUnlistOrRelist
+            CanDelete = p.CanUnlistOrRelist,
+            p.CanEditRequiredSigner,
+            p.ShowRequiredSigner,
+            p.ShowTextBox
         };
     }
 
@@ -382,10 +443,38 @@
             IsOrganization = user is Organization
         };
     }
+
+    dynamic GetSerializableSigners(IEnumerable<SignerViewModel> signers)
+    {
+        return signers.Select(signer => GetSerializableSigner(signer));
+    }
+
+    dynamic GetSerializableSigner(SignerViewModel signer)
+    {
+        if (signer == null)
+        {
+            return null;
+        }
+
+        return new
+        {
+            signer.Username,
+            OptionText = signer.DisplayText,
+            signer.HasCertificate
+        };
+    }
 }
 
 @section BottomScripts {
     <script type="text/javascript">
+        var strings_RequiredSigner_ThisAction = "@Html.Raw(Strings.RequiredSigner_ThisAction)";
+        var strings_RequiredSigner_OwnerHasNoCertificate = "@Html.Raw(Strings.RequiredSigner_OwnerHasNoCertificate)";
+        var strings_RequiredSigner_OwnerHasAtLeastOneCertificate = "@Html.Raw(Strings.RequiredSigner_OwnerHasAtLeastOneCertificate)";
+        var strings_RequiredSigner_AnyWithUnsignedResult = "@Html.Raw(Strings.RequiredSigner_AnyWithUnsignedResult)";
+        var strings_RequiredSigner_AnyWithMixedResult = "@Html.Raw(Strings.RequiredSigner_AnyWithMixedResult)";
+        var strings_RequiredSigner_AnyWithSignedResult = "@Html.Raw(Strings.RequiredSigner_AnyWithSignedResult)";
+        var strings_RequiredSigner_Confirm = "@Html.Raw(Strings.RequiredSigner_Confirm)";
+
         var initialData = @Html.Raw(JsonConvert.SerializeObject(new
                      {
                          Owners = Model.Owners,
diff --git a/src/NuGetGallery/Views/Users/Profiles.cshtml b/src/NuGetGallery/Views/Users/Profiles.cshtml
index bdf279985e..25430a089d 100644
--- a/src/NuGetGallery/Views/Users/Profiles.cshtml
+++ b/src/NuGetGallery/Views/Users/Profiles.cshtml
@@ -6,7 +6,7 @@
 }
 
 <section role="main" class="container main-container page-profile">
-    <section role="main" class="row">
+    <div class="row">
         <aside class="col-md-3 col-md-push-9 profile-details">
             @ViewHelpers.GravatarImage(Model.EmailAddress ?? Model.UnconfirmedEmailAddress, Model.Username, Constants.GravatarImageSizeLarge, responsive: true)
             <div class="statistics">
@@ -29,13 +29,24 @@
                         </div>
                     </div>
                 }
+                @if (Model.CanManageAccount && Model.UserIsOrganization)
+                {
+                    <div class="statistic">
+                        <div class="description">
+                            <a class="action-menu-link" href="@Url.DeleteOrganization(@Model.Username)">
+                                <i class="icon-trash"></i>
+                                <span class="action-menu-text">Delete Organization</span>
+                            </a>
+                        </div>
+                    </div>
+                }
             </div>
         </aside>
         <article class="col-md-9 col-md-pull-3">
             <div class="profile-title">
                 <h1>
                     @Model.Username&nbsp;
-                    @if (Model.CanViewAccount)
+                    @if (Model.CanViewAccount && (Model.UserIsOrganization || CurrentUser.MatchesUser(Model.User)))
                     {
                         <a href="@(Model.UserIsOrganization ? Url.ManageMyOrganization(Model.Username) : Url.AccountSettings())" aria-label="Manage this account"><i class="ms-Icon ms-Icon--Edit ms-font-xl"></i></a>
                     }
@@ -45,12 +56,16 @@
                     {
                         if (Model.UserIsOrganization)
                         {
+                            var administrators = (Model.User as Organization).Administrators.Count();
+                            var collaborators = (Model.User as Organization).Collaborators.Count();
+
                             <i class="ms-Icon ms-Icon--Group ms-font-xl" aria-hidden="true">&nbsp;</i>
-                            <a href="@Url.ManageMyOrganization(Model.Username)" aria-label="Manage this organization"><span class="ms-font-xxl">@((Model.User as Organization).Administrators.Count())</span>&nbsp;Administrators&nbsp;</a><span class="ms-font-xxl organization-subtitle-divider">|</span><a href="@Url.ManageMyOrganization(Model.Username)" aria-label="Manage this organization">&nbsp;<span class="ms-font-xxl">@((Model.User as Organization).Collaborators.Count())</span>&nbsp;Collaborators</a>
+                            <a href="@Url.ManageMyOrganization(Model.Username)" aria-label="Manage this organization"><span class="ms-font-xxl">@administrators</span>&nbsp;Administrator@(administrators != 1 ? "s" : "")&nbsp;</a><span aria-hidden="true" class="ms-font-xxl organization-subtitle-divider">|</span><a href="@Url.ManageMyOrganization(Model.Username)" aria-label="Manage this organization">&nbsp;<span class="ms-font-xxl">@collaborators</span>&nbsp;Collaborator@(collaborators != 1 ? "s" : "")</a>
                         }
-                        else if (!Model.UserIsOrganization && Model.User.Organizations.Any())
+                        else if (CurrentUser.MatchesUser(Model.User) && Model.User.Organizations.Any())
                         {
-                            <span>member of<a href="@Url.ManageMyOrganizations()" aria-label="Manage my organizations"><span class="ms-font-xxl">&nbsp;@(Model.User.Organizations.Count()) organizations</span></a></span>
+                            var organizations = Model.User.Organizations.Count();
+                            <span>member of<a href="@Url.ManageMyOrganizations()" aria-label="Manage my organizations"><span class="ms-font-xxl">&nbsp;@organizations organization@(organizations != 1 ? "s" : "")</span></a></span>
                         }
                     }
                 </span>
@@ -67,5 +82,5 @@
 
             @ViewHelpers.PreviousNextPager(Model.Pager)
         </article>
-    </section>
+    </div>
 </section>
\ No newline at end of file
diff --git a/src/NuGetGallery/Views/Users/_DeleteUserAccountForm.cshtml b/src/NuGetGallery/Views/Users/_DeleteUserAccountForm.cshtml
new file mode 100644
index 0000000000..70b09c1d0b
--- /dev/null
+++ b/src/NuGetGallery/Views/Users/_DeleteUserAccountForm.cshtml
@@ -0,0 +1,40 @@
+@using NuGetGallery.Areas.Admin.ViewModels
+@model DeleteAccountAsAdminViewModel
+
+<div class="form-group danger-zone">
+    @using (Html.BeginForm("Delete", "Users", FormMethod.Post, new { id = "delete-form" }))
+    {
+        @Html.HttpMethodOverride(HttpVerbs.Delete)
+        @Html.AntiForgeryToken()
+        @Html.ValidationSummary(true)
+        <div>
+            <div class="form-group">
+                @Html.LabelFor(m => m.Signature)
+                @Html.EditorFor(m => m.Signature)
+                @Html.ValidationMessageFor(m => m.Signature)
+            </div>
+
+            @if (Model.HasOrphanPackages)
+            {
+                <div class="form-group">
+                    @Html.EditorFor(m => m.ShouldUnlist)
+                    <label class="checkbox-inline">
+                        <b>Unlist the packages without any owner.</b>
+                    </label>
+                    <p>
+                        One or more packages do not have co-owners. If you choose to proceed without fixing this issue, these packages will be orphaned and a warning message will be displayed under owners on the package page.
+                    </p>
+                </div>
+            }
+        </div>
+        <hr />
+        <p>
+            This action <strong>CANNOT</strong> be undone. This will permanently delete the account <b>@Model.AccountName</b>.
+        </p>
+        <hr />
+        @Html.HiddenFor(m => m.Signature)
+        @Html.HiddenFor(m => m.ShouldUnlist)
+        @Html.HiddenFor(m => m.AccountName)
+        <input id="btn-delete" type="submit" class="btn btn-danger form-control" value="I understand the consequences, delete this account" title="I understand the consequences, delete this account." />
+    }
+</div>
\ No newline at end of file
diff --git a/src/NuGetGallery/Views/Users/_UserAccountChangeExternalCredential.cshtml b/src/NuGetGallery/Views/Users/_UserAccountChangeExternalCredential.cshtml
index 0a4ac0b735..03e7b70990 100644
--- a/src/NuGetGallery/Views/Users/_UserAccountChangeExternalCredential.cshtml
+++ b/src/NuGetGallery/Views/Users/_UserAccountChangeExternalCredential.cshtml
@@ -8,27 +8,88 @@
     @ViewHelpers.Section(parent,
         "change-credential-" + cred.Key,
         @<text>Login Account</text>,
-        @<text>@cred.TypeCaption (@cred.Identity)</text>,
-            @<text>
-                <p>You can use this account to sign in to @(Config.Current.Brand).</p>
-                            
-                @using (Html.BeginForm("LinkOrChangeExternalCredential", "Users"))
+        @<text>@cred.TypeCaption | 
+            @if (CredentialTypes.IsMicrosoftAccount(cred.Type))
+            {
+                var is2faEnabled = Model.User.EnableMultiFactorAuthentication;
+                <span>
+                    <i class="ms-Icon ms-Icon--@(is2faEnabled ? "CheckMark" : "Warning") @(is2faEnabled ? "checkmark" : "warning")-icon" aria-hidden="true"></i> 2FA @(is2faEnabled ? "enabled" : "disabled")
+                </span>
+            }
+            else if (CredentialTypes.IsAzureActiveDirectoryAccount(cred.Type))
+            {
+                var is2faEnabled = User.WasMultiFactorAuthenticated();
+                <span>
+                    <i class="ms-Icon ms-Icon--@(is2faEnabled ? "CheckMark" : "Warning") @(is2faEnabled ? "checkmark" : "warning")-icon" aria-hidden="true"></i> 2FA @(is2faEnabled ? "enabled" : "disabled")
+                </span>
+            }
+        </text>,
+        @<text>
+            @using (Html.BeginForm("LinkOrChangeExternalCredential", "Users", FormMethod.Post, new { aria_label = "Link or change " + cred.TypeCaption }))
+            {
+                @Html.AntiForgeryToken()
+
+                <div class="login-account-row">
+                    <span>
+                        Microsoft account: <b>@cred.Identity</b>
+                    </span>
+                    <span class="col-sm-3">
+                        <button class="btn btn-default btn-block" type="submit"
+                                data-confirm="This action will replace all of your linked accounts and password login with the new login account. Are you sure you want to change your login account?">
+                            Change Account
+                        </button>
+                    </span>
+                </div>
+            }
+
+            @if (CredentialTypes.IsAzureActiveDirectoryAccount(cred.Type))
+            {
+                <div class="login-account-row">
+                    @if (User.WasMultiFactorAuthenticated())
+                    {
+                        <span>
+                            Two-factor authentication is enabled for your Azure AD login account. <i class="ms-Icon ms-Icon--CheckMark checkmark-icon" aria-hidden="true"></i>
+                        </span>
+                    }
+                    else
+                    {
+                        <span>
+                            Two-factor authentication is disabled for your Azure AD login account. We recommend you ask your Azure AD tenant administrator to enable this setting. <i class="ms-Icon ms-Icon--Warning warning-icon" aria-hidden="true"></i>
+                        </span>
+                    }
+                </div>
+            }
+            else
+            {
+                using (Html.BeginForm("ChangeMultiFactorAuthentication", "Users", FormMethod.Post, new { aria_label = "Change multi-factor authentication setting" }))
                 {
                     @Html.AntiForgeryToken()
 
-                    <div class="row form-group">
-                        <div class="col-sm-6">
-                            <button class="btn btn-danger btn-block" type="submit"
-                                    data-confirm="This action will replace all of your linked accounts and password login with the new login account. Are you sure you want to change your login account?">
-                                Change Account
-                            </button>
-                        </div>
-                        <div class="col-sm-6">
-                            <a href="#" role="button" class="btn btn-default btn-block" id="cancel-change-credential-@cred.Key">
-                                Cancel
-                            </a>
-                        </div>
+                    @Html.Hidden("enableMultiFactor", !Model.User.EnableMultiFactorAuthentication);
+                    <div class="login-account-row">
+                        @if (Model.User.EnableMultiFactorAuthentication)
+                        {
+                            <span>
+                                Two-factor authentication is currently enabled <i class="ms-Icon ms-Icon--CheckMark checkmark-icon" aria-hidden="true"></i>
+                            </span>
+                            <span class="col-sm-3">
+                                <button class="btn btn-danger btn-block" type="submit"
+                                        data-confirm="This action will disable 2FA, making your account less secure. Are you sure you want to disable this setting?">
+                                    Disable
+                                </button>
+                            </span>
+                        }
+                        else
+                        {
+                            <span>
+                                Two-factor authentication is currently disabled <i class="ms-Icon ms-Icon--Warning warning-icon" aria-hidden="true"></i>
+                            </span>
+                            <span class="col-sm-3">
+                                <button class="btn btn-default btn-block" type="submit">Enable</button>
+                            </span>
+                        }
                     </div>
                 }
-            </text>)
+            }
+        </text>)
 }
\ No newline at end of file
diff --git a/src/NuGetGallery/Views/Users/_UserAccountChangePassword.cshtml b/src/NuGetGallery/Views/Users/_UserAccountChangePassword.cshtml
index 2164019aac..40fd10da77 100644
--- a/src/NuGetGallery/Views/Users/_UserAccountChangePassword.cshtml
+++ b/src/NuGetGallery/Views/Users/_UserAccountChangePassword.cshtml
@@ -16,22 +16,40 @@
         @<text>
         @if (CurrentUser.Confirmed)
         {
-            using (Html.BeginForm("ChangePassword", "Users"))
+            using (Html.BeginForm("ChangePassword", "Users", FormMethod.Post, new { aria_label = "Change password login" }))
             {
                 @Html.AntiForgeryToken()
                 @Html.ShowValidationMessagesFor(m => m.ChangePassword)
 
+                if (Config.Current.DeprecateNuGetPasswordLogins)
+                {
+                    <div class="form-group">
+                        @if (Model.SignInCredentialCount > 1)
+                        {
+                            <span>
+                                <i class="ms-Icon ms-Icon--Warning warning-icon"></i> Password login is deprecated, please disable this login.
+                            </span>
+                        }
+                        else
+                        {
+                            <span>
+                                <i class="ms-Icon ms-Icon--Warning warning-icon"></i> Password login is deprecated, please link to a Microsoft account and disable this login.
+                            </span>
+                        }
+                    </div>
+                }
+
                 if (Model.SignInCredentialCount > 1)
                 {
-                    <div class="form-group @Html.HasErrorFor(m => m.ChangePassword.EnablePasswordLogin)">
-                        @Html.ShowCheckboxFor(m => m.ChangePassword.EnablePasswordLogin)
-                        @Html.ShowLabelFor(m => m.ChangePassword.EnablePasswordLogin)
-                        @Html.ShowValidationMessagesFor(m => m.ChangePassword.EnablePasswordLogin)
+                    <div class="form-group @Html.HasErrorFor(m => m.ChangePassword.DisablePasswordLogin)">
+                        @Html.ShowCheckboxFor(m => m.ChangePassword.DisablePasswordLogin)
+                        @Html.ShowLabelFor(m => m.ChangePassword.DisablePasswordLogin)
+                        @Html.ShowValidationMessagesFor(m => m.ChangePassword.DisablePasswordLogin)
                     </div>
                 }
                 else
                 {
-                    @Html.HiddenFor(m => m.ChangePassword.EnablePasswordLogin);
+                    @Html.HiddenFor(m => m.ChangePassword.DisablePasswordLogin);
                 }
 
                 if (Model.HasPassword)
diff --git a/src/NuGetGallery/Views/Users/_UserOrganizationsListForDeletedAccount.cshtml b/src/NuGetGallery/Views/Users/_UserOrganizationsListForDeletedAccount.cshtml
new file mode 100644
index 0000000000..8622ee10dc
--- /dev/null
+++ b/src/NuGetGallery/Views/Users/_UserOrganizationsListForDeletedAccount.cshtml
@@ -0,0 +1,73 @@
+@model IEnumerable<ManageOrganizationsItemViewModel>
+
+@if (!Model.Any())
+{
+    <p>This account is not a member of any organizations.</p>
+
+    return;
+}
+
+<div class="row user-package-list align-left">
+    <div class="col-md-12 align-left ">
+        <div class="panel-collapse collapse in" id="organizations-list" aria-expanded="true">
+            <div class="list-packages" role="list">
+                <table class="table align-left">
+                    <thead>
+                        <tr class="manage-package-headings">
+                            <th class="hidden-xs"></th>
+                            <th class="hidden-xs"></th>
+                            <th>Organization</th>
+                            <th>Membership</th>
+                            <th>Members</th>
+                            <th>Packages</th>
+                            <th></th>
+                        </tr>
+                    </thead>
+                    <tbody>
+                        @foreach (var organization in Model)
+                        {
+                            <tr class="manage-package-listing">
+                                <td class="align-middle ">
+                                    @if (organization.MemberCount == 1)
+                                    {
+                                        <i class="ms-Icon ms-Icon--StatusErrorFull red-check" title="After account delete the organization will not have any members."></i>
+                                    }
+                                    else
+                                    {
+                                        <i class="ms-Icon ms-Icon--CompletedSolid green-check" title="After account delete the organization will still have at least one member."></i>
+                                    }
+                                </td>
+                                <td class="align-middle hidden-xs">
+                                    <img src="@GravatarHelper.Url(organization.EmailAddress, 256)" class="package-icon img-responsive" aria-hidden="true" alt="" />
+                                </td>
+                                <td class="align-middle package-id">
+                                    <a title="View Organization Profile" href="@Url.User(organization.OrganizationName)">
+                                        @organization.OrganizationName
+                                    </a>
+                                    @if (organization.IsPendingRequest)
+                                    {
+                                        <span>(pending approval)</span>
+                                    }
+                                </td>
+                                <td class="align-middle">
+                                    @(organization.CurrentUserIsAdmin ? "Administrator" : "Collaborator")
+                                </td>
+                                <td class="align-middle text-nowrap">
+                                    @organization.MemberCount
+                                </td>
+                                <td class="align-middle text-nowrap">
+                                    @organization.PackagesCount
+                                </td>
+                                <td class="text-right align-middle package-controls">
+                                    <a class="btn" href="@Url.ManageMyOrganization(organization.OrganizationName)" title="Edit Organization" aria-label="@("Edit Organization " + organization.OrganizationName)">
+                                        <i class="ms-Icon ms-Icon--Edit" aria-hidden="true"></i>
+                                    </a>
+                                </td>
+                            </tr>
+                        }
+                    </tbody>
+                </table>
+            </div>
+        </div>
+    </div>
+</div>
\ No newline at end of file
diff --git a/src/NuGetGallery/Views/Users/_UserPackagesListForDeletedAccount.cshtml b/src/NuGetGallery/Views/Users/_UserPackagesListForDeletedAccount.cshtml
index cb8e5051a9..8c8a2173c4 100644
--- a/src/NuGetGallery/Views/Users/_UserPackagesListForDeletedAccount.cshtml
+++ b/src/NuGetGallery/Views/Users/_UserPackagesListForDeletedAccount.cshtml
@@ -1,8 +1,20 @@
-@model ManagePackagesListViewModel
+@model DeleteAccountViewModel
+@{
+    var isOrganization = Model.User is Organization;
+    var hasSingleOwnerMessage = isOrganization ? "You must transfer ownership of this package before you can delete your organization." : "After account deletion, this package will not have any owners.";
+    var hasMultipleOwnersMessage = isOrganization ? "You do not need to transfer ownership of this package before you can delete your organization." : "After account deletion, this package will still have at least one owner.";
+}
+
+@if (!Model.Packages.Any())
+{
+    <p>This account owns no packages.</p>
+
+    return;
+}
 
 <div class="row user-package-list align-left">
     <div class="col-md-12 align-left ">
-        <div class="panel-collapse collapse in" id="packages-@Model.Name" aria-expanded="true">
+        <div class="panel-collapse collapse in" id="packages-Packages" aria-expanded="true">
             <div class="list-packages" role="list">
                 <table class="table align-left">
                     <thead>
@@ -13,7 +25,7 @@
                             <th>Owners</th>
                             <th>Downloads</th>
                             <th>Latest Version</th>
-                            <th></th>
+                            <th class="hidden-xs"></th>
                         </tr>
                     </thead>
                     <tbody>
@@ -21,13 +33,13 @@
                     {
                         <tr class="manage-package-listing">
                             <td class="align-middle ">
-                                @if (package.HasSingleOwner)
+                                @if (isOrganization ? package.HasSingleOrganizationOwner : package.HasSingleUserOwner)
                                 {
-                                    <i class="ms-Icon ms-Icon--StatusErrorFull red-check" title="After account delete the package will not have any owners."></i>
+                                    <i class="ms-Icon ms-Icon--StatusErrorFull red-check" title="@hasSingleOwnerMessage"></i>
                                 }
                                 else
                                 {
-                                    <i class="ms-Icon ms-Icon--CompletedSolid green-check" title="After account delete the package will still have at least one owner."></i>
+                                    <i class="ms-Icon ms-Icon--CompletedSolid green-check" title="@hasMultipleOwnersMessage"></i>
                                 }
                             </td>
                             <td class="align-middle hidden-xs">
@@ -35,15 +47,35 @@
                                      src="@(PackageHelper.ShouldRenderUrl(package.IconUrl) ? package.IconUrl : Url.Absolute("~/Content/gallery/img/default-package-icon.svg"))"
                                      @ViewHelpers.ImageFallback(Url.Absolute("~/Content/gallery/img/default-package-icon-256x256.png")) />
                             </td>
-                            <td class="align-middle package-id"><a href="@Url.Package(package.Id)">@Html.BreakWord(package.Id)</a></td>
+                            <td class="align-middle package-id"><a href="@Url.Package(package.Id)">@Html.BreakWord(package.Id.Abbreviate(40))</a></td>
                             <td class="align-middle">
-                                @foreach (var owner in package.Owners)
-                                {
-                                    @ViewHelpers.UserLinkWithIcon(Url, owner);
+                                @{ 
+                                    var index = -1;
+                                    var ownerCount = package.Owners.Count;
+                                    foreach (var owner in package.Owners)
+                                    {
+                                        index++;
+                                        if (index < 2)
+                                        {
+                                            @ViewHelpers.UserLinkWithIcon(Url, owner);
+                                            if (index < ownerCount - 1)
+                                            {
+                                                <text>,&nbsp;</text>
+                                            }
+                                        }
+                                        else if (index == 2)
+                                        {
+                                            if (ownerCount > 2)
+                                            {
+                                                <span class="ms-noWrap">+ @(ownerCount - 1)</span>
+                                            }
+                                            break;
+                                        }
+                                    }
                                 }
                             </td>
                             <td class="align-middle text-nowrap">@package.TotalDownloadCount.ToNuGetNumberString()</td>
-                            <td class="align-middle text-nowrap">@package.FullVersion.Abbreviate(25)</td>
+                            <td class="align-middle text-nowrap">@package.FullVersion.Abbreviate(15)</td>
                             <td class="text-right align-middle package-controls">
                                 <a href="@Url.ManagePackageOwners(package)" class="btn" title="Manage Owners" aria-label="Manage Owners for Package @package.Id">
                                     <i class="ms-Icon ms-Icon--People" aria-hidden="true"></i>
diff --git a/src/NuGetGallery/Web.config b/src/NuGetGallery/Web.config
index 721c70aaf2..6793fcd465 100644
--- a/src/NuGetGallery/Web.config
+++ b/src/NuGetGallery/Web.config
@@ -28,6 +28,7 @@
     <!-- The storage type to use. Can be FileSystem (default) or AzureStorage -->
 
     <add key="Gallery.AzureStorage.Auditing.ConnectionString" value="" />
+    <add key="Gallery.AzureStorage.UserCertificates.ConnectionString" value="" />
     <add key="Gallery.AzureStorage.Content.ConnectionString" value="" />
     <add key="Gallery.AzureStorage.Errors.ConnectionString" value="" />
     <add key="Gallery.AzureStorage.Packages.ConnectionString" value="" />
diff --git a/src/NuGetGallery/packages.config b/src/NuGetGallery/packages.config
index f2161d5065..e266cf900e 100644
--- a/src/NuGetGallery/packages.config
+++ b/src/NuGetGallery/packages.config
@@ -89,16 +89,15 @@
   <package id="NuGet.Packaging" version="4.3.0-preview1-2524" targetFramework="net46" />
   <package id="NuGet.Packaging.Core" version="4.3.0-preview1-2524" targetFramework="net46" />
   <package id="NuGet.Protocol" version="4.3.0-preview1-2524" targetFramework="net46" />
-  <package id="NuGet.Services.Contracts" version="2.10.0" targetFramework="net46" />
+  <package id="NuGet.Services.Contracts" version="2.25.0-master-30191" targetFramework="net46" />
   <package id="NuGet.Services.KeyVault" version="1.0.0.0" targetFramework="net46" />
   <package id="NuGet.Services.Logging" version="2.2.3.0" targetFramework="net46" />
   <package id="NuGet.Services.Owin" version="2.2.3" targetFramework="net46" />
   <package id="NuGet.Services.Platform.Client" version="3.0.29-r-master" targetFramework="net46" />
-  <package id="NuGet.Services.ServiceBus" version="2.10.0" targetFramework="net46" />
-  <package id="NuGet.Services.Validation" version="2.10.0" targetFramework="net46" />
-  <package id="NuGet.Services.Validation.Issues" version="2.10.0" targetFramework="net46" />
+  <package id="NuGet.Services.ServiceBus" version="2.25.0-master-30191" targetFramework="net46" />
+  <package id="NuGet.Services.Validation" version="2.25.0-master-30191" targetFramework="net46" />
+  <package id="NuGet.Services.Validation.Issues" version="2.25.0-master-30191" targetFramework="net46" />
   <package id="NuGet.Versioning" version="4.3.0-preview1-2524" targetFramework="net46" />
-  <package id="ODataNullPropagationVisitor" version="0.5.4237.2641" targetFramework="net46" />
   <package id="Owin" version="1.0" targetFramework="net46" />
   <package id="PoliteCaptcha" version="0.4.0.1" targetFramework="net46" />
   <package id="QueryInterceptor" version="0.1.4237.2400" targetFramework="net46" />
@@ -123,7 +122,6 @@
   <package id="System.IO" version="4.1.0" targetFramework="net46" />
   <package id="System.Linq" version="4.1.0" targetFramework="net46" />
   <package id="System.Linq.Expressions" version="4.1.0" targetFramework="net46" />
-  <package id="System.Net.Http" version="4.1.0" targetFramework="net46" />
   <package id="System.Net.Primitives" version="4.0.11" targetFramework="net46" />
   <package id="System.Reflection" version="4.1.0" targetFramework="net46" />
   <package id="System.Reflection.Extensions" version="4.0.1" targetFramework="net46" />
diff --git a/tests/NuGetGallery.Core.Facts/Auditing/AuditRecordTests.cs b/tests/NuGetGallery.Core.Facts/Auditing/AuditRecordTests.cs
index 5e7b9453ee..6c1ceab107 100644
--- a/tests/NuGetGallery.Core.Facts/Auditing/AuditRecordTests.cs
+++ b/tests/NuGetGallery.Core.Facts/Auditing/AuditRecordTests.cs
@@ -14,13 +14,16 @@ public void SubclassingTypeSet_HasNotChanged()
         {
             // New records need to be added here.
             HashSet<string> expectedAuditRecords = new HashSet<string>()
-            {"NuGetGallery.Auditing.DeleteAccountAuditRecord",
-             "NuGetGallery.Auditing.FailedAuthenticatedOperationAuditRecord",
-             "NuGetGallery.Auditing.PackageAuditRecord",
-             "NuGetGallery.Auditing.PackageRegistrationAuditRecord",
-             "NuGetGallery.Auditing.ReservedNamespaceAuditRecord",
-             "NuGetGallery.Auditing.UserAuditRecord",
-             "NuGetGallery.Auditing.UserSecurityPolicyAuditRecord"};
+            {
+                "NuGetGallery.Auditing.CertificateAuditRecord",
+                "NuGetGallery.Auditing.DeleteAccountAuditRecord",
+                "NuGetGallery.Auditing.FailedAuthenticatedOperationAuditRecord",
+                "NuGetGallery.Auditing.PackageAuditRecord",
+                "NuGetGallery.Auditing.PackageRegistrationAuditRecord",
+                "NuGetGallery.Auditing.ReservedNamespaceAuditRecord",
+                "NuGetGallery.Auditing.UserAuditRecord",
+                "NuGetGallery.Auditing.UserSecurityPolicyAuditRecord"
+            };
 
             var actualAuditRecordTypeNames = typeof(AuditRecord).Assembly.GetTypes()
                 .Where(type => type.IsClass && !type.IsAbstract && type.IsSubclassOf(typeof(AuditRecord)))
diff --git a/tests/NuGetGallery.Core.Facts/Auditing/AuditedCertificateActionTests.cs b/tests/NuGetGallery.Core.Facts/Auditing/AuditedCertificateActionTests.cs
new file mode 100644
index 0000000000..9630e415ee
--- /dev/null
+++ b/tests/NuGetGallery.Core.Facts/Auditing/AuditedCertificateActionTests.cs
@@ -0,0 +1,23 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Xunit;
+
+namespace NuGetGallery.Auditing
+{
+    public class AuditedCertificateActionTests : EnumTests
+    {
+        [Fact]
+        public void Definition_HasNotChanged()
+        {
+            var expectedNames = new[]
+            {
+                "Add",
+                "Activate",
+                "Deactivate"
+            };
+
+            Verify(typeof(AuditedCertificateAction), expectedNames);
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/NuGetGallery.Core.Facts/Auditing/AuditedPackageRegistrationActionTests.cs b/tests/NuGetGallery.Core.Facts/Auditing/AuditedPackageRegistrationActionTests.cs
index e07535e679..95da34dd65 100644
--- a/tests/NuGetGallery.Core.Facts/Auditing/AuditedPackageRegistrationActionTests.cs
+++ b/tests/NuGetGallery.Core.Facts/Auditing/AuditedPackageRegistrationActionTests.cs
@@ -15,7 +15,8 @@ public void Definition_HasNotChanged()
                 "AddOwner",
                 "RemoveOwner",
                 "MarkVerified",
-                "MarkUnverified"
+                "MarkUnverified",
+                "SetRequiredSigner"
             };
 
             Verify(typeof(AuditedPackageRegistrationAction), expectedNames);
diff --git a/tests/NuGetGallery.Core.Facts/Auditing/AuditedUserActionTests.cs b/tests/NuGetGallery.Core.Facts/Auditing/AuditedUserActionTests.cs
index 6ab9a28cc9..859c084e64 100644
--- a/tests/NuGetGallery.Core.Facts/Auditing/AuditedUserActionTests.cs
+++ b/tests/NuGetGallery.Core.Facts/Auditing/AuditedUserActionTests.cs
@@ -23,7 +23,12 @@ public void Definition_HasNotChanged()
                 "RemoveCredential",
                 "RequestPasswordReset",
                 "SubscribeToPolicies",
-                "UnsubscribeFromPolicies"
+                "UnsubscribeFromPolicies",
+                "AddOrganization",
+                "TransformOrganization",
+                "AddOrganizationMember",
+                "RemoveOrganizationMember",
+                "UpdateOrganizationMember"
             };
 
             Verify(typeof(AuditedUserAction), expectedNames);
diff --git a/tests/NuGetGallery.Core.Facts/Auditing/CertificateAuditRecordFacts.cs b/tests/NuGetGallery.Core.Facts/Auditing/CertificateAuditRecordFacts.cs
new file mode 100644
index 0000000000..7404111ddd
--- /dev/null
+++ b/tests/NuGetGallery.Core.Facts/Auditing/CertificateAuditRecordFacts.cs
@@ -0,0 +1,55 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Xunit;
+
+namespace NuGetGallery.Auditing
+{
+    public class CertificateAuditRecordFacts
+    {
+        [Theory]
+        [InlineData(null)]
+        [InlineData("")]
+        public void Constructor_WhenThumbprintIsInvalid_Throws(string thumbprint)
+        {
+            var exception = Assert.Throws<ArgumentException>(
+                () => new CertificateAuditRecord(AuditedCertificateAction.Activate, thumbprint));
+
+            Assert.Equal("thumbprint", exception.ParamName);
+            Assert.StartsWith("The argument cannot be null or empty.", exception.Message);
+        }
+
+        [Fact]
+        public void Constructor_WhenThumbprintIsUnexpectedLength_Throws()
+        {
+            var exception = Assert.Throws<ArgumentException>(
+                () => new CertificateAuditRecord(AuditedCertificateAction.Activate, thumbprint: "a"));
+
+            Assert.Equal("thumbprint", exception.ParamName);
+            Assert.StartsWith("The thumbprint is expected to be a SHA-256 thumbprint, which is exactly 64 characters in length.  Did the hash algorithm change?", exception.Message);
+        }
+
+        [Fact]
+        public void Constructor_InitializesProperties()
+        {
+            const string thumbprint = "ab53695a51124faada4ca40d776f6ca59afdfa37506df9f5e02782545373f727";
+
+            var record = new CertificateAuditRecord(AuditedCertificateAction.Activate, thumbprint);
+
+            Assert.Equal(AuditedCertificateAction.Activate, record.Action);
+            Assert.Equal(thumbprint, record.Thumbprint);
+            Assert.Equal("SHA-256", record.HashAlgorithm);
+        }
+
+        [Theory]
+        [InlineData("ab53695a51124faada4ca40d776f6ca59afdfa37506df9f5e02782545373f727")]
+        [InlineData("AB53695A51124FAADA4CA40D776F6CA59AFDFA37506DF9F5E02782545373F727")]
+        public void GetPath_ReturnsLowercasedThumbprint(string thumbprint)
+        {
+            var record = new CertificateAuditRecord(AuditedCertificateAction.Add, thumbprint);
+
+            Assert.Equal(thumbprint.ToLowerInvariant(), record.GetPath());
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/NuGetGallery.Core.Facts/Auditing/PackageRegistrationAuditRecordTests.cs b/tests/NuGetGallery.Core.Facts/Auditing/PackageRegistrationAuditRecordTests.cs
index d476133534..80332888e3 100644
--- a/tests/NuGetGallery.Core.Facts/Auditing/PackageRegistrationAuditRecordTests.cs
+++ b/tests/NuGetGallery.Core.Facts/Auditing/PackageRegistrationAuditRecordTests.cs
@@ -1,6 +1,8 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
+using System.Collections.Generic;
 using Xunit;
 
 namespace NuGetGallery.Auditing
@@ -34,5 +36,84 @@ public void GetPath_ReturnsLowerCasedId()
 
             Assert.Equal("a", actualPath);
         }
+
+        [Fact]
+        public void CreateForSetRequiredSigner_WhenRegistrationIsNull_Throws()
+        {
+            var exception = Assert.Throws<ArgumentNullException>(
+                () => PackageRegistrationAuditRecord.CreateForSetRequiredSigner(
+                    registration: null,
+                    previousRequiredSigner: "a",
+                    newRequiredSigner: "b"));
+
+            Assert.Equal("registration", exception.ParamName);
+        }
+
+        [Theory]
+        [MemberData(nameof(RequiredSignerTests))]
+        public void CreateForSetRequiredSigner_InitializesProperties(RequiredSignerTest test)
+        {
+            var record = PackageRegistrationAuditRecord.CreateForSetRequiredSigner(
+                test.PackageRegistration, test.PreviousRequiredSigner, test.NewRequiredSigner);
+
+            Assert.Equal(AuditedPackageRegistrationAction.SetRequiredSigner, record.Action);
+            Assert.Equal(test.PackageRegistration.Id, record.Id);
+            Assert.Equal(test.PreviousRequiredSigner, record.PreviousRequiredSigner);
+            Assert.Equal(test.NewRequiredSigner, record.NewRequiredSigner);
+            Assert.Null(record.Owner);
+            Assert.Equal(test.PackageRegistration.Id, record.RegistrationRecord.Id);
+        }
+
+        public static IEnumerable<RequiredSignerTest[]> RequiredSignerTests
+        {
+            get
+            {
+                var packageRegistration = new PackageRegistration()
+                {
+                    Id = "a"
+                };
+
+                yield return new[]
+                {
+                    new RequiredSignerTest(
+                        packageRegistration,
+                        previousRequiredSigner: null,
+                        newRequiredSigner: "b")
+                };
+
+                yield return new[]
+                {
+                    new RequiredSignerTest(
+                        packageRegistration,
+                        previousRequiredSigner: "b",
+                        newRequiredSigner: null)
+                };
+
+                yield return new[]
+                {
+                    new RequiredSignerTest(
+                        packageRegistration,
+                        previousRequiredSigner: "b",
+                        newRequiredSigner: "c")
+                };
+            }
+        }
+
+        public sealed class RequiredSignerTest
+        {
+            internal PackageRegistration PackageRegistration { get; }
+            internal string PreviousRequiredSigner { get; }
+            internal string NewRequiredSigner { get; }
+
+            internal RequiredSignerTest(
+                PackageRegistration registration,
+                string previousRequiredSigner,
+                string newRequiredSigner)
+            {
+                PackageRegistration = registration;
+                PreviousRequiredSigner = previousRequiredSigner;
+                NewRequiredSigner = newRequiredSigner;
+            }
+        }
     }
 }
\ No newline at end of file
diff --git a/tests/NuGetGallery.Core.Facts/Certificates/CertificateFileFacts.cs b/tests/NuGetGallery.Core.Facts/Certificates/CertificateFileFacts.cs
new file mode 100644
index 0000000000..527cd91765
--- /dev/null
+++ b/tests/NuGetGallery.Core.Facts/Certificates/CertificateFileFacts.cs
@@ -0,0 +1,58 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.IO;
+using System.Text;
+using Xunit;
+
+namespace NuGetGallery.Certificates
+{
+    public class CertificateFileFacts
+    {
+        [Fact]
+        public void Create_WhenStreamIsNull_Throws()
+        {
+            var exception = Assert.Throws<ArgumentNullException>(() => CertificateFile.Create(stream: null));
+
+            Assert.Equal("stream", exception.ParamName);
+        }
+
+        [Fact]
+        public void Create_CreatesReadOnlyCopyOfStream()
+        {
+            using (var stream = new MemoryStream())
+            {
+                var file = CertificateFile.Create(stream);
+
+                Assert.False(file.Stream.CanWrite);
+                Assert.Equal(0, file.Stream.Position);
+                Assert.NotSame(stream, file.Stream);
+            }
+        }
+
+        [Fact]
+        public void Create_HashesEmptyStream()
+        {
+            using (var stream = new MemoryStream())
+            {
+                var file = CertificateFile.Create(stream);
+
+                Assert.Equal("da39a3ee5e6b4b0d3255bfef95601890afd80709", file.Sha1Thumbprint);
+                Assert.Equal("e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", file.Sha256Thumbprint);
+            }
+        }
+
+        [Fact]
+        public void Create_HashesStream()
+        {
+            using (var stream = new MemoryStream(Encoding.UTF8.GetBytes("abc")))
+            {
+                var file = CertificateFile.Create(stream);
+
+                Assert.Equal("a9993e364706816aba3e25717850c26c9cd0d89d", file.Sha1Thumbprint);
+                Assert.Equal("ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad", file.Sha256Thumbprint);
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/NuGetGallery.Core.Facts/Extensions/PackageRegistrationExtensionsFacts.cs b/tests/NuGetGallery.Core.Facts/Extensions/PackageRegistrationExtensionsFacts.cs
new file mode 100644
index 0000000000..6acc61f210
--- /dev/null
+++ b/tests/NuGetGallery.Core.Facts/Extensions/PackageRegistrationExtensionsFacts.cs
@@ -0,0 +1,593 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Xunit;
+
+namespace NuGetGallery.Extensions
+{
+    public class PackageRegistrationExtensionsFacts
+    {
+        public class TheIsSigningRequiredMethod
+        {
+            private readonly Package _package;
+            private readonly PackageRegistration _packageRegistration;
+            private readonly User _user;
+
+            public TheIsSigningRequiredMethod()
+            {
+                _user = new User()
+                {
+                    Key = 1,
+                    Username = "a"
+                };
+                _packageRegistration = new PackageRegistration()
+                {
+                    Key = 2,
+                    Id = "b"
+                };
+                _package = new Package()
+                {
+                    Key = 3,
+                    PackageRegistration = _packageRegistration
+                };
+
+                _packageRegistration.Owners.Add(_user);
+            }
+
+            [Fact]
+            public void IsSigningRequired_WhenPackageRegistrationIsNull_Throws()
+            {
+                var exception = Assert.Throws<ArgumentNullException>(
+                    () => PackageRegistrationExtensions.IsSigningRequired(packageRegistration: null));
+
+                Assert.Equal("packageRegistration", exception.ParamName);
+            }
+
+            [Fact]
+            public void IsSigningRequired_WithOneOwner_WhenRequiredSignerIsNullAndOwnerHasNoCertificate_ReturnsFalse()
+            {
+                Assert.False(_packageRegistration.IsSigningRequired());
+            }
+
+            [Fact]
+            public void IsSigningRequired_WithOneOwner_WhenRequiredSignerIsNullAndOwnerHasCertificate_ReturnsTrue()
+            {
+                _user.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 4,
+                    User = _user,
+                    UserKey = _user.Key
+                });
+
+                Assert.True(_packageRegistration.IsSigningRequired());
+            }
+
+            [Fact]
+            public void IsSigningRequired_WithTwoOwners_WhenRequiredSignerIsNullAndOnlyOwnerHasCertificate_ReturnsFalse()
+            {
+                var otherOwner = new User()
+                {
+                    Key = 4,
+                    Username = "d"
+                };
+
+                _user.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 5,
+                    User = _user,
+                    UserKey = _user.Key
+                });
+
+                _packageRegistration.Owners.Add(otherOwner);
+
+                Assert.False(_packageRegistration.IsSigningRequired());
+            }
+
+            [Fact]
+            public void IsSigningRequired_WithTwoOwners_WhenRequiredSignerIsNullAndOnlyOtherOwnerHasCertificate_ReturnsFalse()
+            {
+                var otherOwner = new User()
+                {
+                    Key = 4,
+                    Username = "d"
+                };
+                otherOwner.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 5,
+                    User = otherOwner,
+                    UserKey = otherOwner.Key
+                });
+
+                _packageRegistration.Owners.Add(otherOwner);
+
+                Assert.False(_packageRegistration.IsSigningRequired());
+            }
+
+            [Fact]
+            public void IsSigningRequired_WithOneOwner_WhenRequiredSignerIsOwnerAndOwnerHasNoCertificate_ReturnsFalse()
+            {
+                _packageRegistration.RequiredSigners.Add(_user);
+
+                Assert.False(_packageRegistration.IsSigningRequired());
+            }
+
+            [Fact]
+            public void IsSigningRequired_WithOneOwner_WhenRequiredSignerIsOwnerAndOwnerHasCertificate_ReturnsTrue()
+            {
+                _user.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 4,
+                    User = _user,
+                    UserKey = _user.Key
+                });
+
+                _packageRegistration.RequiredSigners.Add(_user);
+
+                Assert.True(_packageRegistration.IsSigningRequired());
+            }
+
+            [Fact]
+            public void IsSigningRequired_WithTwoOwners_WhenRequiredSignerIsOwnerAndOnlyOwnerHasCertificate_ReturnsTrue()
+            {
+                var otherOwner = new User()
+                {
+                    Key = 4,
+                    Username = "d"
+                };
+                _user.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 5,
+                    User = _user,
+                    UserKey = _user.Key
+                });
+
+                _packageRegistration.Owners.Add(otherOwner);
+                _packageRegistration.RequiredSigners.Add(_user);
+
+                Assert.True(_packageRegistration.IsSigningRequired());
+            }
+
+            [Fact]
+            public void IsSigningRequired_WithTwoOwners_WhenRequiredSignerIsOwnerAndOnlyOtherOwnerHasCertificate_ReturnsFalse()
+            {
+                var otherOwner = new User()
+                {
+                    Key = 4,
+                    Username = "d"
+                };
+                otherOwner.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 5,
+                    User = otherOwner,
+                    UserKey = otherOwner.Key
+                });
+
+                _packageRegistration.Owners.Add(otherOwner);
+                _packageRegistration.RequiredSigners.Add(_user);
+
+                Assert.False(_packageRegistration.IsSigningRequired());
+            }
+
+            [Fact]
+            public void IsSigningRequired_WithTwoOwners_WhenRequiredSignerIsOwnerAndAllOwnersHaveCertificate_ReturnsTrue()
+            {
+                _user.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 5,
+                    User = _user,
+                    UserKey = _user.Key
+                });
+                var otherOwner = new User()
+                {
+                    Key = 4,
+                    Username = "d"
+                };
+                otherOwner.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 6,
+                    User = otherOwner,
+                    UserKey = otherOwner.Key
+                });
+
+                _packageRegistration.Owners.Add(otherOwner);
+                _packageRegistration.RequiredSigners.Add(_user);
+
+                Assert.True(_packageRegistration.IsSigningRequired());
+            }
+        }
+
+        public class TheIsAcceptableSigningCertificateMethod
+        {
+            private readonly Package _package;
+            private readonly PackageRegistration _packageRegistration;
+            private readonly User _user;
+            private readonly Certificate _certificate;
+
+            public TheIsAcceptableSigningCertificateMethod()
+            {
+                _user = new User()
+                {
+                    Key = 1,
+                    Username = "a"
+                };
+                _packageRegistration = new PackageRegistration()
+                {
+                    Key = 2,
+                    Id = "b"
+                };
+                _package = new Package()
+                {
+                    Key = 3,
+                    PackageRegistration = _packageRegistration
+                };
+                _certificate = new Certificate()
+                {
+                    Key = 4,
+                    Thumbprint = "c"
+                };
+
+                _packageRegistration.Owners.Add(_user);
+            }
+
+            [Fact]
+            public void IsAcceptableSigningCertificate_WhenPackageRegistrationIsNull_Throws()
+            {
+                var exception = Assert.Throws<ArgumentNullException>(
+                    () => PackageRegistrationExtensions.IsAcceptableSigningCertificate(packageRegistration: null, thumbprint: "a"));
+
+                Assert.Equal("packageRegistration", exception.ParamName);
+            }
+
+            [Theory]
+            [InlineData(null)]
+            [InlineData("")]
+            [InlineData(" ")]
+            public void IsAcceptableSigningCertificate_WhenThumbprintIsInvalid_Throws(string thumbprint)
+            {
+                var exception = Assert.Throws<ArgumentException>(
+                    () => _packageRegistration.IsAcceptableSigningCertificate(thumbprint));
+
+                Assert.Equal("thumbprint", exception.ParamName);
+                Assert.StartsWith("The argument cannot be null or empty.", exception.Message);
+            }
+
+            [Fact]
+            public void IsAcceptableSigningCertificate_WithDifferentlyCasedThumbprint_ReturnsTrue()
+            {
+                _user.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 5,
+                    User = _user,
+                    UserKey = _user.Key,
+                    Certificate = _certificate,
+                    CertificateKey = _certificate.Key
+                });
+
+                Assert.True(_packageRegistration.IsAcceptableSigningCertificate(_certificate.Thumbprint.ToUpperInvariant()));
+            }
+
+            [Fact]
+            public void IsAcceptableSigningCertificate_WithOneOwner_WhenRequiredSignerIsNullAndOwnerHasNoCertificate_ReturnsFalse()
+            {
+                Assert.False(_packageRegistration.IsAcceptableSigningCertificate(_certificate.Thumbprint));
+            }
+
+            [Fact]
+            public void IsAcceptableSigningCertificate_WithOneOwner_WhenRequiredSignerIsNullAndOwnerHasNonMatchingCertificate_ReturnsFalse()
+            {
+                _user.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 5,
+                    User = _user,
+                    UserKey = _user.Key,
+                    Certificate = _certificate,
+                    CertificateKey = _certificate.Key
+                });
+
+                Assert.False(_packageRegistration.IsAcceptableSigningCertificate(thumbprint: "nonmatching"));
+            }
+
+            [Fact]
+            public void IsAcceptableSigningCertificate_WithOneOwner_WhenRequiredSignerIsNullAndOwnerHasMatchingCertificate_ReturnsTrue()
+            {
+                _user.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 5,
+                    User = _user,
+                    UserKey = _user.Key,
+                    Certificate = _certificate,
+                    CertificateKey = _certificate.Key
+                });
+
+                Assert.True(_packageRegistration.IsAcceptableSigningCertificate(_certificate.Thumbprint));
+            }
+
+            [Fact]
+            public void IsAcceptableSigningCertificate_WithTwoOwners_WhenRequiredSignerIsNullAndOnlyOwnerHasNonMatchingCertificate_ReturnsFalse()
+            {
+                var otherOwner = new User()
+                {
+                    Key = 5,
+                    Username = "d"
+                };
+
+                _user.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 6,
+                    User = _user,
+                    UserKey = _user.Key,
+                    Certificate = _certificate,
+                    CertificateKey = _certificate.Key
+                });
+
+                _packageRegistration.Owners.Add(otherOwner);
+
+                Assert.False(_packageRegistration.IsAcceptableSigningCertificate(thumbprint: "nonmatching"));
+            }
+
+            [Fact]
+            public void IsAcceptableSigningCertificate_WithTwoOwners_WhenRequiredSignerIsNullAndOnlyOwnerHasMatchingCertificate_ReturnsTrue()
+            {
+                var otherOwner = new User()
+                {
+                    Key = 5,
+                    Username = "d"
+                };
+
+                _user.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 5,
+                    User = _user,
+                    UserKey = _user.Key,
+                    Certificate = _certificate,
+                    CertificateKey = _certificate.Key
+                });
+
+                _packageRegistration.Owners.Add(otherOwner);
+
+                Assert.True(_packageRegistration.IsAcceptableSigningCertificate(_certificate.Thumbprint));
+            }
+
+            [Fact]
+            public void IsAcceptableSigningCertificate_WithTwoOwners_WhenRequiredSignerIsNullAndOnlyOtherOwnerHasNonMatchingCertificate_ReturnsFalse()
+            {
+                var otherOwner = new User()
+                {
+                    Key = 5,
+                    Username = "d"
+                };
+                otherOwner.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 6,
+                    User = otherOwner,
+                    UserKey = otherOwner.Key,
+                    Certificate = _certificate,
+                    CertificateKey = _certificate.Key
+                });
+
+                _packageRegistration.Owners.Add(otherOwner);
+
+                Assert.False(_packageRegistration.IsAcceptableSigningCertificate(thumbprint: "nonmatching"));
+            }
+
+            [Fact]
+            public void IsAcceptableSigningCertificate_WithTwoOwners_WhenRequiredSignerIsNullAndOnlyOtherOwnerHasMatchingCertificate_ReturnsTrue()
+            {
+                var otherOwner = new User()
+                {
+                    Key = 5,
+                    Username = "d"
+                };
+                otherOwner.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 6,
+                    User = otherOwner,
+                    UserKey = otherOwner.Key,
+                    Certificate = _certificate,
+                    CertificateKey = _certificate.Key
+                });
+
+                _packageRegistration.Owners.Add(otherOwner);
+
+                Assert.True(_packageRegistration.IsAcceptableSigningCertificate(_certificate.Thumbprint));
+            }
+
+            [Fact]
+            public void IsAcceptableSigningCertificate_WithOneOwner_WhenRequiredSignerIsOwnerAndOwnerHasNoCertificate_ReturnsFalse()
+            {
+                _packageRegistration.RequiredSigners.Add(_user);
+
+                Assert.False(_packageRegistration.IsAcceptableSigningCertificate(_certificate.Thumbprint));
+            }
+
+            [Fact]
+            public void IsAcceptableSigningCertificate_WithOneOwner_WhenRequiredSignerIsOwnerAndOwnerHasNonMatchingCertificate_ReturnsFalse()
+            {
+                _user.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 5,
+                    User = _user,
+                    UserKey = _user.Key,
+                    Certificate = _certificate,
+                    CertificateKey = _certificate.Key
+                });
+
+                _packageRegistration.RequiredSigners.Add(_user);
+
+                Assert.False(_packageRegistration.IsAcceptableSigningCertificate(thumbprint: "nonmatching"));
+            }
+
+            [Fact]
+            public void IsAcceptableSigningCertificate_WithOneOwner_WhenRequiredSignerIsOwnerAndOwnerHasMatchingCertificate_ReturnsTrue()
+            {
+                _user.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 5,
+                    User = _user,
+                    UserKey = _user.Key,
+                    Certificate = _certificate,
+                    CertificateKey = _certificate.Key
+                });
+
+                _packageRegistration.RequiredSigners.Add(_user);
+
+                Assert.True(_packageRegistration.IsAcceptableSigningCertificate(_certificate.Thumbprint));
+            }
+
+            [Fact]
+            public void IsAcceptableSigningCertificate_WithTwoOwners_WhenRequiredSignerIsOwnerAndOnlyOwnerHasNonMatchingCertificate_ReturnsFalse()
+            {
+                var otherOwner = new User()
+                {
+                    Key = 5,
+                    Username = "d"
+                };
+                _user.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 6,
+                    User = _user,
+                    UserKey = _user.Key,
+                    Certificate = _certificate,
+                    CertificateKey = _certificate.Key
+                });
+
+                _packageRegistration.Owners.Add(otherOwner);
+                _packageRegistration.RequiredSigners.Add(_user);
+
+                Assert.False(_packageRegistration.IsAcceptableSigningCertificate(thumbprint: "nonmatching"));
+            }
+
+            [Fact]
+            public void IsAcceptableSigningCertificate_WithTwoOwners_WhenRequiredSignerIsOwnerAndOnlyOwnerHasMatchingCertificate_ReturnsTrue()
+            {
+                var otherOwner = new User()
+                {
+                    Key = 5,
+                    Username = "d"
+                };
+                _user.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 6,
+                    User = _user,
+                    UserKey = _user.Key,
+                    Certificate = _certificate,
+                    CertificateKey = _certificate.Key
+                });
+
+                _packageRegistration.Owners.Add(otherOwner);
+                _packageRegistration.RequiredSigners.Add(_user);
+
+                Assert.True(_packageRegistration.IsAcceptableSigningCertificate(_certificate.Thumbprint));
+            }
+
+            [Fact]
+            public void IsAcceptableSigningCertificate_WithTwoOwners_WhenRequiredSignerIsOwnerAndOnlyOtherOwnerHasNonMatchingCertificate_ReturnsFalse()
+            {
+                var otherOwner = new User()
+                {
+                    Key = 5,
+                    Username = "d"
+                };
+                otherOwner.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 6,
+                    User = otherOwner,
+                    UserKey = otherOwner.Key,
+                    Certificate = _certificate,
+                    CertificateKey = _certificate.Key
+                });
+
+                _packageRegistration.Owners.Add(otherOwner);
+                _packageRegistration.RequiredSigners.Add(_user);
+
+                Assert.False(_packageRegistration.IsAcceptableSigningCertificate(thumbprint: "nonmatching"));
+            }
+
+            [Fact]
+            public void IsAcceptableSigningCertificate_WithTwoOwners_WhenRequiredSignerIsOwnerAndOnlyOtherOwnerHasMatchingCertificate_ReturnsFalse()
+            {
+                var otherOwner = new User()
+                {
+                    Key = 5,
+                    Username = "d"
+                };
+                otherOwner.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 6,
+                    User = otherOwner,
+                    UserKey = otherOwner.Key,
+                    Certificate = _certificate,
+                    CertificateKey = _certificate.Key
+                });
+
+                _packageRegistration.Owners.Add(otherOwner);
+                _packageRegistration.RequiredSigners.Add(_user);
+
+                Assert.False(_packageRegistration.IsAcceptableSigningCertificate(_certificate.Thumbprint));
+            }
+
+            [Fact]
+            public void IsAcceptableSigningCertificate_WithTwoOwners_WhenRequiredSignerIsOwnerAndAllOwnersHaveNonMatchingCertificate_ReturnsFalse()
+            {
+                _user.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 5,
+                    User = _user,
+                    UserKey = _user.Key,
+                    Certificate = _certificate,
+                    CertificateKey = _certificate.Key
+                });
+                var otherOwner = new User()
+                {
+                    Key = 6,
+                    Username = "d"
+                };
+                otherOwner.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 7,
+                    User = otherOwner,
+                    UserKey = otherOwner.Key,
+                    Certificate = _certificate,
+                    CertificateKey = _certificate.Key
+                });
+
+                _packageRegistration.Owners.Add(otherOwner);
+                _packageRegistration.RequiredSigners.Add(_user);
+
+                Assert.False(_packageRegistration.IsAcceptableSigningCertificate(thumbprint: "nonmatching"));
+            }
+
+            [Fact]
+            public void IsAcceptableSigningCertificate_WithTwoOwners_WhenRequiredSignerIsOwnerAndAllOwnersHaveMatchingCertificate_ReturnsTrue()
+            {
+                _user.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 5,
+                    User = _user,
+                    UserKey = _user.Key,
+                    Certificate = _certificate,
+                    CertificateKey = _certificate.Key
+                });
+                var otherOwner = new User()
+                {
+                    Key = 6,
+                    Username = "d"
+                };
+                otherOwner.UserCertificates.Add(new UserCertificate()
+                {
+                    Key = 7,
+                    User = otherOwner,
+                    UserKey = otherOwner.Key,
+                    Certificate = _certificate,
+                    CertificateKey = _certificate.Key
+                });
+
+                _packageRegistration.Owners.Add(otherOwner);
+                _packageRegistration.RequiredSigners.Add(_user);
+
+                Assert.True(_packageRegistration.IsAcceptableSigningCertificate(_certificate.Thumbprint));
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/NuGetGallery.Core.Facts/NuGetGallery.Core.Facts.csproj b/tests/NuGetGallery.Core.Facts/NuGetGallery.Core.Facts.csproj
index 00f8f5c4eb..e939fe9a0e 100644
--- a/tests/NuGetGallery.Core.Facts/NuGetGallery.Core.Facts.csproj
+++ b/tests/NuGetGallery.Core.Facts/NuGetGallery.Core.Facts.csproj
@@ -120,6 +120,7 @@
     <Compile Include="Auditing\AggregateAuditingServiceTests.cs" />
     <Compile Include="Auditing\AuditActorTests.cs" />
     <Compile Include="Auditing\AuditedAuthenticatedOperationActionTests.cs" />
+    <Compile Include="Auditing\AuditedCertificateActionTests.cs" />
     <Compile Include="Auditing\AuditedPackageActionTests.cs" />
     <Compile Include="Auditing\AuditedPackageFacts.cs" />
     <Compile Include="Auditing\AuditedPackageRegistrationActionTests.cs" />
@@ -127,6 +128,7 @@
     <Compile Include="Auditing\AuditEntryTests.cs" />
     <Compile Include="Auditing\AuditingServiceTests.cs" />
     <Compile Include="Auditing\AuditRecordTests.cs" />
+    <Compile Include="Auditing\CertificateAuditRecordFacts.cs" />
     <Compile Include="Auditing\CloudAuditingServiceTests.cs" />
     <Compile Include="Auditing\CredentialAuditRecordTests.cs" />
     <Compile Include="Auditing\EnumTests.cs" />
@@ -140,10 +142,12 @@
     <Compile Include="Auditing\PackageRegistrationAuditRecordTests.cs" />
     <Compile Include="Auditing\ScopeAuditRecordTests.cs" />
     <Compile Include="Auditing\UserAuditRecordTests.cs" />
+    <Compile Include="Certificates\CertificateFileFacts.cs" />
     <Compile Include="Cookies\CookieComplianceServiceBaseFacts.cs" />
     <Compile Include="Entities\PackageFacts.cs" />
     <Compile Include="Entities\UserFacts.cs" />
     <Compile Include="Entities\UserSecurityPolicyFacts.cs" />
+    <Compile Include="Extensions\PackageRegistrationExtensionsFacts.cs" />
     <Compile Include="Infrastructure\ElmahExceptionFacts.cs" />
     <Compile Include="Extensions\UserExtensionsCoreFacts.cs" />
     <Compile Include="PackageStatusFacts.cs" />
diff --git a/tests/NuGetGallery.Core.Facts/Services/CloudBlobCoreFileStorageServiceFacts.cs b/tests/NuGetGallery.Core.Facts/Services/CloudBlobCoreFileStorageServiceFacts.cs
index cf55b3bb69..d9ce9915f1 100644
--- a/tests/NuGetGallery.Core.Facts/Services/CloudBlobCoreFileStorageServiceFacts.cs
+++ b/tests/NuGetGallery.Core.Facts/Services/CloudBlobCoreFileStorageServiceFacts.cs
@@ -445,7 +445,7 @@ public async Task WillThrowIfBlobExistsAndOverwriteFalse()
                 fakeBlob.Setup(x => x.Uri).Returns(new Uri("http://theUri"));
                 var service = CreateService(fakeBlobClient: fakeBlobClient);
 
-                await Assert.ThrowsAsync<InvalidOperationException>(async () => await service.SaveFileAsync(CoreConstants.PackagesFolderName, "theFileName", new MemoryStream(), overwrite: false));
+                await Assert.ThrowsAsync<FileAlreadyExistsException>(async () => await service.SaveFileAsync(CoreConstants.PackagesFolderName, "theFileName", new MemoryStream(), overwrite: false));
 
                 fakeBlob.Verify();
             }
@@ -902,7 +902,7 @@ await _target.CopyFileAsync(
             }
 
             [Fact]
-            public async Task WillThrowInvalidOperationExceptionForConflict()
+            public async Task WillThrowFileAlreadyExistsExceptionForConflict()
             {
                 // Arrange
                 _destBlobMock
@@ -910,7 +910,7 @@ public async Task WillThrowInvalidOperationExceptionForConflict()
                     .Throws(new StorageException(new RequestResult { HttpStatusCode = (int)HttpStatusCode.Conflict }, "Conflict!", inner: null));
 
                 // Act & Assert
-                await Assert.ThrowsAsync<InvalidOperationException>(
+                await Assert.ThrowsAsync<FileAlreadyExistsException>(
                     () => _target.CopyFileAsync(
                         _srcFolderName,
                         _srcFileName,
diff --git a/tests/NuGetGallery.Core.Facts/Services/CorePackageFileServiceFacts.cs b/tests/NuGetGallery.Core.Facts/Services/CorePackageFileServiceFacts.cs
index 36f1fb2480..46bc74d8d5 100644
--- a/tests/NuGetGallery.Core.Facts/Services/CorePackageFileServiceFacts.cs
+++ b/tests/NuGetGallery.Core.Facts/Services/CorePackageFileServiceFacts.cs
@@ -694,14 +694,14 @@ public async Task WillNotUploadThePackageIfItAlreadyExists()
             }
 
             [Fact]
-            public async Task WillSwallowInvalidOperationException()
+            public async Task WillSwallowFileAlreadyExistsException()
             {
                 var fileStorageSvc = new Mock<ICoreFileStorageService>();
                 var fakeStream = new MemoryStream();
                 var service = CreateService(fileStorageService: fileStorageSvc);
                 fileStorageSvc
                     .Setup(x => x.SaveFileAsync(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<Stream>(), It.IsAny<bool>()))
-                    .Throws(new InvalidOperationException("File already exists."));
+                    .Throws(new FileAlreadyExistsException("File already exists."));
 
                 var package = CreatePackage();
 
diff --git a/tests/NuGetGallery.Core.Facts/Services/CorePackageServiceFacts.cs b/tests/NuGetGallery.Core.Facts/Services/CorePackageServiceFacts.cs
index b2d4dd9b99..7473fdcf8d 100644
--- a/tests/NuGetGallery.Core.Facts/Services/CorePackageServiceFacts.cs
+++ b/tests/NuGetGallery.Core.Facts/Services/CorePackageServiceFacts.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Linq;
 using System.Threading.Tasks;
 using Moq;
 using NuGetGallery.Packaging;
@@ -12,6 +13,45 @@ namespace NuGetGallery
 {
     public class CorePackageServiceFacts
     {
+        public class TheConstructor
+        {
+            [Fact]
+            public void Constructor_WhenPackageRepositoryIsNull_Throws()
+            {
+                var exception = Assert.Throws<ArgumentNullException>(
+                    () => new CorePackageService(
+                        packageRepository: null,
+                        packageRegistrationRepository: Mock.Of<IEntityRepository<PackageRegistration>>(),
+                        certificateRepository: Mock.Of<IEntityRepository<Certificate>>()));
+
+                Assert.Equal("packageRepository", exception.ParamName);
+            }
+
+            [Fact]
+            public void Constructor_WhenPackageRegistrationRepositoryIsNull_Throws()
+            {
+                var exception = Assert.Throws<ArgumentNullException>(
+                    () => new CorePackageService(
+                        Mock.Of<IEntityRepository<Package>>(),
+                        packageRegistrationRepository: null,
+                        certificateRepository: Mock.Of<IEntityRepository<Certificate>>()));
+
+                Assert.Equal("packageRegistrationRepository", exception.ParamName);
+            }
+
+            [Fact]
+            public void Constructor_WhenCertificateRepositoryIsNull_Throws()
+            {
+                var exception = Assert.Throws<ArgumentNullException>(
+                    () => new CorePackageService(
+                        Mock.Of<IEntityRepository<Package>>(),
+                        Mock.Of<IEntityRepository<PackageRegistration>>(),
+                        certificateRepository: null));
+
+                Assert.Equal("certificateRepository", exception.ParamName);
+            }
+        }
+
         public class TheUpdatePackageStreamMetadataMethod
         {
             [Fact]
@@ -545,17 +585,259 @@ public async Task UpdateIsLatestScenarioForSemVer2StableAsAbsoluteLatest()
             }
         }
 
+        public class TheFindPackageRegistrationByIdMethod
+        {
+            private readonly Mock<CorePackageService> _service;
+
+            public TheFindPackageRegistrationByIdMethod()
+            {
+                _service = CreateMockService();
+            }
+
+            [Theory]
+            [InlineData(null)]
+            [InlineData("")]
+            [InlineData(" ")]
+            public void FindPackageRegistrationById_WhenPackageIdIsInvalid_Throws(string packageId)
+            {
+                var exception = Assert.Throws<ArgumentException>(
+                    () => _service.Object.FindPackageRegistrationById(packageId));
+
+                Assert.Equal("packageId", exception.ParamName);
+                Assert.StartsWith("The argument cannot be null or empty.", exception.Message);
+            }
+
+            [Fact]
+            public void FindPackageRegistrationById_WhenPackageIdNotFound_ReturnsNull()
+            {
+                var packageRegistration = _service.Object.FindPackageRegistrationById(packageId: "nonexistant");
+
+                Assert.Null(packageRegistration);
+            }
+
+            [Fact]
+            public void FindPackageRegistrationById_WhenPackageIdFound_ReturnsPackageRegistration()
+            {
+                var packageRegistration = new PackageRegistration()
+                {
+                    Key = 1,
+                    Id = "a",
+                };
+                var package = new Package()
+                {
+                    PackageRegistration = packageRegistration
+                };
+
+                packageRegistration.Packages.Add(package);
+
+                var packageRegistrationRepository = new Mock<IEntityRepository<PackageRegistration>>();
+
+                packageRegistrationRepository.Setup(x => x.GetAll())
+                    .Returns(new EnumerableQuery<PackageRegistration>(new[] { packageRegistration }));
+
+                var service = CreateService(packageRegistrationRepository: packageRegistrationRepository);
+
+                var actualResult = service.FindPackageRegistrationById(packageRegistration.Id);
+
+                Assert.Same(packageRegistration, actualResult);
+            }
+        }
+
+        public class TheUpdatePackageSigningCertificateAsyncMethod
+        {
+            private readonly Package _package;
+            private readonly PackageRegistration _packageRegistration;
+            private readonly Certificate _certificate;
+            private readonly Mock<CorePackageService> _service;
+            private readonly Mock<IEntityRepository<Certificate>> _certificateRepository;
+            private readonly Mock<IEntityRepository<Package>> _packageRepository;
+
+            public TheUpdatePackageSigningCertificateAsyncMethod()
+            {
+                _packageRegistration = new PackageRegistration()
+                {
+                    Key = 2,
+                    Id = "b"
+                };
+                _package = new Package()
+                {
+                    Key = 3,
+                    PackageRegistration = _packageRegistration,
+                    NormalizedVersion = "1.2.3"
+                };
+                _certificate = new Certificate()
+                {
+                    Key = 4,
+                    Thumbprint = "c"
+                };
+
+                _packageRepository = new Mock<IEntityRepository<Package>>(MockBehavior.Strict);
+                _certificateRepository = new Mock<IEntityRepository<Certificate>>(MockBehavior.Strict);
+
+                _service = CreateMockService(
+                    packageRepository: _packageRepository,
+                    certificateRepository: _certificateRepository);
+            }
+
+            [Theory]
+            [InlineData(null)]
+            [InlineData("")]
+            public async Task UpdatePackageSigningCertificateAsync_WhenPackageIdIsInvalid_Throws(string packageId)
+            {
+                var exception = await Assert.ThrowsAsync<ArgumentException>(
+                    () => _service.Object.UpdatePackageSigningCertificateAsync(
+                        packageId,
+                        packageVersion: "1.0.0",
+                        thumbprint: "a"));
+
+                Assert.Equal("packageId", exception.ParamName);
+                Assert.StartsWith("The argument cannot be null or empty.", exception.Message);
+            }
+
+            [Theory]
+            [InlineData(null)]
+            [InlineData("")]
+            public async Task UpdatePackageSigningCertificateAsync_WhenPackageVersionIsInvalid_Throws(string packageVersion)
+            {
+                var exception = await Assert.ThrowsAsync<ArgumentException>(
+                    () => _service.Object.UpdatePackageSigningCertificateAsync(
+                        packageId: "a",
+                        packageVersion: packageVersion,
+                        thumbprint: "a"));
+
+                Assert.Equal("packageVersion", exception.ParamName);
+                Assert.StartsWith("The argument cannot be null or empty.", exception.Message);
+            }
+
+            [Theory]
+            [InlineData(null)]
+            [InlineData("")]
+            public async Task UpdatePackageSigningCertificateAsync_WhenThumbprintIsInvalid_Throws(string thumbprint)
+            {
+                var exception = await Assert.ThrowsAsync<ArgumentException>(
+                    () => _service.Object.UpdatePackageSigningCertificateAsync(
+                        packageId: "a",
+                        packageVersion: "1.0.0",
+                        thumbprint: thumbprint));
+
+                Assert.Equal("thumbprint", exception.ParamName);
+                Assert.StartsWith("The argument cannot be null or empty.", exception.Message);
+            }
+
+            [Fact]
+            public async Task UpdatePackageSigningCertificateAsync_WhenPackageIsNotFound_Throws()
+            {
+                _service.Setup(x => x.FindPackageByIdAndVersionStrict(
+                        It.Is<string>(id => id == _packageRegistration.Id),
+                        It.Is<string>(version => version == _package.NormalizedVersion)))
+                    .Returns<Package>(null);
+
+                var exception = await Assert.ThrowsAsync<ArgumentException>(
+                    () => _service.Object.UpdatePackageSigningCertificateAsync(
+                        _packageRegistration.Id,
+                        _package.NormalizedVersion,
+                        _certificate.Thumbprint));
+
+                Assert.StartsWith("The package does not exist.", exception.Message);
+
+                VerifyMockExpectations();
+            }
+
+            [Fact]
+            public async Task UpdatePackageSigningCertificateAsync_WhenCertificateIsNotFound_Throws()
+            {
+                _service.Setup(x => x.FindPackageByIdAndVersionStrict(
+                        It.Is<string>(id => id == _packageRegistration.Id),
+                        It.Is<string>(version => version == _package.NormalizedVersion)))
+                    .Returns(_package);
+
+                _certificateRepository.Setup(x => x.GetAll())
+                    .Returns(new EnumerableQuery<Certificate>(Enumerable.Empty<Certificate>()));
+
+                var exception = await Assert.ThrowsAsync<ArgumentException>(
+                    () => _service.Object.UpdatePackageSigningCertificateAsync(
+                        _packageRegistration.Id,
+                        _package.NormalizedVersion,
+                        _certificate.Thumbprint));
+
+                Assert.StartsWith("The certificate does not exist.", exception.Message);
+
+                VerifyMockExpectations();
+            }
+
+            [Fact]
+            public async Task UpdatePackageSigningCertificateAsync_WhenPackageDoesNotNeedUpdating_Succeeds()
+            {
+                _service.Setup(x => x.FindPackageByIdAndVersionStrict(
+                        It.Is<string>(id => id == _packageRegistration.Id),
+                        It.Is<string>(version => version == _package.NormalizedVersion)))
+                    .Returns(_package);
+                _certificateRepository.Setup(x => x.GetAll())
+                    .Returns(new EnumerableQuery<Certificate>(new[] { _certificate }));
+
+                _package.CertificateKey = _certificate.Key;
+
+                await _service.Object.UpdatePackageSigningCertificateAsync(
+                    _packageRegistration.Id,
+                    _package.NormalizedVersion,
+                    _certificate.Thumbprint);
+
+                VerifyMockExpectations();
+            }
+
+            [Fact]
+            public async Task UpdatePackageSigningCertificateAsync_WhenPackageNeedsUpdating_Succeeds()
+            {
+                _service.Setup(x => x.FindPackageByIdAndVersionStrict(
+                        It.Is<string>(id => id == _packageRegistration.Id),
+                        It.Is<string>(version => version == _package.NormalizedVersion)))
+                    .Returns(_package);
+                _certificateRepository.Setup(x => x.GetAll())
+                    .Returns(new EnumerableQuery<Certificate>(new[] { _certificate }));
+                _packageRepository.Setup(x => x.CommitChangesAsync())
+                    .Returns(Task.Delay(0));
+
+                await _service.Object.UpdatePackageSigningCertificateAsync(
+                    _packageRegistration.Id,
+                    _package.NormalizedVersion,
+                    _certificate.Thumbprint);
+
+                VerifyMockExpectations();
+            }
+
+            private void VerifyMockExpectations()
+            {
+                _packageRepository.VerifyAll();
+                _certificateRepository.VerifyAll();
+                _service.VerifyAll();
+            }
+        }
+
         private static ICorePackageService CreateService(
-            Mock<IEntityRepository<Package>> packageRepository = null)
+            Mock<IEntityRepository<Package>> packageRepository = null,
+            Mock<IEntityRepository<PackageRegistration>> packageRegistrationRepository = null,
+            Mock<IEntityRepository<Certificate>> certificateRepository = null)
+        {
+            return CreateMockService(packageRepository, packageRegistrationRepository, certificateRepository).Object;
+        }
+
+        private static Mock<CorePackageService> CreateMockService(
+            Mock<IEntityRepository<Package>> packageRepository = null,
+            Mock<IEntityRepository<PackageRegistration>> packageRegistrationRepository = null,
+            Mock<IEntityRepository<Certificate>> certificateRepository = null)
         {
             packageRepository = packageRepository ?? new Mock<IEntityRepository<Package>>();
-            
+            packageRegistrationRepository = packageRegistrationRepository ?? new Mock<IEntityRepository<PackageRegistration>>();
+            certificateRepository = certificateRepository ?? new Mock<IEntityRepository<Certificate>>();
+
             var packageService = new Mock<CorePackageService>(
-                packageRepository.Object);
+                packageRepository.Object,
+                packageRegistrationRepository.Object,
+                certificateRepository.Object);
 
             packageService.CallBase = true;
 
-            return packageService.Object;
+            return packageService;
         }
     }
-}
+}
\ No newline at end of file
diff --git a/tests/NuGetGallery.Facts/App.config b/tests/NuGetGallery.Facts/App.config
index 61da801d63..dca5dd3956 100644
--- a/tests/NuGetGallery.Facts/App.config
+++ b/tests/NuGetGallery.Facts/App.config
@@ -13,8 +13,8 @@
   <runtime>
     <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
       <dependentAssembly>
-        <assemblyIdentity name="Microsoft.Extensions.Logging.Abstractions" publicKeyToken="ADB9793829DDAE60" culture="neutral"/>
-        <bindingRedirect oldVersion="0.0.0.0-1.1.2.0" newVersion="1.1.2.0"/>
+        <assemblyIdentity name="Microsoft.Extensions.Logging.Abstractions" publicKeyToken="ADB9793829DDAE60" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-1.1.2.0" newVersion="1.1.2.0" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.Data.Edm" publicKeyToken="31bf3856ad364e35" culture="neutral" />
@@ -96,10 +96,6 @@
         <assemblyIdentity name="Microsoft.IdentityModel.Clients.ActiveDirectory" publicKeyToken="31bf3856ad364e35" culture="neutral" />
         <bindingRedirect oldVersion="0.0.0.0-3.13.4.878" newVersion="3.13.4.878" />
       </dependentAssembly>
-      <dependentAssembly>
-        <assemblyIdentity name="System.Net.Http" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-4.1.1.0" newVersion="4.1.1.0" />
-      </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="System.Security.Cryptography.X509Certificates" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
         <bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" />
diff --git a/tests/NuGetGallery.Facts/App_Start/StorageDependentFacts.cs b/tests/NuGetGallery.Facts/App_Start/StorageDependentFacts.cs
index ec7af2d451..bfe924aaec 100644
--- a/tests/NuGetGallery.Facts/App_Start/StorageDependentFacts.cs
+++ b/tests/NuGetGallery.Facts/App_Start/StorageDependentFacts.cs
@@ -53,10 +53,12 @@ public void StorageDependentsHaveExpectedTypes()
 
             // Assert
             var implementationToInterface = dependents.ToDictionary(x => x.ImplementationType, x => x.InterfaceType);
+            Assert.Contains(typeof(CertificateService), implementationToInterface.Keys);
             Assert.Contains(typeof(ContentService), implementationToInterface.Keys);
             Assert.Contains(typeof(PackageFileService), implementationToInterface.Keys);
             Assert.Contains(typeof(UploadFileService), implementationToInterface.Keys);
-            Assert.Equal(3, implementationToInterface.Count);
+            Assert.Equal(4, implementationToInterface.Count);
+            Assert.Equal(implementationToInterface[typeof(CertificateService)], typeof(ICertificateService));
             Assert.Equal(implementationToInterface[typeof(ContentService)], typeof(IContentService));
             Assert.Equal(implementationToInterface[typeof(PackageFileService)], typeof(IPackageFileService));
             Assert.Equal(implementationToInterface[typeof(UploadFileService)], typeof(IUploadFileService));
@@ -73,6 +75,7 @@ public void StorageDependentsUseCorrectConnectionString()
 
             // Assert
             var typeToConnectionString = dependents.ToDictionary(x => x.ImplementationType, x => x.AzureStorageConnectionString);
+            Assert.Equal(typeToConnectionString[typeof(CertificateService)], config.AzureStorage_UserCertificates_ConnectionString);
             Assert.Equal(typeToConnectionString[typeof(ContentService)], config.AzureStorage_Content_ConnectionString);
             Assert.Equal(typeToConnectionString[typeof(PackageFileService)], config.AzureStorage_Packages_ConnectionString);
             Assert.Equal(typeToConnectionString[typeof(UploadFileService)], config.AzureStorage_Uploads_ConnectionString);
@@ -83,6 +86,7 @@ public void StorageDependentsAreGroupedByConnectionString()
         {
             // Arrange
             var mock = new Mock<IAppConfiguration>();
+            mock.Setup(x => x.AzureStorage_UserCertificates_ConnectionString).Returns("Certificates");
             mock.Setup(x => x.AzureStorage_Content_ConnectionString).Returns("Content");
             mock.Setup(x => x.AzureStorage_Packages_ConnectionString).Returns("Packages and Uploads");
             mock.Setup(x => x.AzureStorage_Uploads_ConnectionString).Returns("Packages and Uploads");
@@ -99,6 +103,7 @@ public void StorageDependentsAreGroupedByConnectionString()
         private static IAppConfiguration GetConfiguration()
         {
             var mock = new Mock<IAppConfiguration>();
+            mock.Setup(x => x.AzureStorage_UserCertificates_ConnectionString).Returns("Certificates");
             mock.Setup(x => x.AzureStorage_Content_ConnectionString).Returns("Content");
             mock.Setup(x => x.AzureStorage_Packages_ConnectionString).Returns("Packages");
             mock.Setup(x => x.AzureStorage_Uploads_ConnectionString).Returns("Uploads");
diff --git a/tests/NuGetGallery.Facts/Areas/Admin/Controllers/DeleteAccountControllerFacts.cs b/tests/NuGetGallery.Facts/Areas/Admin/Controllers/DeleteAccountControllerFacts.cs
index ef91d758f1..a8e956d025 100644
--- a/tests/NuGetGallery.Facts/Areas/Admin/Controllers/DeleteAccountControllerFacts.cs
+++ b/tests/NuGetGallery.Facts/Areas/Admin/Controllers/DeleteAccountControllerFacts.cs
@@ -43,7 +43,7 @@ public void SearchNotExistentUser()
             // Arrange
             User currentUser = null;
             var userService = new Mock<IUserService>();
-            userService.Setup(m => m.FindByUsername(It.IsAny<string>())).Returns(currentUser);
+            userService.Setup(m => m.FindByUsername(It.IsAny<string>(), false)).Returns(currentUser);
             var controller = new DeleteAccountController(userService.Object);
 
             // Act
@@ -66,7 +66,7 @@ public void SearchDeletedAccont()
             };
 
             var userService = new Mock<IUserService>();
-            userService.Setup(m => m.FindByUsername(userName)).Returns(currentUser);
+            userService.Setup(m => m.FindByUsername(userName, false)).Returns(currentUser);
             var controller = new DeleteAccountController(userService.Object);
 
             // Act
@@ -89,7 +89,7 @@ public void SearchHappyAccont()
             };
 
             var userService = new Mock<IUserService>();
-            userService.Setup(m => m.FindByUsername(userName)).Returns(currentUser);
+            userService.Setup(m => m.FindByUsername(userName, false)).Returns(currentUser);
             var controller = new DeleteAccountController(userService.Object);
 
             // Act
diff --git a/tests/NuGetGallery.Facts/Authentication/ApiScopeEvaluatorFacts.cs b/tests/NuGetGallery.Facts/Authentication/ApiScopeEvaluatorFacts.cs
index 676b5b27b0..34e8b3e87f 100644
--- a/tests/NuGetGallery.Facts/Authentication/ApiScopeEvaluatorFacts.cs
+++ b/tests/NuGetGallery.Facts/Authentication/ApiScopeEvaluatorFacts.cs
@@ -158,7 +158,7 @@ private void ReturnsCorrectFailureResult(PermissionsCheckResult permissionsCheck
                     .Returns(permissionsCheckResult);
 
                 var mockUserService = new Mock<IUserService>();
-                mockUserService.Setup(x => x.FindByKey(user.Key)).Returns(user);
+                mockUserService.Setup(x => x.FindByKey(user.Key, false)).Returns(user);
 
                 var apiScopeEvaluator = Setup(mockUserService);
 
@@ -190,7 +190,7 @@ public void WithMultipleScopesReturnsCorrectOwners()
                     .Returns(permissionsCheckResult);
 
                 var mockUserService = new Mock<IUserService>();
-                mockUserService.Setup(u => u.FindByKey(scopeUser.Key)).Returns(scopeUser);
+                mockUserService.Setup(u => u.FindByKey(scopeUser.Key, false)).Returns(scopeUser);
 
                 var apiScopeEvaluator = Setup(mockUserService);
 
diff --git a/tests/NuGetGallery.Facts/Authentication/AuthenticationServiceFacts.cs b/tests/NuGetGallery.Facts/Authentication/AuthenticationServiceFacts.cs
index 9083bf957c..2f68b35b1c 100644
--- a/tests/NuGetGallery.Facts/Authentication/AuthenticationServiceFacts.cs
+++ b/tests/NuGetGallery.Facts/Authentication/AuthenticationServiceFacts.cs
@@ -633,6 +633,80 @@ public async Task GivenAUser_ItCreatesAnOwinAuthenticationTicketForTheUser(bool
                 Assert.Equal(AuthenticationTypes.LocalUser, id.AuthenticationType);
             }
 
+            [Theory]
+            [InlineData("MicrosoftAccount")]
+            [InlineData("AzureActiveDirectory")]
+            public async Task GivenAUser_ItAddsUserLoginClaims(string credType)
+            {
+                // Arrange
+                var credentialBuilder = new CredentialBuilder();
+                var credential = credentialBuilder.CreateExternalCredential(credType, "value1", "name1 <email1>", "TEST_TENANT1");
+                var passwordCredential = credentialBuilder.CreatePasswordCredential("secret_password");
+                var user = new User("testUser") { Credentials = new[] { credential, passwordCredential } };
+                user.EnableMultiFactorAuthentication = true;
+                var context = Fakes.CreateOwinContext();
+
+                var authUser = new AuthenticatedUser(user, credential);
+
+                var passwordConfigMock = new Mock<ILoginDiscontinuationConfiguration>();
+                passwordConfigMock
+                    .Setup(x => x.IsLoginDiscontinued(authUser))
+                    .Returns(false);
+
+                GetMock<IContentObjectService>()
+                    .Setup(x => x.LoginDiscontinuationConfiguration)
+                    .Returns(passwordConfigMock.Object);
+
+                // Act
+                await Get<AuthenticationService>().CreateSessionAsync(context, authUser, wasMultiFactorAuthenticated: true);
+
+                // Assert
+                var principal = context.Authentication.AuthenticationResponseGrant.Principal;
+                var identity = principal.Identity as ClaimsIdentity;
+                Assert.NotNull(principal);
+                Assert.NotNull(identity);
+                Assert.Equal(user.Username, identity.Name);
+                Assert.Equal(user.Username, principal.GetClaimOrDefault(ClaimTypes.NameIdentifier));
+                Assert.Equal(8, identity.Claims.Count());
+                Assert.False(ClaimsExtensions.HasBooleanClaim(identity, NuGetClaims.DiscontinuedLogin));
+                Assert.True(ClaimsExtensions.HasBooleanClaim(identity, NuGetClaims.PasswordLogin));
+                Assert.True(ClaimsExtensions.HasBooleanClaim(identity, NuGetClaims.EnabledMultiFactorAuthentication));
+                Assert.True(ClaimsExtensions.HasBooleanClaim(identity, NuGetClaims.WasMultiFactorAuthenticated));
+            }
+
+            [Theory]
+            [InlineData(true)]
+            [InlineData(false)]
+            public async Task AddsMultiFactorAuthenticationSettingAppropriately(bool wasMultiFactorAuthenticated)
+            {
+                // Arrange
+                var credentialBuilder = new CredentialBuilder();
+                var credential = credentialBuilder.CreateExternalCredential("foo", "value1", "name1 <email1>", "TEST_TENANT1");
+                var user = new User("testUser") { Credentials = new[] { credential } };
+                var context = Fakes.CreateOwinContext();
+
+                var authUser = new AuthenticatedUser(user, credential);
+
+                var passwordConfigMock = new Mock<ILoginDiscontinuationConfiguration>();
+                passwordConfigMock
+                    .Setup(x => x.IsLoginDiscontinued(authUser))
+                    .Returns(false);
+
+                GetMock<IContentObjectService>()
+                    .Setup(x => x.LoginDiscontinuationConfiguration)
+                    .Returns(passwordConfigMock.Object);
+
+                // Act
+                await Get<AuthenticationService>().CreateSessionAsync(context, authUser, wasMultiFactorAuthenticated);
+
+                // Assert
+                var principal = context.Authentication.AuthenticationResponseGrant.Principal;
+                var identity = principal.Identity as ClaimsIdentity;
+                Assert.NotNull(principal);
+                Assert.NotNull(identity);
+                Assert.Equal(wasMultiFactorAuthenticated, ClaimsExtensions.HasBooleanClaim(identity, NuGetClaims.WasMultiFactorAuthenticated));
+            }
+
             [Fact]
             public async Task WritesAnAuditRecord()
             {
diff --git a/tests/NuGetGallery.Facts/Controllers/AccountsControllerFacts.cs b/tests/NuGetGallery.Facts/Controllers/AccountsControllerFacts.cs
index 29c1ef14ac..4cb56f8821 100644
--- a/tests/NuGetGallery.Facts/Controllers/AccountsControllerFacts.cs
+++ b/tests/NuGetGallery.Facts/Controllers/AccountsControllerFacts.cs
@@ -2,8 +2,8 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Collections.Generic;
 using System.Linq;
-using System.Net.Mail;
 using System.Threading.Tasks;
 using System.Web.Mvc;
 using Moq;
@@ -14,17 +14,17 @@ namespace NuGetGallery
 {
     public class AccountsControllerFacts<TAccountsController, TUser, TAccountViewModel>
         where TUser : User
-        where TAccountViewModel : AccountViewModel
+        where TAccountViewModel : AccountViewModel<TUser>
         where TAccountsController : AccountsController<TUser, TAccountViewModel>
     {
+        protected const string AllowedCurrentUsersDataName = "AllowedCurrentUsers_Data";
+
         public abstract class AccountsControllerTestContainer : TestContainer
         {
             public Fakes Fakes = new Fakes();
 
             private const string AccountEnvironmentKey = "nuget.account";
 
-            protected abstract User GetCurrentUser(TAccountsController controller);
-
             public TAccountsController GetController()
             {
                 return GetController<TAccountsController>();
@@ -53,35 +53,35 @@ protected TUser GetAccount(TAccountsController controller)
 
         public abstract class TheAccountBaseAction : AccountsControllerTestContainer
         {
-            [Fact]
-            public void WillGetCuratedFeedsManagedByTheCurrentUser()
+            [Theory]
+            [MemberData(AllowedCurrentUsersDataName)]
+            public void WillGetCuratedFeedsManagedByTheCurrentUser(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController<TAccountsController>();
                 var account = GetAccount(controller);
-                controller.SetCurrentUser(GetCurrentUser(controller));
 
                 // Act
-                InvokeAccountInternal(controller);
+                InvokeAccountInternal(controller, getCurrentUser);
 
                 // Assert
                 GetMock<ICuratedFeedService>()
                     .Verify(query => query.GetFeedsForManager(account.Key));
             }
 
-            [Fact]
-            public void WillReturnTheAccountViewModelWithTheCuratedFeeds()
+            [Theory]
+            [MemberData(AllowedCurrentUsersDataName)]
+            public void WillReturnTheAccountViewModelWithTheCuratedFeeds(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController<TAccountsController>();
                 var account = GetAccount(controller);
-                controller.SetCurrentUser(GetCurrentUser(controller));
                 GetMock<ICuratedFeedService>()
                     .Setup(stub => stub.GetFeedsForManager(account.Key))
                     .Returns(new[] { new CuratedFeed { Name = "theCuratedFeed" } });
 
                 // Act
-                var result = InvokeAccountInternal(controller);
+                var result = InvokeAccountInternal(controller, getCurrentUser);
 
                 // Assert
                 var model = ResultAssert.IsView<TAccountViewModel>(result, viewName: controller.AccountAction);
@@ -90,11 +90,12 @@ public void WillReturnTheAccountViewModelWithTheCuratedFeeds()
 
             protected abstract ActionResult InvokeAccount(TAccountsController controller);
 
-            private ActionResult InvokeAccountInternal(TAccountsController controller)
+            private ActionResult InvokeAccountInternal(TAccountsController controller, Func<Fakes, User> getCurrentUser)
             {
                 var account = GetAccount(controller);
+                controller.SetCurrentUser(getCurrentUser(Fakes));
                 var userService = GetMock<IUserService>();
-                userService.Setup(u => u.FindByUsername(account.Username))
+                userService.Setup(u => u.FindByUsername(account.Username, false))
                     .Returns(account as User);
 
                 return InvokeAccount(controller);
@@ -103,23 +104,25 @@ private ActionResult InvokeAccountInternal(TAccountsController controller)
 
         public abstract class TheCancelChangeEmailBaseAction : AccountsControllerTestContainer
         {
-            [Fact]
-            public virtual async Task WhenAlreadyConfirmed_RedirectsToAccount()
+            [Theory]
+            [MemberData(AllowedCurrentUsersDataName)]
+            public virtual async Task WhenAlreadyConfirmed_RedirectsToAccount(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
 
                 // Act
-                var result = await InvokeCancelChangeEmail(controller, account);
+                var result = await InvokeCancelChangeEmail(controller, account, getCurrentUser);
 
                 // Assert
                 GetMock<IUserService>().Verify(u => u.CancelChangeEmailAddress(It.IsAny<User>()), Times.Never);
                 ResultAssert.IsRedirectToRoute(result, new { action = controller.AccountAction });
             }
 
-            [Fact]
-            public virtual async Task WhenUnconfirmed_CancelsEmailChangeRequest()
+            [Theory]
+            [MemberData(AllowedCurrentUsersDataName)]
+            public virtual async Task WhenUnconfirmed_CancelsEmailChangeRequest(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
@@ -129,10 +132,10 @@ public virtual async Task WhenUnconfirmed_CancelsEmailChangeRequest()
                 account.EmailAddress = null;
 
                 // Act
-                var result = await InvokeCancelChangeEmail(controller, account);
+                var result = await InvokeCancelChangeEmail(controller, account, getCurrentUser);
 
                 // Assert
-                GetMock<IUserService>().Verify(u => u.CancelChangeEmailAddress(It.IsAny<User>()), Times.Once);
+                GetMock<IUserService>().Verify(u => u.CancelChangeEmailAddress(account), Times.Once);
                 ResultAssert.IsRedirectToRoute(result, new { action = controller.AccountAction });
                 Assert.Equal(controller.Messages.EmailUpdateCancelled, controller.TempData["Message"]);
             }
@@ -140,15 +143,16 @@ public virtual async Task WhenUnconfirmed_CancelsEmailChangeRequest()
             protected virtual Task<ActionResult> InvokeCancelChangeEmail(
                 TAccountsController controller,
                 TUser account,
+                Func<Fakes, User> getCurrentUser,
                 TAccountViewModel model = null)
             {
                 // Arrange
-                controller.SetCurrentUser(GetCurrentUser(controller));
+                controller.SetCurrentUser(getCurrentUser(Fakes));
 
                 var userService = GetMock<IUserService>();
-                userService.Setup(u => u.FindByUsername(account.Username))
+                userService.Setup(u => u.FindByUsername(account.Username, false))
                     .Returns(account as User);
-                userService.Setup(u => u.CancelChangeEmailAddress(It.IsAny<User>()))
+                userService.Setup(u => u.CancelChangeEmailAddress(account))
                     .Returns(Task.CompletedTask)
                     .Verifiable();
 
@@ -162,19 +166,19 @@ protected virtual Task<ActionResult> InvokeCancelChangeEmail(
 
         public abstract class TheChangeEmailBaseAction : AccountsControllerTestContainer
         {
-            [Fact]
-            public virtual async Task WhenServiceThrowsEntityException_ShowsModelStateError()
+            [Theory]
+            [MemberData(AllowedCurrentUsersDataName)]
+            public virtual async Task WhenServiceThrowsEntityException_ShowsModelStateError(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
-                var currentUser = GetCurrentUser(controller);
 
                 var model = CreateViewModel(account);
                 model.ChangeEmail.NewEmail = "account2@example.com";
 
                 // Act
-                var result = await InvokeChangeEmail(controller, account, model,
+                var result = await InvokeChangeEmail(controller, account, getCurrentUser, model,
                     exception: new EntityException("e.g., Another user already has that email"));
 
                 // Assert
@@ -183,8 +187,9 @@ public virtual async Task WhenServiceThrowsEntityException_ShowsModelStateError(
                 Assert.Equal("ChangeEmail.NewEmail", controller.ModelState.Keys.Single());
             }
 
-            [Fact]
-            public virtual async Task WhenNewEmailIsInvalid_DoesNotSaveChanges()
+            [Theory]
+            [MemberData(AllowedCurrentUsersDataName)]
+            public virtual async Task WhenNewEmailIsInvalid_DoesNotSaveChanges(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
@@ -194,15 +199,16 @@ public virtual async Task WhenNewEmailIsInvalid_DoesNotSaveChanges()
                 controller.ModelState.AddModelError("ChangeEmail.NewEmail", "Invalid format");
 
                 // Act
-                var result = await InvokeChangeEmail(controller, account, model);
+                var result = await InvokeChangeEmail(controller, account, getCurrentUser, model);
 
                 // Assert
                 GetMock<IUserService>().Verify(u => u.ChangeEmailAddress(It.IsAny<User>(), It.IsAny<string>()), Times.Never);
                 Assert.False(controller.ModelState.IsValid);
             }
 
-            [Fact]
-            public virtual async Task WhenNewEmailIsSame_RedirectsWithoutChange()
+            [Theory]
+            [MemberData(AllowedCurrentUsersDataName)]
+            public virtual async Task WhenNewEmailIsSame_RedirectsWithoutChange(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
@@ -211,15 +217,16 @@ public virtual async Task WhenNewEmailIsSame_RedirectsWithoutChange()
                 model.ChangeEmail.NewEmail = account.EmailAddress;
 
                 // Act
-                var result = await InvokeChangeEmail(controller, account, model);
+                var result = await InvokeChangeEmail(controller, account, getCurrentUser, model);
 
                 // Assert
                 GetMock<IUserService>().Verify(u => u.ChangeEmailAddress(It.IsAny<User>(), It.IsAny<string>()), Times.Never);
                 ResultAssert.IsRedirectToRoute(result, new { action = controller.AccountAction });
             }
 
-            [Fact]
-            public virtual async Task WhenNewEmailIsDifferentAndWasConfirmed_SavesChanges()
+            [Theory]
+            [MemberData(AllowedCurrentUsersDataName)]
+            public virtual async Task WhenNewEmailIsDifferentAndWasConfirmed_SavesChanges(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
@@ -228,7 +235,7 @@ public virtual async Task WhenNewEmailIsDifferentAndWasConfirmed_SavesChanges()
                 model.ChangeEmail.NewEmail = "account2@example.com";
 
                 // Act
-                var result = await InvokeChangeEmail(controller, account, model);
+                var result = await InvokeChangeEmail(controller, account, getCurrentUser, model);
 
                 // Assert
                 GetMock<IUserService>().Verify(u => u.ChangeEmailAddress(It.IsAny<User>(), It.IsAny<string>()), Times.Once);
@@ -239,8 +246,9 @@ public virtual async Task WhenNewEmailIsDifferentAndWasConfirmed_SavesChanges()
                     Times.Once);
             }
 
-            [Fact]
-            public virtual async Task WhenNewEmailIsDifferentAndWasUnconfirmed_SavesChanges()
+            [Theory]
+            [MemberData(AllowedCurrentUsersDataName)]
+            public virtual async Task WhenNewEmailIsDifferentAndWasUnconfirmed_SavesChanges(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
@@ -252,7 +260,7 @@ public virtual async Task WhenNewEmailIsDifferentAndWasUnconfirmed_SavesChanges(
                 account.EmailAddress = null;
 
                 // Act
-                var result = await InvokeChangeEmail(controller, account, model);
+                var result = await InvokeChangeEmail(controller, account, getCurrentUser, model);
 
                 // Assert
                 GetMock<IUserService>().Verify(u => u.ChangeEmailAddress(It.IsAny<User>(), It.IsAny<string>()), Times.Once);
@@ -274,18 +282,19 @@ protected virtual TAccountViewModel CreateViewModel(TUser account)
             protected virtual Task<ActionResult> InvokeChangeEmail(
                 TAccountsController controller,
                 TUser account,
+                Func<Fakes, User> getCurrentUser,
                 TAccountViewModel model = null,
                 EntityException exception = null)
             {
                 // Arrange
-                controller.SetCurrentUser(GetCurrentUser(controller));
+                controller.SetCurrentUser(getCurrentUser(Fakes));
 
                 var messageService = GetMock<IMessageService>();
                 messageService.Setup(m => m.SendEmailChangeConfirmationNotice(It.IsAny<User>(), It.IsAny<string>()))
                     .Verifiable();
 
                 var userService = GetMock<IUserService>();
-                userService.Setup(u => u.FindByUsername(account.Username))
+                userService.Setup(u => u.FindByUsername(account.Username, false))
                     .Returns(account as User);
 
                 var setup = userService.Setup(u => u.ChangeEmailAddress(It.IsAny<User>(), It.IsAny<string>()))
@@ -314,33 +323,45 @@ protected virtual Task<ActionResult> InvokeChangeEmail(
 
         public abstract class TheChangeEmailSubscriptionBaseAction : AccountsControllerTestContainer
         {
+            public static IEnumerable<object[]> UpdatesEmailPreferences_DefaultData
+            {
+                get
+                {
+                    foreach (var emailAllowed in new[] { false, true })
+                    {
+                        foreach (var notifyPackagePushed in new[] { false, true })
+                        {
+                            yield return MemberDataHelper.AsData(emailAllowed, notifyPackagePushed);
+                        }
+                    }
+                }
+            }
+
             [Theory]
-            [InlineData(true, true)]
-            [InlineData(true, false)]
-            [InlineData(false, true)]
-            [InlineData(false, false)]
-            public virtual async Task UpdatesEmailPreferences(bool emailAllowed, bool notifyPackagePushed)
+            [MemberData("UpdatesEmailPreferences_Data")]
+            public virtual async Task UpdatesEmailPreferences(Func<Fakes, User> getCurrentUser, bool emailAllowed, bool notifyPackagePushed)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
 
                 // Act
-                var result = await InvokeChangeEmailSubscription(controller, emailAllowed, notifyPackagePushed);
+                var result = await InvokeChangeEmailSubscription(controller, getCurrentUser, emailAllowed, notifyPackagePushed);
 
                 // Assert
                 ResultAssert.IsRedirectToRoute(result, new { action = controller.AccountAction });
                 GetMock<IUserService>().Verify(u => u.ChangeEmailSubscriptionAsync(account, emailAllowed, notifyPackagePushed));
             }
 
-            [Fact]
-            public virtual async Task DisplaysMessageOnUpdate()
+            [Theory]
+            [MemberData(AllowedCurrentUsersDataName)]
+            public virtual async Task DisplaysMessageOnUpdate(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
 
                 // Act
-                var result = await InvokeChangeEmailSubscription(controller);
+                var result = await InvokeChangeEmailSubscription(controller, getCurrentUser);
 
                 // Assert
                 Assert.Equal(controller.Messages.EmailPreferencesUpdated, controller.TempData["Message"]);
@@ -348,11 +369,12 @@ public virtual async Task DisplaysMessageOnUpdate()
 
             protected virtual async Task<ActionResult> InvokeChangeEmailSubscription(
                 TAccountsController controller,
+                Func<Fakes, User> getCurrentUser,
                 bool emailAllowed = true,
                 bool notifyPackagePushed = true)
             {
                 // Arrange
-                controller.SetCurrentUser(GetCurrentUser(controller));
+                controller.SetCurrentUser(getCurrentUser(Fakes));
 
                 var account = GetAccount(controller);
                 account.Username = "aUsername";
@@ -361,7 +383,7 @@ protected virtual async Task<ActionResult> InvokeChangeEmailSubscription(
                 account.NotifyPackagePushed = !notifyPackagePushed;
 
                 var userService = GetMock<IUserService>();
-                userService.Setup(u => u.FindByUsername(account.Username))
+                userService.Setup(u => u.FindByUsername(account.Username, false))
                     .Returns(account as User);
                 userService.Setup(u => u.ChangeEmailSubscriptionAsync(account, emailAllowed, notifyPackagePushed))
                     .Returns(Task.CompletedTask);
@@ -381,16 +403,16 @@ protected virtual async Task<ActionResult> InvokeChangeEmailSubscription(
 
         public abstract class TheConfirmationRequiredBaseAction : AccountsControllerTestContainer
         {
-            [Fact]
-            public virtual void WhenAccountAlreadyConfirmed()
+            [Theory]
+            [MemberData(AllowedCurrentUsersDataName)]
+            public virtual void WhenAccountAlreadyConfirmed(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
-                controller.SetCurrentUser(GetCurrentUser(controller));
 
                 // Act
-                var result = InvokeConfirmationRequired(controller, account);
+                var result = InvokeConfirmationRequired(controller, account, getCurrentUser);
 
                 // Assert
                 var model = ResultAssert.IsView<ConfirmationViewModel>(result);
@@ -399,19 +421,19 @@ public virtual void WhenAccountAlreadyConfirmed()
                 Assert.Null(model.UnconfirmedEmailAddress);
             }
 
-            [Fact]
-            public virtual void WhenAccountIsNotConfirmed()
+            [Theory]
+            [MemberData(AllowedCurrentUsersDataName)]
+            public virtual void WhenAccountIsNotConfirmed(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
-                controller.SetCurrentUser(GetCurrentUser(controller));
 
                 account.UnconfirmedEmailAddress = account.EmailAddress;
                 account.EmailAddress = null;
 
                 // Act
-                var result = InvokeConfirmationRequired(controller, account);
+                var result = InvokeConfirmationRequired(controller, account, getCurrentUser);
 
                 // Assert
                 var model = ResultAssert.IsView<ConfirmationViewModel>(result);
@@ -422,11 +444,13 @@ public virtual void WhenAccountIsNotConfirmed()
 
             protected virtual ActionResult InvokeConfirmationRequired(
                 TAccountsController controller,
-                TUser account)
+                TUser account,
+                Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
+                controller.SetCurrentUser(getCurrentUser(Fakes));
                 var userService = GetMock<IUserService>();
-                userService.Setup(u => u.FindByUsername(account.Username))
+                userService.Setup(u => u.FindByUsername(account.Username, false))
                     .Returns(account as User);
 
                 // Act
@@ -436,16 +460,16 @@ protected virtual ActionResult InvokeConfirmationRequired(
 
         public abstract class TheConfirmationRequiredPostBaseAction : AccountsControllerTestContainer
         {
-            [Fact]
-            public virtual void WhenAlreadyConfirmed_DoesNotSendEmail()
+            [Theory]
+            [MemberData(AllowedCurrentUsersDataName)]
+            public virtual void WhenAlreadyConfirmed_DoesNotSendEmail(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
-                controller.SetCurrentUser(GetCurrentUser(controller));
 
                 // Act
-                var result = InvokeConfirmationRequiredPost(controller, account);
+                var result = InvokeConfirmationRequiredPost(controller, account, getCurrentUser);
 
                 // Assert
                 var mailService = GetMock<IMessageService>();
@@ -455,13 +479,13 @@ public virtual void WhenAlreadyConfirmed_DoesNotSendEmail()
                 Assert.False(model.SentEmail);
             }
 
-            [Fact]
-            public virtual void WhenIsNotConfirmed_SendsEmail()
+            [Theory]
+            [MemberData(AllowedCurrentUsersDataName)]
+            public virtual void WhenIsNotConfirmed_SendsEmail(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
-                controller.SetCurrentUser(GetCurrentUser(controller));
 
                 account.EmailConfirmationToken = "confirmation";
                 account.UnconfirmedEmailAddress = account.EmailAddress;
@@ -471,7 +495,7 @@ public virtual void WhenIsNotConfirmed_SendsEmail()
                 var confirmationUrl = (account is Organization)
                     ? TestUtility.GallerySiteRootHttps + $"organization/{account.Username}/Confirm?token=confirmation"
                     : TestUtility.GallerySiteRootHttps + $"account/confirm/{account.Username}/confirmation";
-                var result = InvokeConfirmationRequiredPost(controller, account, confirmationUrl);
+                var result = InvokeConfirmationRequiredPost(controller, account, getCurrentUser, confirmationUrl);
 
                 // Assert
                 var mailService = GetMock<IMessageService>();
@@ -484,11 +508,13 @@ public virtual void WhenIsNotConfirmed_SendsEmail()
             protected virtual ActionResult InvokeConfirmationRequiredPost(
                 TAccountsController controller,
                 TUser account,
+                Func<Fakes, User> getCurrentUser,
                 string confirmationUrl = null)
             {
                 // Arrange
+                controller.SetCurrentUser(getCurrentUser(Fakes));
                 var userService = GetMock<IUserService>();
-                userService.Setup(u => u.FindByUsername(account.Username))
+                userService.Setup(u => u.FindByUsername(account.Username, false))
                     .Returns(account as User);
 
                 GetMock<IMessageService>()
@@ -504,36 +530,36 @@ protected virtual ActionResult InvokeConfirmationRequiredPost(
 
         public abstract class TheConfirmBaseAction : AccountsControllerTestContainer
         {
-            [Fact]
-            public virtual async Task ClearsReturnUrlFromViewData()
+            [Theory]
+            [MemberData(AllowedCurrentUsersDataName)]
+            public virtual async Task ClearsReturnUrlFromViewData(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
                 var token = account.EmailConfirmationToken = "token";
-                controller.SetCurrentUser(GetCurrentUser(controller));
                 controller.ViewData[Constants.ReturnUrlViewDataKey] = "https://localhost/returnUrl";
 
                 Assert.NotNull(controller.ViewData[Constants.ReturnUrlViewDataKey]);
 
                 // Act
-                var result = await InvokeConfirm(controller, account, token);
+                var result = await InvokeConfirm(controller, account, getCurrentUser, token);
 
                 // Assert
                 Assert.Null(controller.ViewData[Constants.ReturnUrlViewDataKey]);
             }
 
-            [Fact]
-            public virtual async Task WhenAlreadyConfirmed_DoesNotConfirmEmailAddress()
+            [Theory]
+            [MemberData(AllowedCurrentUsersDataName)]
+            public virtual async Task WhenAlreadyConfirmed_DoesNotConfirmEmailAddress(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
                 var token = account.EmailConfirmationToken = "token";
-                controller.SetCurrentUser(GetCurrentUser(controller));
 
                 // Act
-                var result = await InvokeConfirm(controller, account, token);
+                var result = await InvokeConfirm(controller, account, getCurrentUser, token);
 
                 // Assert
                 var model = ResultAssert.IsView<ConfirmationViewModel>(result);
@@ -552,20 +578,20 @@ public virtual async Task WhenAlreadyConfirmed_DoesNotConfirmEmailAddress()
                         Times.Never);
             }
 
-            [Fact]
-            public virtual async Task WhenIsNotConfirmedAndNoExistingEmail_ConfirmsEmailAddress()
+            [Theory]
+            [MemberData(AllowedCurrentUsersDataName)]
+            public virtual async Task WhenIsNotConfirmedAndNoExistingEmail_ConfirmsEmailAddress(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
                 var token = account.EmailConfirmationToken = "token";
-                controller.SetCurrentUser(GetCurrentUser(controller));
 
                 account.UnconfirmedEmailAddress = "account2@example.com";
                 account.EmailAddress = null;
 
                 // Act
-                var result = await InvokeConfirm(controller, account, token);
+                var result = await InvokeConfirm(controller, account, getCurrentUser, token);
 
                 // Assert
                 var model = ResultAssert.IsView<ConfirmationViewModel>(result);
@@ -584,19 +610,19 @@ public virtual async Task WhenIsNotConfirmedAndNoExistingEmail_ConfirmsEmailAddr
                         Times.Never);
             }
 
-            [Fact]
-            public virtual async Task WhenIsNotConfirmedAndHasExistingEmail_ConfirmsEmailAddress()
+            [Theory]
+            [MemberData(AllowedCurrentUsersDataName)]
+            public virtual async Task WhenIsNotConfirmedAndHasExistingEmail_ConfirmsEmailAddress(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
                 var token = account.EmailConfirmationToken = "token";
-                controller.SetCurrentUser(GetCurrentUser(controller));
 
                 account.UnconfirmedEmailAddress = "account2@example.com";
 
                 // Act
-                var result = await InvokeConfirm(controller, account, token);
+                var result = await InvokeConfirm(controller, account, getCurrentUser, token);
 
                 // Assert
                 var model = ResultAssert.IsView<ConfirmationViewModel>(result);
@@ -615,38 +641,38 @@ public virtual async Task WhenIsNotConfirmedAndHasExistingEmail_ConfirmsEmailAdd
                         Times.Once);
             }
 
-            [Fact]
-            public async Task WhenIsNotConfirmedAndTokenDoesNotMatch_ShowsError()
+            [Theory]
+            [MemberData(AllowedCurrentUsersDataName)]
+            public async Task WhenIsNotConfirmedAndTokenDoesNotMatch_ShowsError(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
                 account.EmailConfirmationToken = "token";
-                controller.SetCurrentUser(GetCurrentUser(controller));
 
                 account.UnconfirmedEmailAddress = "account2@example.com";
 
                 // Act
-                var result = await InvokeConfirm(controller, account, "wrongToken");
+                var result = await InvokeConfirm(controller, account, getCurrentUser, "wrongToken");
 
                 // Assert
                 var model = ResultAssert.IsView<ConfirmationViewModel>(result);
                 Assert.False(model.SuccessfulConfirmation);
             }
 
-            [Fact]
-            public async Task WhenIsNotConfirmedAndEntityExceptionThrown_ShowsErrorForDuplicateEmail()
+            [Theory]
+            [MemberData(AllowedCurrentUsersDataName)]
+            public async Task WhenIsNotConfirmedAndEntityExceptionThrown_ShowsErrorForDuplicateEmail(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
                 var token = account.EmailConfirmationToken = "token";
-                controller.SetCurrentUser(GetCurrentUser(controller));
 
                 account.UnconfirmedEmailAddress = "account2@example.com";
 
                 // Act
-                var result = await InvokeConfirm(controller, account, token,
+                var result = await InvokeConfirm(controller, account, getCurrentUser, token,
                     exception: new EntityException("msg"));
 
                 // Assert
@@ -658,12 +684,14 @@ public async Task WhenIsNotConfirmedAndEntityExceptionThrown_ShowsErrorForDuplic
             protected virtual Task<ActionResult> InvokeConfirm(
                 TAccountsController controller,
                 TUser account,
+                Func<Fakes, User> getCurrentUser,
                 string token = "token",
                 EntityException exception = null)
             {
                 // Arrange
+                controller.SetCurrentUser(getCurrentUser(Fakes));
                 var userService = GetMock<IUserService>();
-                userService.Setup(u => u.FindByUsername(account.Username))
+                userService.Setup(u => u.FindByUsername(account.Username, false))
                     .Returns(account as User);
                 var confirmSetup = userService.Setup(u => u.ConfirmEmailAddress(It.IsAny<User>(), It.IsAny<string>()));
                 if (exception == null)
diff --git a/tests/NuGetGallery.Facts/Controllers/ApiControllerFacts.cs b/tests/NuGetGallery.Facts/Controllers/ApiControllerFacts.cs
index 357b42b99c..f82481b13d 100644
--- a/tests/NuGetGallery.Facts/Controllers/ApiControllerFacts.cs
+++ b/tests/NuGetGallery.Facts/Controllers/ApiControllerFacts.cs
@@ -1264,7 +1264,7 @@ internal TestableApiController SetupController(string keyType, Scope scope, Pack
                     .Returns(package);
 
                 controller.MockUserService
-                    .Setup(x => x.FindByKey(user.Key))
+                    .Setup(x => x.FindByKey(user.Key, false))
                     .Returns(user);
 
                 controller.SetCurrentUser(user, credential);
diff --git a/tests/NuGetGallery.Facts/Controllers/AuthenticationControllerFacts.cs b/tests/NuGetGallery.Facts/Controllers/AuthenticationControllerFacts.cs
index 324fb11b84..5e34a046cf 100644
--- a/tests/NuGetGallery.Facts/Controllers/AuthenticationControllerFacts.cs
+++ b/tests/NuGetGallery.Facts/Controllers/AuthenticationControllerFacts.cs
@@ -126,7 +126,7 @@ public void NullProvidedEmailReturnsFormattedEmail(string email, string expected
 
                 GetMock<AuthenticationService>(); // Force a mock to be created
                 GetMock<IUserService>()
-                    .Setup(u => u.FindByUsername(It.IsAny<string>()))
+                    .Setup(u => u.FindByUsername(It.IsAny<string>(), false))
                     .Returns(existingUser);
 
                 var controller = GetController<AuthenticationController>();
@@ -148,7 +148,7 @@ public void InvalidProvidedEmailReturnsFalse(string providedEmail)
 
                 GetMock<AuthenticationService>(); // Force a mock to be created
                 GetMock<IUserService>()
-                    .Setup(u => u.FindByUsername(It.IsAny<string>()))
+                    .Setup(u => u.FindByUsername(It.IsAny<string>(), false))
                     .Returns(existingUser);
 
                 var controller = GetController<AuthenticationController>();
@@ -168,7 +168,7 @@ public void SendsNotificationForAssistance()
 
                 GetMock<AuthenticationService>(); // Force a mock to be created
                 GetMock<IUserService>()
-                    .Setup(u => u.FindByUsername(It.IsAny<string>()))
+                    .Setup(u => u.FindByUsername(It.IsAny<string>(), false))
                     .Returns(existingUser);
                 var messageServiceMock = GetMock<IMessageService>();
                 messageServiceMock
@@ -249,7 +249,7 @@ public async Task CanLogTheUserOnWithUserName()
 
                 var controller = GetController<AuthenticationController>();
                 GetMock<AuthenticationService>()
-                    .Setup(a => a.CreateSessionAsync(controller.OwinContext, authUser))
+                    .Setup(a => a.CreateSessionAsync(controller.OwinContext, authUser, false))
                     .Returns(Task.FromResult(0))
                     .Verifiable();
 
@@ -281,7 +281,7 @@ public async Task CanLogTheUserOnWithEmailAddress()
                     .CompletesWith(authResult);
                 var controller = GetController<AuthenticationController>();
                 GetMock<AuthenticationService>()
-                    .Setup(a => a.CreateSessionAsync(controller.OwinContext, authUser))
+                    .Setup(a => a.CreateSessionAsync(controller.OwinContext, authUser, false))
                     .Returns(Task.FromResult(0))
                     .Verifiable();
 
@@ -312,7 +312,7 @@ public async Task WillLogTheUserOnWithUsernameEvenWithoutConfirmedEmailAddress()
                     .CompletesWith(authResult);
                 var controller = GetController<AuthenticationController>();
                 GetMock<AuthenticationService>()
-                    .Setup(a => a.CreateSessionAsync(controller.OwinContext, authUser))
+                    .Setup(a => a.CreateSessionAsync(controller.OwinContext, authUser, false))
                     .Returns(Task.FromResult(0))
                     .Verifiable();
 
@@ -365,7 +365,7 @@ public async Task WhenAttemptingToLinkExternalToExistingAccountWithNoExternalAcc
                     .Verify(x => x.AddCredential(It.IsAny<User>(), It.IsAny<Credential>()));
 
                 GetMock<AuthenticationService>()
-                    .Verify(x => x.CreateSessionAsync(controller.OwinContext, authUser));
+                    .Verify(x => x.CreateSessionAsync(controller.OwinContext, authUser, false));
 
                 GetMock<AuthenticationService>()
                     .Verify(x => x.RemoveCredential(user, passwordCredential));
@@ -404,7 +404,7 @@ public async Task WhenAttemptingToLinkExternalToAccountWithExistingExternals_Rej
                     "theReturnUrl", linkingAccount: true);
 
                 // Assert
-                GetMock<AuthenticationService>().Verify(a => a.CreateSessionAsync(controller.OwinContext, authUser), Times.Never());
+                GetMock<AuthenticationService>().Verify(a => a.CreateSessionAsync(controller.OwinContext, authUser, false), Times.Never());
                 ResultAssert.IsView(result, viewName: SignInViewNuGetName);
                 Assert.False(controller.ModelState.IsValid);
                 Assert.Equal(Strings.AccountIsLinkedToAnotherExternalAccount, controller.ModelState[SignInViewName].Errors[0].ErrorMessage);
@@ -463,7 +463,7 @@ public async Task WhenAttemptingToLinkExternalToAdminUserWithExistingExternals_A
                     .Verify(x => x.AddCredential(authUser.User, externalCredential));
 
                 GetMock<AuthenticationService>()
-                    .Verify(x => x.CreateSessionAsync(controller.OwinContext, authUser));
+                    .Verify(x => x.CreateSessionAsync(controller.OwinContext, authUser, false));
 
                 GetMock<IMessageService>()
                     .Verify(x => x.SendCredentialAddedNotice(authUser.User, credentialViewModel));
@@ -501,7 +501,7 @@ public async Task GivenExpiredExternalAuth_ItRedirectsBackToLogOnWithExternalAut
                 // Assert
                 VerifyExternalLinkExpiredResult(controller, result);
                 GetMock<AuthenticationService>()
-                    .Verify(x => x.CreateSessionAsync(It.IsAny<IOwinContext>(), It.IsAny<AuthenticatedUser>()), Times.Never());
+                    .Verify(x => x.CreateSessionAsync(It.IsAny<IOwinContext>(), It.IsAny<AuthenticatedUser>(), false), Times.Never());
             }
 
             [Fact]
@@ -530,7 +530,7 @@ public async Task GivenValidExternalAuth_ItLinksCredentialSendsEmailAndLogsIn()
                 var controller = GetController<AuthenticationController>();
 
                 GetMock<AuthenticationService>()
-                    .Setup(x => x.CreateSessionAsync(controller.OwinContext, It.IsAny<AuthenticatedUser>()))
+                    .Setup(x => x.CreateSessionAsync(controller.OwinContext, It.IsAny<AuthenticatedUser>(), false))
                     .Returns(Task.FromResult(0))
                     .Verifiable();
                 GetMock<AuthenticationService>()
@@ -609,7 +609,7 @@ public async Task GivenAdminLogsInWithValidExternalAuth_ItChallengesWhenNotUsing
                 else
                 {
                     GetMock<AuthenticationService>()
-                       .Setup(x => x.CreateSessionAsync(controller.OwinContext, It.IsAny<AuthenticatedUser>()))
+                       .Setup(x => x.CreateSessionAsync(controller.OwinContext, It.IsAny<AuthenticatedUser>(), false))
                        .Returns(Task.FromResult(0))
                        .Verifiable();
                 }
@@ -704,7 +704,7 @@ public async Task WillCreateAndLogInTheUserWhenNotLinking()
                     .CompletesWith(authUser);
 
                 authenticationService
-                    .Setup(x => x.CreateSessionAsync(controller.OwinContext, authUser))
+                    .Setup(x => x.CreateSessionAsync(controller.OwinContext, authUser, false))
                     .Returns(Task.FromResult(0))
                     .Verifiable();
 
@@ -752,7 +752,7 @@ public async Task WillNotSendConfirmationEmailWhenConfirmEmailAddressesIsOff()
                 var controller = GetController<AuthenticationController>();
 
                 GetMock<AuthenticationService>()
-                    .Setup(x => x.CreateSessionAsync(controller.OwinContext, authUser))
+                    .Setup(x => x.CreateSessionAsync(controller.OwinContext, authUser, false))
                     .Returns(Task.FromResult(0))
                     .Verifiable();
 
@@ -785,7 +785,7 @@ public async Task GivenExpiredExternalAuth_ItRedirectsBackToLogOnWithExternalAut
                 var controller = GetController<AuthenticationController>();
 
                 GetMock<AuthenticationService>()
-                    .Setup(x => x.CreateSessionAsync(controller.OwinContext, authUser))
+                    .Setup(x => x.CreateSessionAsync(controller.OwinContext, authUser, false))
                     .Verifiable();
                 GetMock<AuthenticationService>()
                     .Setup(x => x.ReadExternalLoginCredential(controller.OwinContext))
@@ -805,7 +805,7 @@ public async Task GivenExpiredExternalAuth_ItRedirectsBackToLogOnWithExternalAut
                 // Assert
                 VerifyExternalLinkExpiredResult(controller, result);
                 GetMock<AuthenticationService>()
-                    .Verify(x => x.CreateSessionAsync(It.IsAny<IOwinContext>(), It.IsAny<AuthenticatedUser>()), Times.Never());
+                    .Verify(x => x.CreateSessionAsync(It.IsAny<IOwinContext>(), It.IsAny<AuthenticatedUser>(), false), Times.Never());
                 GetMock<AuthenticationService>()
                     .Verify(x => x.Register("theUsername", "theEmailAddress", It.IsAny<Credential>()), Times.Never());
             }
@@ -830,7 +830,7 @@ public async Task GivenValidExternalAuth_ItCreatesAccountAndLinksCredential()
                     .Setup(x => x.Register(authUser.User.Username, authUser.User.UnconfirmedEmailAddress, externalCred))
                     .CompletesWith(authUser);
                 authenticationServiceMock
-                    .Setup(x => x.CreateSessionAsync(controller.OwinContext, authUser))
+                    .Setup(x => x.CreateSessionAsync(controller.OwinContext, authUser, false))
                     .Returns(Task.FromResult(0))
                     .Verifiable();
 
@@ -910,7 +910,7 @@ public async Task GivenAdminLogsInWithExternalIdentity_ItChallengesWhenNotUsingR
                 else
                 {
                     GetMock<AuthenticationService>()
-                       .Setup(x => x.CreateSessionAsync(controller.OwinContext, authUser))
+                       .Setup(x => x.CreateSessionAsync(controller.OwinContext, authUser, false))
                        .Returns(Task.FromResult(0))
                        .Verifiable();
                 }
@@ -1059,7 +1059,7 @@ public async Task GivenNewCredential_ItSuccessfullyReplacesExternalCredentialsAn
                     .Verifiable();
 
                 serviceMock
-                    .Setup(x => x.CreateSessionAsync(It.IsAny<IOwinContext>(), authUser))
+                    .Setup(x => x.CreateSessionAsync(It.IsAny<IOwinContext>(), authUser, false))
                     .Completes()
                     .Verifiable();
 
@@ -1229,7 +1229,7 @@ public async Task GivenAssociatedLocalUser_ItCreatesASessionAndSafeRedirectsToRe
                     });
 
                 GetMock<AuthenticationService>()
-                    .Setup(x => x.CreateSessionAsync(controller.OwinContext, authUser))
+                    .Setup(x => x.CreateSessionAsync(controller.OwinContext, authUser, false))
                     .Returns(Task.CompletedTask);
 
                 // Act
@@ -1279,6 +1279,57 @@ public async Task ShouldChallengeForEnforcedMultiFactorAuthentication()
                     .VerifyAll();
             }
 
+            [Theory]
+            [InlineData("MicrosoftAccount", true)]
+            [InlineData("AzureActiveDirectory", false)]
+            public async Task ShouldUpdateMultiFactorSettingForMicrosoftAccounts(string credType, bool enabled2FA)
+            {
+                // Arrange
+                var email = "test@email.com";
+                var cred = new CredentialBuilder().CreateExternalCredential(credType, "blorg", "Bloog");
+                var user = Get<Fakes>().CreateUser("test", cred);
+                user.EnableMultiFactorAuthentication = false;
+                var authServiceMock = GetMock<AuthenticationService>(); // Force a mock to be created
+                var controller = GetController<AuthenticationController>();
+                var userServiceMock = GetMock<IUserService>();
+                var authUser = new AuthenticatedUser(user, cred);
+
+                authServiceMock
+                    .Setup(x => x.AuthenticateExternalLogin(controller.OwinContext))
+                    .CompletesWith(new AuthenticateExternalLoginResult()
+                    {
+                        ExternalIdentity = new ClaimsIdentity(),
+                        Credential = cred,
+                        Authentication = authUser,
+                        Authenticator = new AzureActiveDirectoryV2Authenticator(),
+                        LoginDetails = new ExternalLoginSessionDetails(email, usedMultiFactorAuthentication: true)
+                    });
+
+                authServiceMock
+                    .Setup(x => x.CreateSessionAsync(controller.OwinContext, authUser, It.IsAny<bool>()))
+                    .Returns(Task.CompletedTask);
+
+                userServiceMock
+                    .Setup(x => x.ChangeMultiFactorAuthentication(authUser.User, true))
+                    .Returns(Task.CompletedTask)
+                    .Verifiable();
+
+                var returnUrl = "theReturnUrl";
+
+                // Act
+                var result = await controller.LinkExternalAccount(returnUrl);
+
+                // Assert
+                authServiceMock.VerifyAll();
+                userServiceMock.Verify(x => x.ChangeMultiFactorAuthentication(authUser.User, true), enabled2FA ? Times.Once() : Times.Never());
+                if (enabled2FA)
+                {
+                    Assert.Equal(Strings.MultiFactorAuth_LoginUpdate, controller.TempData["Message"]);
+                }
+
+                ResultAssert.IsSafeRedirectTo(result, returnUrl);
+            }
+
             [Theory]
             [InlineData("MicrosoftAccount", true)]
             [InlineData("AzureActiveDirectory", false)]
@@ -1319,7 +1370,7 @@ public async Task GivenAssociatedLocalAdminUser_ItChallengesWhenNotUsingRequired
                 else
                 {
                     GetMock<AuthenticationService>()
-                       .Setup(x => x.CreateSessionAsync(controller.OwinContext, authUser))
+                       .Setup(x => x.CreateSessionAsync(controller.OwinContext, authUser, false))
                        .Returns(Task.FromResult(0))
                        .Verifiable();
                 }
diff --git a/tests/NuGetGallery.Facts/Controllers/ControllerTests.cs b/tests/NuGetGallery.Facts/Controllers/ControllerTests.cs
index ade0995ce8..ba61e5cd43 100644
--- a/tests/NuGetGallery.Facts/Controllers/ControllerTests.cs
+++ b/tests/NuGetGallery.Facts/Controllers/ControllerTests.cs
@@ -1,13 +1,13 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using NuGetGallery.Filters;
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Reflection;
 using System.Runtime.CompilerServices;
 using System.Web.Mvc;
+using NuGetGallery.Filters;
 using Xunit;
 
 namespace NuGetGallery.Controllers
@@ -31,7 +31,7 @@ public ControllerActionRuleException(MethodInfo method)
                 Controller = method.DeclaringType;
                 Name = method.Name;
             }
-            
+
             public bool Equals(ControllerActionRuleException other)
             {
                 return other != null && other.Controller == Controller && other.Name == Name;
@@ -98,7 +98,7 @@ public void AllActionsHaveAntiForgeryTokenIfNotGet()
         public void AllActionsHaveUIAuthorizeAttribute()
         {
             // Arrange
-            
+
             // These actions are allowed to continue to support a discontinued login.
             var expectedActionsSupportingDiscontinuedLogins = new ControllerActionRuleException[]
             {
@@ -118,7 +118,7 @@ public void AllActionsHaveUIAuthorizeAttribute()
             var actions = GetAllActions();
 
             // Assert
-            
+
             // No actions should have the base authorize attribute!
             var actionsWithBaseAuthorizeAttribute = actions
                 .Where(m => m.GetCustomAttributes().Any(a => a.GetType() == typeof(AuthorizeAttribute)));
@@ -154,4 +154,4 @@ private IEnumerable<MethodInfo> GetAllActions(IEnumerable<ControllerActionRuleEx
                 });
         }
     }
-}
+}
\ No newline at end of file
diff --git a/tests/NuGetGallery.Facts/Controllers/OrganizationsControllerFacts.cs b/tests/NuGetGallery.Facts/Controllers/OrganizationsControllerFacts.cs
index cafaa28f0e..f7be7ddbdb 100644
--- a/tests/NuGetGallery.Facts/Controllers/OrganizationsControllerFacts.cs
+++ b/tests/NuGetGallery.Facts/Controllers/OrganizationsControllerFacts.cs
@@ -2,13 +2,20 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Collections.Generic;
 using System.Globalization;
+using System.IO;
+using System.Linq;
 using System.Net;
-using System.Net.Mail;
+using System.Text;
 using System.Threading.Tasks;
+using System.Web;
 using System.Web.Mvc;
 using Moq;
+using NuGetGallery.Areas.Admin.ViewModels;
+using NuGetGallery.Authentication;
 using NuGetGallery.Framework;
+using NuGetGallery.Security;
 using Xunit;
 
 namespace NuGetGallery
@@ -16,6 +23,11 @@ namespace NuGetGallery
     public class OrganizationsControllerFacts
         : AccountsControllerFacts<OrganizationsController, Organization, OrganizationAccountViewModel>
     {
+        private static Func<Fakes, User> _getFakesUser = (Fakes fakes) => fakes.User;
+        private static Func<Fakes, User> _getFakesSiteAdmin = (Fakes fakes) => fakes.Admin;
+        private static Func<Fakes, User> _getFakesOrganizationAdmin = (Fakes fakes) => fakes.OrganizationAdmin;
+        private static Func<Fakes, User> _getFakesOrganizationCollaborator = (Fakes fakes) => fakes.OrganizationCollaborator;
+
         public class TheAccountAction : TheAccountBaseAction
         {
             protected override ActionResult InvokeAccount(OrganizationsController controller)
@@ -24,81 +36,78 @@ protected override ActionResult InvokeAccount(OrganizationsController controller
                 return controller.ManageOrganization(accountName);
             }
 
-            protected override User GetCurrentUser(OrganizationsController controller)
+            public static IEnumerable<object[]> AllowedCurrentUsers_Data
             {
-                return controller.GetCurrentUser() ?? Fakes.OrganizationAdmin;
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesSiteAdmin);
+                    yield return MemberDataHelper.AsData(_getFakesOrganizationAdmin);
+                    yield return MemberDataHelper.AsData(_getFakesOrganizationCollaborator);
+                }
             }
 
             // Note general account tests are in the base class. Organization-specific tests are below.
 
-            [Fact]
-            public void WhenCurrentUserIsCollaborator_ReturnsReadOnly()
+            public static IEnumerable<object[]> WithNonOrganizationAdmin_ReturnsPartialPermissions_Data
             {
-                // Arrange
-                var controller = GetController();
-                var account = GetAccount(controller);
-                controller.SetCurrentUser(Fakes.OrganizationCollaborator);
-
-                // Act
-                var result = InvokeAccount(controller);
-
-                // Assert
-                var model = ResultAssert.IsView<OrganizationAccountViewModel>(result, "ManageOrganization");
-                Assert.False(model.CanManage);
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesSiteAdmin, false, true);
+                    yield return MemberDataHelper.AsData(_getFakesOrganizationCollaborator, false, false);
+                }
             }
 
-            [Fact]
-            public void WhenCurrentUserIsNotMember_ReturnsForbidden()
+            [Theory]
+            [MemberData(nameof(WithNonOrganizationAdmin_ReturnsPartialPermissions_Data))]
+            public void WithNonOrganizationAdmin_ReturnsPartialPermissions(Func<Fakes, User> getCurrentUser, bool canManage, bool canManageMemberships)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
-                controller.SetCurrentUser(Fakes.User);
+                controller.SetCurrentUser(getCurrentUser(Fakes));
 
                 // Act
-                var result = InvokeAccount(controller) as HttpStatusCodeResult;
+                var result = InvokeAccount(controller);
 
                 // Assert
-                Assert.NotNull(result);
-                Assert.Equal((int)HttpStatusCode.Forbidden, result.StatusCode);
+                var model = ResultAssert.IsView<OrganizationAccountViewModel>(result, "ManageOrganization");
+                Assert.Equal(canManage, model.CanManage);
+                Assert.Equal(canManageMemberships, model.CanManageMemberships);
             }
         }
 
         public class TheCancelChangeEmailAction : TheCancelChangeEmailBaseAction
         {
-            protected override User GetCurrentUser(OrganizationsController controller)
+            public static IEnumerable<object[]> AllowedCurrentUsers_Data
             {
-                return controller.GetCurrentUser() ?? Fakes.OrganizationAdmin;
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesOrganizationAdmin);
+                }
             }
 
             // Note general account tests are in the base class. Organization-specific tests are below.
 
-            [Fact]
-            public async Task WhenCurrentUserIsCollaborator_ReturnsForbidden()
+            public static IEnumerable<object[]> WithNonOrganizationAdmin_ReturnsForbidden_Data
             {
-                // Arrange
-                var controller = GetController();
-                var account = GetAccount(controller);
-                controller.SetCurrentUser(Fakes.OrganizationCollaborator);
-
-                // Act
-                var result = await InvokeCancelChangeEmail(controller, account) as HttpStatusCodeResult;
-
-                // Assert
-                Assert.NotNull(result);
-                Assert.Equal((int)HttpStatusCode.Forbidden, result.StatusCode);
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesUser);
+                    yield return MemberDataHelper.AsData(_getFakesSiteAdmin);
+                    yield return MemberDataHelper.AsData(_getFakesOrganizationCollaborator);
+                }
             }
 
-            [Fact]
-            public async Task WhenCurrentUserIsNotMember_ReturnsForbidden()
+            [Theory]
+            [MemberData(nameof(WithNonOrganizationAdmin_ReturnsForbidden_Data))]
+            public async Task WithNonOrganizationAdmin_ReturnsForbidden(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
-                controller.SetCurrentUser(Fakes.User);
 
                 // Act
-                var result = await InvokeCancelChangeEmail(controller, account) as HttpStatusCodeResult;
+                var result = await InvokeCancelChangeEmail(controller, account, getCurrentUser) as HttpStatusCodeResult;
 
                 // Assert
                 Assert.NotNull(result);
@@ -108,39 +117,36 @@ public async Task WhenCurrentUserIsNotMember_ReturnsForbidden()
 
         public class TheChangeEmailAction : TheChangeEmailBaseAction
         {
-            protected override User GetCurrentUser(OrganizationsController controller)
+            public static IEnumerable<object[]> AllowedCurrentUsers_Data
             {
-                return controller.GetCurrentUser() ?? Fakes.OrganizationAdmin;
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesOrganizationAdmin);
+                }
             }
 
             // Note general account tests are in the base class. Organization-specific tests are below.
 
-            [Fact]
-            public async Task WhenCurrentUserIsCollaborator_ReturnsForbidden()
+            public static IEnumerable<object[]> WithNonOrganizationAdmin_ReturnsForbidden_Data
             {
-                // Arrange
-                var controller = GetController();
-                var account = GetAccount(controller);
-                controller.SetCurrentUser(Fakes.OrganizationCollaborator);
-
-                // Act
-                var result = await InvokeChangeEmail(controller, account) as HttpStatusCodeResult;
-
-                // Assert
-                Assert.NotNull(result);
-                Assert.Equal((int)HttpStatusCode.Forbidden, result.StatusCode);
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesUser);
+                    yield return MemberDataHelper.AsData(_getFakesSiteAdmin);
+                    yield return MemberDataHelper.AsData(_getFakesOrganizationCollaborator);
+                }
             }
 
-            [Fact]
-            public async Task WhenCurrentUserIsNotMember_ReturnsForbidden()
+            [Theory]
+            [MemberData(nameof(WithNonOrganizationAdmin_ReturnsForbidden_Data))]
+            public async Task WithNonOrganizationAdmin_ReturnsForbidden(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
-                controller.SetCurrentUser(Fakes.User);
 
                 // Act
-                var result = await InvokeChangeEmail(controller, account) as HttpStatusCodeResult;
+                var result = await InvokeChangeEmail(controller, account, getCurrentUser) as HttpStatusCodeResult;
 
                 // Assert
                 Assert.NotNull(result);
@@ -150,37 +156,37 @@ public async Task WhenCurrentUserIsNotMember_ReturnsForbidden()
 
         public class TheChangeEmailSubscriptionAction : TheChangeEmailSubscriptionBaseAction
         {
-            protected override User GetCurrentUser(OrganizationsController controller)
+            public static IEnumerable<object[]> AllowedCurrentUsers_Data
             {
-                return controller.GetCurrentUser() ?? Fakes.OrganizationAdmin;
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesOrganizationAdmin);
+                }
             }
 
+            public static IEnumerable<object[]> UpdatesEmailPreferences_Data => MemberDataHelper.Combine(AllowedCurrentUsers_Data, UpdatesEmailPreferences_DefaultData);
+
             // Note general account tests are in the base class. Organization-specific tests are below.
 
-            [Fact]
-            public async Task WhenCurrentUserIsCollaborator_ReturnsForbidden()
+            public static IEnumerable<object[]> WithNonOrganizationAdmin_ReturnsForbidden_Data
             {
-                // Arrange
-                var controller = GetController();
-                controller.SetCurrentUser(Fakes.OrganizationCollaborator);
-
-                // Act
-                var result = await InvokeChangeEmailSubscription(controller) as HttpStatusCodeResult;
-
-                // Assert
-                Assert.NotNull(result);
-                Assert.Equal((int)HttpStatusCode.Forbidden, result.StatusCode);
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesUser);
+                    yield return MemberDataHelper.AsData(_getFakesSiteAdmin);
+                    yield return MemberDataHelper.AsData(_getFakesOrganizationCollaborator);
+                }
             }
 
-            [Fact]
-            public async Task WhenCurrentUserIsNotMember_ReturnsForbidden()
+            [Theory]
+            [MemberData(nameof(WithNonOrganizationAdmin_ReturnsForbidden_Data))]
+            public async Task WithNonOrganizationAdmin_ReturnsForbidden(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
-                controller.SetCurrentUser(Fakes.User);
 
                 // Act
-                var result = await InvokeChangeEmailSubscription(controller) as HttpStatusCodeResult;
+                var result = await InvokeChangeEmailSubscription(controller, getCurrentUser) as HttpStatusCodeResult;
 
                 // Assert
                 Assert.NotNull(result);
@@ -190,39 +196,36 @@ public async Task WhenCurrentUserIsNotMember_ReturnsForbidden()
 
         public class TheConfirmationRequiredAction : TheConfirmationRequiredBaseAction
         {
-            protected override User GetCurrentUser(OrganizationsController controller)
+            public static IEnumerable<object[]> AllowedCurrentUsers_Data
             {
-                return controller.GetCurrentUser() ?? Fakes.OrganizationAdmin;
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesOrganizationAdmin);
+                }
             }
 
             // Note general account tests are in the base class. Organization-specific tests are below.
 
-            [Fact]
-            public void WhenUserIsCollaborator_ReturnsForbidden()
+            public static IEnumerable<object[]> WithNonOrganizationAdmin_ReturnsForbidden_Data
             {
-                // Arrange
-                var controller = GetController();
-                var account = GetAccount(controller);
-                controller.SetCurrentUser(Fakes.OrganizationCollaborator);
-
-                // Act
-                var result = InvokeConfirmationRequired(controller, account) as HttpStatusCodeResult;
-
-                // Assert
-                Assert.NotNull(result);
-                Assert.Equal((int)HttpStatusCode.Forbidden, result.StatusCode);
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesUser);
+                    yield return MemberDataHelper.AsData(_getFakesSiteAdmin);
+                    yield return MemberDataHelper.AsData(_getFakesOrganizationCollaborator);
+                }
             }
 
-            [Fact]
-            public void WhenUserIsNotMember_ReturnsForbidden()
+            [Theory]
+            [MemberData(nameof(WithNonOrganizationAdmin_ReturnsForbidden_Data))]
+            public void WithNonOrganizationAdmin_ReturnsForbidden(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
-                controller.SetCurrentUser(Fakes.User);
 
                 // Act
-                var result = InvokeConfirmationRequired(controller, account) as HttpStatusCodeResult;
+                var result = InvokeConfirmationRequired(controller, account, getCurrentUser) as HttpStatusCodeResult;
 
                 // Assert
                 Assert.NotNull(result);
@@ -232,39 +235,36 @@ public void WhenUserIsNotMember_ReturnsForbidden()
 
         public class TheConfirmationRequiredPostAction : TheConfirmationRequiredPostBaseAction
         {
-            protected override User GetCurrentUser(OrganizationsController controller)
+            public static IEnumerable<object[]> AllowedCurrentUsers_Data
             {
-                return controller.GetCurrentUser() ?? Fakes.OrganizationAdmin;
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesOrganizationAdmin);
+                }
             }
 
             // Note general account tests are in the base class. Organization-specific tests are below.
 
-            [Fact]
-            public void WhenUserIsCollaborator_ReturnsForbidden()
+            public static IEnumerable<object[]> WithNonOrganizationAdmin_ReturnsForbidden_Data
             {
-                // Arrange
-                var controller = GetController();
-                var account = GetAccount(controller);
-                controller.SetCurrentUser(Fakes.OrganizationCollaborator);
-
-                // Act
-                var result = InvokeConfirmationRequiredPost(controller, account) as HttpStatusCodeResult;
-
-                // Assert
-                Assert.NotNull(result);
-                Assert.Equal((int)HttpStatusCode.Forbidden, result.StatusCode);
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesUser);
+                    yield return MemberDataHelper.AsData(_getFakesSiteAdmin);
+                    yield return MemberDataHelper.AsData(_getFakesOrganizationCollaborator);
+                }
             }
 
-            [Fact]
-            public void WhenUserIsNotMember_ReturnsForbidden()
+            [Theory]
+            [MemberData(nameof(WithNonOrganizationAdmin_ReturnsForbidden_Data))]
+            public void WithNonOrganizationAdmin_ReturnsForbidden(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
-                controller.SetCurrentUser(Fakes.User);
 
                 // Act
-                var result = InvokeConfirmationRequiredPost(controller, account) as HttpStatusCodeResult;
+                var result = InvokeConfirmationRequiredPost(controller, account, getCurrentUser) as HttpStatusCodeResult;
 
                 // Assert
                 Assert.NotNull(result);
@@ -274,40 +274,36 @@ public void WhenUserIsNotMember_ReturnsForbidden()
 
         public class TheConfirmAction : TheConfirmBaseAction
         {
-            protected override User GetCurrentUser(OrganizationsController controller)
+            public static IEnumerable<object[]> AllowedCurrentUsers_Data
             {
-                return controller.GetCurrentUser() ?? Fakes.OrganizationAdmin;
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesOrganizationAdmin);
+                }
             }
 
             // Note general account tests are in the base class. Organization-specific tests are below.
 
-            [Fact]
-            public async Task WhenUserIsCollaborator_ReturnsNonSuccess()
+            public static IEnumerable<object[]> WithNonOrganizationAdmin_ReturnsForbidden_Data
             {
-                // Arrange
-                var controller = GetController();
-                var account = GetAccount(controller);
-                controller.SetCurrentUser(Fakes.OrganizationCollaborator);
-
-                // Act
-                var result = await InvokeConfirm(controller, account);
-
-                // Assert
-                var model = ResultAssert.IsView<ConfirmationViewModel>(result);
-                Assert.True(model.WrongUsername);
-                Assert.False(model.SuccessfulConfirmation);
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesUser);
+                    yield return MemberDataHelper.AsData(_getFakesSiteAdmin);
+                    yield return MemberDataHelper.AsData(_getFakesOrganizationCollaborator);
+                }
             }
 
-            [Fact]
-            public async Task WhenUserIsNotMember_ReturnsNonSuccess()
+            [Theory]
+            [MemberData(nameof(WithNonOrganizationAdmin_ReturnsForbidden_Data))]
+            public async Task WithNonOrganizationAdmin_ReturnsForbidden(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
-                controller.SetCurrentUser(Fakes.User);
 
                 // Act
-                var result = await InvokeConfirm(controller, account);
+                var result = await InvokeConfirm(controller, account, getCurrentUser);
 
                 // Assert
                 var model = ResultAssert.IsView<ConfirmationViewModel>(result);
@@ -400,40 +396,38 @@ public class TheAddMemberAction : AccountsControllerTestContainer
         {
             private const string defaultMemberName = "member";
 
-            protected override User GetCurrentUser(OrganizationsController controller)
+            public static IEnumerable<object[]> AllowedCurrentUsers_Data
             {
-                return controller.GetCurrentUser() ?? Fakes.OrganizationAdmin;
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesSiteAdmin);
+                    yield return MemberDataHelper.AsData(_getFakesOrganizationAdmin);
+                }
             }
 
-            [Fact]
-            public async Task WhenUserIsCollaborator_ReturnsNonSuccess()
-            {
-                // Arrange
-                var controller = GetController();
-                var account = GetAccount(controller);
-                controller.SetCurrentUser(Fakes.OrganizationCollaborator);
-
-                // Act
-                var result = await InvokeAddMember(controller, account);
-
-                // Assert
-                Assert.Equal((int)HttpStatusCode.Forbidden, controller.Response.StatusCode);
-                Assert.IsType<JsonResult>(result);
-                Assert.Equal(Strings.Unauthorized, result.Data);
+            public static IEnumerable<object[]> AllowedCurrentUsers_IsAdmin_Data => MemberDataHelper.Combine(
+                AllowedCurrentUsers_Data, 
+                new[] { MemberDataHelper.AsData(false), MemberDataHelper.AsData(true) });
 
-                GetMock<IUserService>().Verify(s => s.AddMembershipRequestAsync(It.IsAny<Organization>(), It.IsAny<string>(), It.IsAny<bool>()), Times.Never);
+            public static IEnumerable<object[]> WithNonOrganizationAdmin_ReturnsForbidden_Data
+            {
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesUser);
+                    yield return MemberDataHelper.AsData(_getFakesOrganizationCollaborator);
+                }
             }
 
-            [Fact]
-            public async Task WhenCurrentUserIsNotMember_ReturnsNonSuccess()
+            [Theory]
+            [MemberData(nameof(WithNonOrganizationAdmin_ReturnsForbidden_Data))]
+            public async Task WithNonOrganizationAdmin_ReturnsForbidden(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
-                controller.SetCurrentUser(Fakes.User);
 
                 // Act
-                var result = await InvokeAddMember(controller, account);
+                var result = await InvokeAddMember(controller, account, getCurrentUser);
 
                 // Assert
                 Assert.Equal((int)HttpStatusCode.Forbidden, controller.Response.StatusCode);
@@ -443,8 +437,9 @@ public async Task WhenCurrentUserIsNotMember_ReturnsNonSuccess()
                 GetMock<IUserService>().Verify(s => s.AddMembershipRequestAsync(It.IsAny<Organization>(), It.IsAny<string>(), It.IsAny<bool>()), Times.Never);
             }
 
-            [Fact]
-            public async Task WhenOrganizationIsNotConfirmed_ReturnsNonSuccess()
+            [Theory]
+            [MemberData(nameof(AllowedCurrentUsers_Data))]
+            public async Task WhenOrganizationIsNotConfirmed_ReturnsNonSuccess(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
@@ -452,7 +447,7 @@ public async Task WhenOrganizationIsNotConfirmed_ReturnsNonSuccess()
                 account.EmailAddress = null;
 
                 // Act
-                var result = await InvokeAddMember(controller, account);
+                var result = await InvokeAddMember(controller, account, getCurrentUser);
 
                 // Assert
                 Assert.Equal((int)HttpStatusCode.BadRequest, controller.Response.StatusCode);
@@ -463,16 +458,15 @@ public async Task WhenOrganizationIsNotConfirmed_ReturnsNonSuccess()
             }
 
             [Theory]
-            [InlineData(true)]
-            [InlineData(false)]
-            public async Task WhenEntityException_ReturnsNonSuccess(bool isAdmin)
+            [MemberData(nameof(AllowedCurrentUsers_IsAdmin_Data))]
+            public async Task WhenEntityException_ReturnsNonSuccess(Func<Fakes, User> getCurrentUser, bool isAdmin)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
 
                 // Act
-                var result = await InvokeAddMember(controller, account, isAdmin: isAdmin,
+                var result = await InvokeAddMember(controller, account, getCurrentUser, isAdmin: isAdmin,
                     exception: new EntityException("error"));
 
                 // Assert
@@ -484,16 +478,15 @@ public async Task WhenEntityException_ReturnsNonSuccess(bool isAdmin)
             }
 
             [Theory]
-            [InlineData(true)]
-            [InlineData(false)]
-            public async Task WhenMembershipRequestCreated_ReturnsSuccess(bool isAdmin)
+            [MemberData(nameof(AllowedCurrentUsers_IsAdmin_Data))]
+            public async Task WhenMembershipRequestCreated_ReturnsSuccess(Func<Fakes, User> getCurrentUser, bool isAdmin)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
 
                 // Act
-                var result = await InvokeAddMember(controller, account, isAdmin: isAdmin);
+                var result = await InvokeAddMember(controller, account, getCurrentUser, isAdmin: isAdmin);
 
                 // Assert
                 Assert.Equal(0, controller.Response.StatusCode);
@@ -526,15 +519,16 @@ public async Task WhenMembershipRequestCreated_ReturnsSuccess(bool isAdmin)
             private Task<JsonResult> InvokeAddMember(
                 OrganizationsController controller,
                 Organization account,
+                Func<Fakes, User> getCurrentUser,
                 string memberName = defaultMemberName,
                 bool isAdmin = false,
                 EntityException exception = null)
             {
                 // Arrange
-                controller.SetCurrentUser(GetCurrentUser(controller));
+                controller.SetCurrentUser(getCurrentUser(Fakes));
 
                 var userService = GetMock<IUserService>();
-                userService.Setup(u => u.FindByUsername(account.Username))
+                userService.Setup(u => u.FindByUsername(account.Username, false))
                     .Returns(account as User);
                 var setup = userService.Setup(u => u.AddMembershipRequestAsync(It.IsAny<Organization>(), memberName, isAdmin));
                 if (exception != null)
@@ -562,11 +556,6 @@ public class TheConfirmMemberAction : AccountsControllerTestContainer
         {
             private const string defaultConfirmationToken = "token";
 
-            protected override User GetCurrentUser(OrganizationsController controller)
-            {
-                return controller.GetCurrentUser() ?? Fakes.User;
-            }
-
             [Theory]
             [InlineData(true)]
             [InlineData(false)]
@@ -624,12 +613,12 @@ public async Task WhenMembershipRequestCreated_ReturnsSuccess(bool isAdmin)
                 var result = await InvokeConfirmMember(controller, account, isAdmin: isAdmin);
 
                 // Assert
-                ResultAssert.IsRedirectTo(result, 
+                ResultAssert.IsRedirectTo(result,
                     controller.Url.ManageMyOrganization(account.Username));
 
 
                 Assert.Equal(String.Format(CultureInfo.CurrentCulture,
-                    Strings.AddMember_Success, account.Username), 
+                    Strings.AddMember_Success, account.Username),
                     controller.TempData["Message"]);
 
                 GetMock<IUserService>().Verify(s => s.AddMemberAsync(account, Fakes.User.Username, defaultConfirmationToken), Times.Once);
@@ -647,14 +636,14 @@ private Task<ActionResult> InvokeConfirmMember(
                 EntityException exception = null)
             {
                 // Arrange
-                controller.SetCurrentUser(GetCurrentUser(controller));
+                controller.SetCurrentUser(Fakes.User);
 
                 var currentUser = controller.GetCurrentUser();
 
                 var userService = GetMock<IUserService>();
                 if (account != null)
                 {
-                    userService.Setup(u => u.FindByUsername(account.Username))
+                    userService.Setup(u => u.FindByUsername(account.Username, false))
                         .Returns(account as User);
                 }
                 var setup = userService.Setup(u => u.AddMemberAsync(It.IsAny<Organization>(), currentUser.Username, confirmationToken));
@@ -682,11 +671,6 @@ public class TheRejectMemberAction : AccountsControllerTestContainer
         {
             private const string defaultConfirmationToken = "token";
 
-            protected override User GetCurrentUser(OrganizationsController controller)
-            {
-                return controller.GetCurrentUser() ?? Fakes.User;
-            }
-
             [Theory]
             [InlineData(true)]
             [InlineData(false)]
@@ -762,14 +746,14 @@ private Task<ActionResult> InvokeRejectMember(
                 EntityException exception = null)
             {
                 // Arrange
-                controller.SetCurrentUser(GetCurrentUser(controller));
+                controller.SetCurrentUser(Fakes.User);
 
                 var currentUser = controller.GetCurrentUser();
 
                 var userService = GetMock<IUserService>();
                 if (account != null)
                 {
-                    userService.Setup(u => u.FindByUsername(account.Username))
+                    userService.Setup(u => u.FindByUsername(account.Username, false))
                         .Returns(account as User);
                 }
                 var setup = userService.Setup(u => u.RejectMembershipRequestAsync(It.IsAny<Organization>(), currentUser.Username, confirmationToken));
@@ -797,40 +781,38 @@ public class TheUpdateMemberAction : AccountsControllerTestContainer
         {
             private const string defaultMemberName = "member";
 
-            protected override User GetCurrentUser(OrganizationsController controller)
+            public static IEnumerable<object[]> AllowedCurrentUsers_Data
             {
-                return controller.GetCurrentUser() ?? Fakes.OrganizationAdmin;
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesSiteAdmin);
+                    yield return MemberDataHelper.AsData(_getFakesOrganizationAdmin);
+                }
             }
 
-            [Fact]
-            public async Task WhenUserIsCollaborator_ReturnsNonSuccess()
-            {
-                // Arrange
-                var controller = GetController();
-                var account = GetAccount(controller);
-                controller.SetCurrentUser(Fakes.OrganizationCollaborator);
-
-                // Act
-                var result = await InvokeUpdateMember(controller, account);
-
-                // Assert
-                Assert.Equal((int)HttpStatusCode.Forbidden, controller.Response.StatusCode);
-                Assert.IsType<JsonResult>(result);
-                Assert.Equal(Strings.Unauthorized, result.Data);
+            public static IEnumerable<object[]> AllowedCurrentUsers_IsAdmin_Data => MemberDataHelper.Combine(
+                AllowedCurrentUsers_Data,
+                new[] { MemberDataHelper.AsData(false), MemberDataHelper.AsData(true) });
 
-                GetMock<IUserService>().Verify(s => s.UpdateMemberAsync(It.IsAny<Organization>(), It.IsAny<string>(), It.IsAny<bool>()), Times.Never);
+            public static IEnumerable<object[]> WithNonOrganizationAdmin_ReturnsForbidden_Data
+            {
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesUser);
+                    yield return MemberDataHelper.AsData(_getFakesOrganizationCollaborator);
+                }
             }
 
-            [Fact]
-            public async Task WhenUserIsNotMember_ReturnsNonSuccess()
+            [Theory]
+            [MemberData(nameof(WithNonOrganizationAdmin_ReturnsForbidden_Data))]
+            public async Task WithNonOrganizationAdmin_ReturnsForbidden(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
-                controller.SetCurrentUser(Fakes.User);
 
                 // Act
-                var result = await InvokeUpdateMember(controller, account);
+                var result = await InvokeUpdateMember(controller, account, getCurrentUser);
 
                 // Assert
                 Assert.Equal((int)HttpStatusCode.Forbidden, controller.Response.StatusCode);
@@ -840,8 +822,9 @@ public async Task WhenUserIsNotMember_ReturnsNonSuccess()
                 GetMock<IUserService>().Verify(s => s.UpdateMemberAsync(It.IsAny<Organization>(), It.IsAny<string>(), It.IsAny<bool>()), Times.Never);
             }
 
-            [Fact]
-            public async Task WhenOrganizationIsUnconfirmed_ReturnsNonSuccess()
+            [Theory]
+            [MemberData(nameof(AllowedCurrentUsers_Data))]
+            public async Task WhenOrganizationIsUnconfirmed_ReturnsNonSuccess(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
@@ -849,7 +832,7 @@ public async Task WhenOrganizationIsUnconfirmed_ReturnsNonSuccess()
                 account.EmailAddress = null;
 
                 // Act
-                var result = await InvokeUpdateMember(controller, account);
+                var result = await InvokeUpdateMember(controller, account, getCurrentUser);
 
                 // Assert
                 Assert.Equal((int)HttpStatusCode.BadRequest, controller.Response.StatusCode);
@@ -860,16 +843,15 @@ public async Task WhenOrganizationIsUnconfirmed_ReturnsNonSuccess()
             }
 
             [Theory]
-            [InlineData(true)]
-            [InlineData(false)]
-            public async Task WhenEntityException_ReturnsNonSuccess(bool isAdmin)
+            [MemberData(nameof(AllowedCurrentUsers_IsAdmin_Data))]
+            public async Task WhenEntityException_ReturnsNonSuccess(Func<Fakes, User> getCurrentUser, bool isAdmin)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
 
                 // Act
-                var result = await InvokeUpdateMember(controller, account, isAdmin: isAdmin,
+                var result = await InvokeUpdateMember(controller, account, getCurrentUser, isAdmin: isAdmin,
                     exception: new EntityException("error"));
 
                 // Assert
@@ -881,16 +863,15 @@ public async Task WhenEntityException_ReturnsNonSuccess(bool isAdmin)
             }
 
             [Theory]
-            [InlineData(true)]
-            [InlineData(false)]
-            public async Task WhenMembershipCreated_ReturnsSuccess(bool isAdmin)
+            [MemberData(nameof(AllowedCurrentUsers_IsAdmin_Data))]
+            public async Task WhenMembershipCreated_ReturnsSuccess(Func<Fakes, User> getCurrentUser, bool isAdmin)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
 
                 // Act
-                var result = await InvokeUpdateMember(controller, account, isAdmin: isAdmin);
+                var result = await InvokeUpdateMember(controller, account, getCurrentUser, isAdmin: isAdmin);
 
                 // Assert
                 Assert.Equal(0, controller.Response.StatusCode);
@@ -910,15 +891,16 @@ public async Task WhenMembershipCreated_ReturnsSuccess(bool isAdmin)
             private Task<JsonResult> InvokeUpdateMember(
                 OrganizationsController controller,
                 Organization account,
+                Func<Fakes, User> getCurrentUser,
                 string memberName = defaultMemberName,
                 bool isAdmin = false,
                 EntityException exception = null)
             {
                 // Arrange
-                controller.SetCurrentUser(GetCurrentUser(controller));
+                controller.SetCurrentUser(getCurrentUser(Fakes));
 
                 var userService = GetMock<IUserService>();
-                userService.Setup(u => u.FindByUsername(account.Username))
+                userService.Setup(u => u.FindByUsername(account.Username, false))
                     .Returns(account as User);
                 var setup = userService.Setup(u => u.UpdateMemberAsync(It.IsAny<Organization>(), memberName, isAdmin));
                 if (exception != null)
@@ -945,41 +927,34 @@ public class TheDeleteMemberAction : AccountsControllerTestContainer
         {
             private const string defaultMemberName = "member";
 
-            protected override User GetCurrentUser(OrganizationsController controller)
+            public static IEnumerable<object[]> AllowedCurrentUsers_Data
             {
-                return controller.GetCurrentUser() ?? Fakes.OrganizationAdmin;
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesSiteAdmin);
+                    yield return MemberDataHelper.AsData(_getFakesOrganizationAdmin);
+                }
             }
 
-            [Fact]
-            public async Task WhenUserIsCollaborator_ReturnsNonSuccess()
+            public static IEnumerable<object[]> WithNonOrganizationAdmin_ReturnsForbidden_Data
             {
-                // Arrange
-                var controller = GetController();
-                var account = GetAccount(controller);
-                controller.SetCurrentUser(Fakes.OrganizationCollaborator);
-
-                // Act
-                var result = await InvokeDeleteMember(controller, account);
-
-                // Assert
-                Assert.Equal((int)HttpStatusCode.Forbidden, controller.Response.StatusCode);
-                Assert.IsType<JsonResult>(result);
-                Assert.Equal(Strings.Unauthorized, result.Data);
-
-                GetMock<IUserService>().Verify(s => s.DeleteMemberAsync(It.IsAny<Organization>(), It.IsAny<string>()), Times.Never);
-                GetMock<IMessageService>().Verify(s => s.SendOrganizationMemberRemovedNotice(It.IsAny<Organization>(), It.IsAny<User>()), Times.Never);
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesUser);
+                    yield return MemberDataHelper.AsData(_getFakesOrganizationCollaborator);
+                }
             }
 
-            [Fact]
-            public async Task WhenUserIsNotMember_ReturnsNonSuccess()
+            [Theory]
+            [MemberData(nameof(WithNonOrganizationAdmin_ReturnsForbidden_Data))]
+            public async Task WithNonOrganizationAdmin_ReturnsForbidden(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
-                controller.SetCurrentUser(Fakes.User);
 
                 // Act
-                var result = await InvokeDeleteMember(controller, account);
+                var result = await InvokeDeleteMember(controller, account, getCurrentUser);
 
                 // Assert
                 Assert.Equal((int)HttpStatusCode.Forbidden, controller.Response.StatusCode);
@@ -990,8 +965,9 @@ public async Task WhenUserIsNotMember_ReturnsNonSuccess()
                 GetMock<IMessageService>().Verify(s => s.SendOrganizationMemberRemovedNotice(It.IsAny<Organization>(), It.IsAny<User>()), Times.Never);
             }
 
-            [Fact]
-            public async Task WhenOrganizationIsUnconfirmed_ReturnsNonSuccess()
+            [Theory]
+            [MemberData(nameof(AllowedCurrentUsers_Data))]
+            public async Task WhenOrganizationIsUnconfirmed_ReturnsNonSuccess(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
@@ -999,7 +975,7 @@ public async Task WhenOrganizationIsUnconfirmed_ReturnsNonSuccess()
                 account.EmailAddress = null;
 
                 // Act
-                var result = await InvokeDeleteMember(controller, account);
+                var result = await InvokeDeleteMember(controller, account, getCurrentUser);
 
                 // Assert
                 Assert.Equal((int)HttpStatusCode.BadRequest, controller.Response.StatusCode);
@@ -1010,15 +986,16 @@ public async Task WhenOrganizationIsUnconfirmed_ReturnsNonSuccess()
                 GetMock<IMessageService>().Verify(s => s.SendOrganizationMemberRemovedNotice(It.IsAny<Organization>(), It.IsAny<User>()), Times.Never);
             }
 
-            [Fact]
-            public async Task WhenEntityException_ReturnsNonSuccess()
+            [Theory]
+            [MemberData(nameof(AllowedCurrentUsers_Data))]
+            public async Task WhenEntityException_ReturnsNonSuccess(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
 
                 // Act
-                var result = await InvokeDeleteMember(controller, account, exception: new EntityException("error"));
+                var result = await InvokeDeleteMember(controller, account, getCurrentUser, exception: new EntityException("error"));
 
                 // Assert
                 Assert.Equal((int)HttpStatusCode.BadRequest, controller.Response.StatusCode);
@@ -1029,15 +1006,16 @@ public async Task WhenEntityException_ReturnsNonSuccess()
                 GetMock<IMessageService>().Verify(s => s.SendOrganizationMemberRemovedNotice(It.IsAny<Organization>(), It.IsAny<User>()), Times.Never);
             }
 
-            [Fact]
-            public async Task WhenDeletingAsAdmin_ReturnsSuccess()
+            [Theory]
+            [MemberData(nameof(AllowedCurrentUsers_Data))]
+            public async Task WhenDeletingAsAdmin_ReturnsSuccess(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
 
                 // Act
-                var result = await InvokeDeleteMember(controller, account);
+                var result = await InvokeDeleteMember(controller, account, getCurrentUser);
 
                 // Assert
                 Assert.Equal(0, controller.Response.StatusCode);
@@ -1056,16 +1034,17 @@ public async Task WhenDeletingSelfAsCollaborator_ReturnsSuccess()
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
-                var collaborator = Fakes.OrganizationCollaborator;
+                Func<Fakes, User> getCollaborator = (Fakes fakes) => fakes.OrganizationCollaborator;
+                var collaborator = getCollaborator(Fakes);
                 controller.SetCurrentUser(collaborator);
 
                 // Act
-                var result = await InvokeDeleteMember(controller, account, memberName: collaborator.Username);
+                var result = await InvokeDeleteMember(controller, account, getCollaborator, memberName: collaborator.Username);
 
                 // Assert
                 Assert.Equal(0, controller.Response.StatusCode);
                 Assert.IsType<JsonResult>(result);
-                Assert.Equal(Strings.DeleteMember_Success, ((JsonResult)result).Data);
+                Assert.Equal(Strings.DeleteMember_Success, (result).Data);
 
                 GetMock<IUserService>().Verify(s => s.DeleteMemberAsync(account, collaborator.Username), Times.Once);
             }
@@ -1073,14 +1052,15 @@ public async Task WhenDeletingSelfAsCollaborator_ReturnsSuccess()
             private Task<JsonResult> InvokeDeleteMember(
                 OrganizationsController controller,
                 Organization account,
+                Func<Fakes, User> getCurrentUser,
                 string memberName = defaultMemberName,
                 EntityException exception = null)
             {
                 // Arrange
-                controller.SetCurrentUser(GetCurrentUser(controller));
+                controller.SetCurrentUser(getCurrentUser(Fakes));
 
                 var userService = GetMock<IUserService>();
-                userService.Setup(u => u.FindByUsername(account.Username))
+                userService.Setup(u => u.FindByUsername(account.Username, false))
                     .Returns(account as User);
                 var setup = userService.Setup(u => u.DeleteMemberAsync(account, memberName));
                 if (exception != null)
@@ -1101,41 +1081,34 @@ public class TheCancelMemberRequestAction : AccountsControllerTestContainer
         {
             private const string defaultMemberName = "member";
 
-            protected override User GetCurrentUser(OrganizationsController controller)
+            public static IEnumerable<object[]> AllowedCurrentUsers_Data
             {
-                return controller.GetCurrentUser() ?? Fakes.OrganizationAdmin;
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesSiteAdmin);
+                    yield return MemberDataHelper.AsData(_getFakesOrganizationAdmin);
+                }
             }
 
-            [Fact]
-            public async Task WhenUserIsCollaborator_ReturnsNonSuccess()
+            public static IEnumerable<object[]> WithNonOrganizationAdmin_ReturnsForbidden_Data
             {
-                // Arrange
-                var controller = GetController();
-                var account = GetAccount(controller);
-                controller.SetCurrentUser(Fakes.OrganizationCollaborator);
-
-                // Act
-                var result = await InvokeCancelMemberRequestMember(controller, account);
-
-                // Assert
-                Assert.Equal((int)HttpStatusCode.Forbidden, controller.Response.StatusCode);
-                Assert.IsType<JsonResult>(result);
-                Assert.Equal(Strings.Unauthorized, result.Data);
-
-                GetMock<IUserService>().Verify(s => s.CancelMembershipRequestAsync(It.IsAny<Organization>(), It.IsAny<string>()), Times.Never);
-                GetMock<IMessageService>().Verify(s => s.SendOrganizationMembershipRequestCancelledNotice(It.IsAny<Organization>(), It.IsAny<User>()), Times.Never);
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesUser);
+                    yield return MemberDataHelper.AsData(_getFakesOrganizationCollaborator);
+                }
             }
 
-            [Fact]
-            public async Task WhenUserIsNotMember_ReturnsNonSuccess()
+            [Theory]
+            [MemberData(nameof(WithNonOrganizationAdmin_ReturnsForbidden_Data))]
+            public async Task WithNonOrganizationAdmin_ReturnsForbidden(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
-                controller.SetCurrentUser(Fakes.User);
 
                 // Act
-                var result = await InvokeCancelMemberRequestMember(controller, account);
+                var result = await InvokeCancelMemberRequestMember(controller, account, getCurrentUser);
 
                 // Assert
                 Assert.Equal((int)HttpStatusCode.Forbidden, controller.Response.StatusCode);
@@ -1146,15 +1119,16 @@ public async Task WhenUserIsNotMember_ReturnsNonSuccess()
                 GetMock<IMessageService>().Verify(s => s.SendOrganizationMembershipRequestCancelledNotice(It.IsAny<Organization>(), It.IsAny<User>()), Times.Never);
             }
 
-            [Fact]
-            public async Task WhenEntityException_ReturnsNonSuccess()
+            [Theory]
+            [MemberData(nameof(AllowedCurrentUsers_Data))]
+            public async Task WhenEntityException_ReturnsNonSuccess(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
 
                 // Act
-                var result = await InvokeCancelMemberRequestMember(controller, account, exception: new EntityException("error"));
+                var result = await InvokeCancelMemberRequestMember(controller, account, getCurrentUser, exception: new EntityException("error"));
 
                 // Assert
                 Assert.Equal((int)HttpStatusCode.BadRequest, controller.Response.StatusCode);
@@ -1165,15 +1139,16 @@ public async Task WhenEntityException_ReturnsNonSuccess()
                 GetMock<IMessageService>().Verify(s => s.SendOrganizationMembershipRequestCancelledNotice(It.IsAny<Organization>(), It.IsAny<User>()), Times.Never);
             }
 
-            [Fact]
-            public async Task WhenSuccess_ReturnsSuccess()
+            [Theory]
+            [MemberData(nameof(AllowedCurrentUsers_Data))]
+            public async Task WhenSuccess_ReturnsSuccess(Func<Fakes, User> getCurrentUser)
             {
                 // Arrange
                 var controller = GetController();
                 var account = GetAccount(controller);
 
                 // Act
-                var result = await InvokeCancelMemberRequestMember(controller, account);
+                var result = await InvokeCancelMemberRequestMember(controller, account, getCurrentUser);
 
                 // Assert
                 Assert.Equal(0, controller.Response.StatusCode);
@@ -1187,14 +1162,15 @@ public async Task WhenSuccess_ReturnsSuccess()
             private Task<JsonResult> InvokeCancelMemberRequestMember(
                 OrganizationsController controller,
                 Organization account,
+                Func<Fakes, User> getCurrentUser,
                 string memberName = defaultMemberName,
                 EntityException exception = null)
             {
                 // Arrange
-                controller.SetCurrentUser(GetCurrentUser(controller));
+                controller.SetCurrentUser(getCurrentUser(Fakes));
 
                 var userService = GetMock<IUserService>();
-                userService.Setup(u => u.FindByUsername(account.Username))
+                userService.Setup(u => u.FindByUsername(account.Username, false))
                     .Returns(account as User);
                 var setup = userService.Setup(u => u.CancelMembershipRequestAsync(account, memberName));
                 if (exception != null)
@@ -1210,5 +1186,809 @@ private Task<JsonResult> InvokeCancelMemberRequestMember(
                 return controller.CancelMemberRequest(account.Username, memberName);
             }
         }
+
+        public abstract class TheDeleteOrganizationBaseAction : TestContainer
+        {
+            public static IEnumerable<object[]> IfNotAdministrator_ReturnsNotFound_Data
+            {
+                get
+                {
+                    yield return MemberDataHelper.AsData(new Func<Fakes, User>(fakes => fakes.User));
+                    yield return MemberDataHelper.AsData(new Func<Fakes, User>(fakes => fakes.Admin));
+                    yield return MemberDataHelper.AsData(new Func<Fakes, User>(fakes => fakes.OrganizationCollaborator));
+                }
+            }
+
+            [Theory]
+            [MemberData(nameof(IfNotAdministrator_ReturnsNotFound_Data))]
+            public async Task IfNotAdministrator_ReturnsNotFound(Func<Fakes, User> getCurrentUser)
+            {
+                // Arrange
+                var controller = GetController<OrganizationsController>();
+                var fakes = Get<Fakes>();
+                var testOrganization = fakes.Organization;
+
+                controller.SetCurrentUser(getCurrentUser(fakes));
+
+                GetMock<IUserService>()
+                    .Setup(stub => stub.FindByUsername(testOrganization.Username, false))
+                    .Returns(testOrganization);
+
+                // Act
+                var result = await Invoke(controller, testOrganization.Username);
+
+                // Assert
+                ResultAssert.IsNotFound(result);
+            }
+
+            protected abstract Task<ActionResult> Invoke(OrganizationsController controller, string username);
+        }
+
+        public class TheDeleteAccountRequestAction : TheDeleteOrganizationBaseAction
+        {
+            [Theory]
+            [InlineData(false)]
+            [InlineData(true)]
+            public async Task IfAdministrator_ShowsViewWithCorrectData(bool withAdditionalMembers)
+            {
+                // Arrange
+                var controller = GetController<OrganizationsController>();
+                var fakes = Get<Fakes>();
+                var testOrganization = fakes.Organization;
+
+                controller.SetCurrentUser(fakes.OrganizationAdmin);
+                PackageRegistration packageRegistration = new PackageRegistration();
+                packageRegistration.Owners.Add(testOrganization);
+
+                if (!withAdditionalMembers)
+                {
+                    testOrganization.Members.Remove(fakes.OrganizationCollaborator.Organizations.Single());
+                }
+
+                Package userPackage = new Package()
+                {
+                    Description = "TestPackage",
+                    Key = 1,
+                    Version = "1.0.0",
+                    PackageRegistration = packageRegistration
+                };
+                packageRegistration.Packages.Add(userPackage);
+
+                List<Package> userPackages = new List<Package>() { userPackage };
+
+                GetMock<IUserService>()
+                    .Setup(stub => stub.FindByUsername(testOrganization.Username, false))
+                    .Returns(testOrganization);
+                GetMock<IPackageService>()
+                    .Setup(stub => stub.FindPackagesByAnyMatchingOwner(testOrganization, It.IsAny<bool>(), false))
+                    .Returns(userPackages);
+
+                // act
+                var result = await Invoke(controller, testOrganization.Username);
+
+                // Assert
+                var model = ResultAssert.IsView<DeleteOrganizationViewModel>(result, "DeleteAccount");
+                Assert.Equal(testOrganization.Username, model.AccountName);
+                Assert.Equal(1, model.Packages.Count());
+                Assert.Equal(true, model.HasOrphanPackages);
+                Assert.Equal(withAdditionalMembers, model.HasAdditionalMembers);
+            }
+
+            protected override Task<ActionResult> Invoke(OrganizationsController controller, string username)
+            {
+                return Task.FromResult(controller.DeleteRequest(username));
+            }
+        }
+
+        public class TheRequestAccountDeletionMethod : TheDeleteOrganizationBaseAction
+        {
+            [Fact]
+            public async Task IfOrphanedPackages_RedirectsToDeleteRequest()
+            {
+                // Arrange
+                var controller = GetController<OrganizationsController>();
+                var fakes = Get<Fakes>();
+                var testOrganization = fakes.OrganizationOwner;
+                controller.SetCurrentUser(fakes.OrganizationOwnerAdmin);
+
+                GetMock<IPackageService>()
+                    .Setup(x => x.FindPackagesByAnyMatchingOwner(testOrganization, true, false))
+                    .Returns(new[] { new Package { Version = "1.0.0", PackageRegistration = new PackageRegistration { Owners = new[] { testOrganization } } } });
+
+                // Act & Assert
+                await RedirectsToDeleteRequest(
+                    controller, 
+                    testOrganization.Username,
+                    "You cannot delete your organization unless you transfer ownership of all of its packages to another account.");
+            }
+
+            [Fact]
+            public async Task IfAdditionalMembers_RedirectsToDeleteRequest()
+            {
+                // Arrange
+                var controller = GetController<OrganizationsController>();
+                var fakes = Get<Fakes>();
+                var testOrganization = fakes.Organization;
+                controller.SetCurrentUser(fakes.OrganizationAdmin);
+
+                // Act & Assert
+                await RedirectsToDeleteRequest(
+                    controller,
+                    testOrganization.Username,
+                    "You cannot delete your organization unless you remove all other members.");
+            }
+
+            [Fact]
+            public async Task IfDeleteFails_RedirectsToDeleteRequest()
+            {
+                // Arrange
+                var controller = GetController<OrganizationsController>();
+                var fakes = Get<Fakes>();
+                var testOrganization = fakes.Organization;
+                var currentUser = fakes.OrganizationAdmin;
+                controller.SetCurrentUser(currentUser);
+
+                testOrganization.Members.Remove(fakes.OrganizationCollaborator.Organizations.Single());
+
+                GetMock<IDeleteAccountService>()
+                    .Setup(x => x.DeleteAccountAsync(testOrganization, currentUser, true, AccountDeletionOrphanPackagePolicy.DoNotAllowOrphans, null))
+                    .Returns(Task.FromResult(new DeleteUserAccountStatus { Success = false }));
+
+                // Act & Assert
+                await RedirectsToDeleteRequest(
+                    controller,
+                    testOrganization.Username,
+                    $"There was an issue deleting your organization '{testOrganization.Username}'. Please contact support for assistance.");
+            }
+
+            [Fact]
+            public async Task IfDeleteSucceeds_RedirectsToManageOrganizations()
+            {
+                // Arrange
+                var controller = GetController<OrganizationsController>();
+                var fakes = Get<Fakes>();
+                var testOrganization = fakes.Organization;
+                var currentUser = fakes.OrganizationAdmin;
+                controller.SetCurrentUser(currentUser);
+
+                testOrganization.Members.Remove(fakes.OrganizationCollaborator.Organizations.Single());
+
+                GetMock<IDeleteAccountService>()
+                    .Setup(x => x.DeleteAccountAsync(testOrganization, currentUser, true, AccountDeletionOrphanPackagePolicy.DoNotAllowOrphans, null))
+                    .Returns(Task.FromResult(new DeleteUserAccountStatus { Success = true }));
+
+                // Act
+                var result = await Invoke(controller, testOrganization.Username);
+
+                // Assert
+                ResultAssert.IsRedirectToRoute(result, new { action = nameof(UsersController.Organizations), controller = "Users" });
+                Assert.Equal($"Your organization, '{testOrganization.Username}', was successfully deleted!", controller.TempData["Message"]);
+            }
+
+            protected override async Task<ActionResult> Invoke(OrganizationsController controller, string username)
+            {
+                return await controller.RequestAccountDeletion(username);
+            }
+
+            private async Task RedirectsToDeleteRequest(OrganizationsController controller, string username, string errorMessage)
+            {
+                var result = await Invoke(controller, username);
+                ResultAssert.IsRedirectToRoute(result, new { action = nameof(OrganizationsController.DeleteRequest) });
+                Assert.Equal(errorMessage, controller.TempData["ErrorMessage"]);
+            }
+        }
+
+        public class TheGetCertificateAction : AccountsControllerTestContainer
+        {
+            private readonly Mock<ICertificateService> _certificateService;
+            private readonly Mock<IUserService> _userService;
+            private readonly OrganizationsController _controller;
+            private readonly Organization _organization;
+            private readonly User _user;
+            private readonly Certificate _certificate;
+
+            public TheGetCertificateAction()
+            {
+                _certificateService = GetMock<ICertificateService>();
+                _userService = GetMock<IUserService>();
+                _controller = GetController<OrganizationsController>();
+                _organization = new Organization()
+                {
+                    Key = 1,
+                    Username = "a"
+                };
+                _user = new User()
+                {
+                    Key = 2,
+                    Username = "b"
+                };
+                _certificate = new Certificate()
+                {
+                    Key = 3,
+                    Sha1Thumbprint = "c",
+                    Thumbprint = "d"
+                };
+
+                _organization.Members.Add(new Membership()
+                {
+                    MemberKey = _user.Key,
+                    Member = _user,
+                    OrganizationKey = _organization.Key,
+                    Organization = _organization,
+                    IsAdmin = true
+                });
+
+                _userService.Setup(x => x.FindByUsername(It.Is<string>(username => username == _organization.Username), false))
+                    .Returns(_organization);
+            }
+
+            [Theory]
+            [InlineData(null)]
+            [InlineData("")]
+            public void GetCertificate_WhenThumbprintIsInvalid_ReturnsBadRequest(string thumbprint)
+            {
+                var response = _controller.GetCertificate(_organization.Username, thumbprint);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.BadRequest, _controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public void GetCertificate_WhenCurrentUserIsNull_ReturnsUnauthorized()
+            {
+                var response = _controller.GetCertificate(_organization.Username, _certificate.Thumbprint);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.Unauthorized, _controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public void GetCertificate_WhenOrganizationIsNotFound_ReturnsNotFound()
+            {
+                _controller.SetCurrentUser(_user);
+
+                var response = _controller.GetCertificate(
+                    accountName: "nonexistent",
+                    thumbprint: _certificate.Thumbprint);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.NotFound, _controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public void GetCertificate_WhenCurrentUserLacksPermission_ReturnsForbidden()
+            {
+                var nonmember = new User()
+                {
+                    Key = 4,
+                    Username = "e"
+                };
+
+                _controller.SetCurrentUser(nonmember);
+
+                var response = _controller.GetCertificate(_organization.Username, _certificate.Thumbprint);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.Forbidden, _controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public void GetCertificate_WhenOrganizationHasNoCertificates_ReturnsOK()
+            {
+                _certificateService.Setup(x => x.GetCertificates(It.Is<User>(u => u == _organization)))
+                    .Returns(Enumerable.Empty<Certificate>());
+                _controller.SetCurrentUser(_user);
+                _controller.OwinContext.AddClaim(NuGetClaims.WasMultiFactorAuthenticated);
+
+                var response = _controller.GetCertificate(_organization.Username, _certificate.Thumbprint);
+
+                Assert.NotNull(response);
+                Assert.Empty((IEnumerable<ListCertificateItemViewModel>)response.Data);
+                Assert.Equal(JsonRequestBehavior.AllowGet, response.JsonRequestBehavior);
+                Assert.Equal((int)HttpStatusCode.OK, _controller.Response.StatusCode);
+
+                _certificateService.VerifyAll();
+            }
+
+            [Fact]
+            public void GetCertificate_WhenOrganizationHasCertificate_ReturnsOK()
+            {
+                _certificateService.Setup(x => x.GetCertificates(It.Is<User>(u => u == _organization)))
+                    .Returns(new[] { _certificate });
+                _controller.SetCurrentUser(_user);
+                _controller.OwinContext.AddClaim(NuGetClaims.WasMultiFactorAuthenticated);
+
+                var response = _controller.GetCertificate(_organization.Username, _certificate.Thumbprint);
+
+                Assert.NotNull(response);
+                Assert.NotEmpty((IEnumerable<ListCertificateItemViewModel>)response.Data);
+
+                var viewModel = ((IEnumerable<ListCertificateItemViewModel>)response.Data).Single();
+
+                Assert.True(viewModel.CanDelete);
+                Assert.Equal($"/organization/{_organization.Username}/certificates/{_certificate.Thumbprint}", viewModel.DeleteUrl);
+                Assert.Equal(_certificate.Sha1Thumbprint, viewModel.Sha1Thumbprint);
+                Assert.Equal(JsonRequestBehavior.AllowGet, response.JsonRequestBehavior);
+                Assert.Equal((int)HttpStatusCode.OK, _controller.Response.StatusCode);
+
+                _certificateService.VerifyAll();
+            }
+
+            [Fact]
+            public void GetCertificate_WhenOrganizationHasCertificateAndCurrentUserIsOrganizationCollaborator_ReturnsOK()
+            {
+                _organization.Members.Single().IsAdmin = false;
+                _certificateService.Setup(x => x.GetCertificates(It.Is<User>(u => u == _organization)))
+                    .Returns(new[] { _certificate });
+                _controller.SetCurrentUser(_user);
+
+                var response = _controller.GetCertificate(_organization.Username, _certificate.Thumbprint);
+
+                Assert.NotNull(response);
+                Assert.NotEmpty((IEnumerable<ListCertificateItemViewModel>)response.Data);
+
+                var viewModel = ((IEnumerable<ListCertificateItemViewModel>)response.Data).Single();
+
+                Assert.False(viewModel.CanDelete);
+                Assert.Null(viewModel.DeleteUrl);
+                Assert.Equal(_certificate.Sha1Thumbprint, viewModel.Sha1Thumbprint);
+                Assert.Equal(JsonRequestBehavior.AllowGet, response.JsonRequestBehavior);
+                Assert.Equal((int)HttpStatusCode.OK, _controller.Response.StatusCode);
+
+                _certificateService.VerifyAll();
+            }
+        }
+
+        public class TheGetCertificatesAction : AccountsControllerTestContainer
+        {
+            private readonly Mock<ICertificateService> _certificateService;
+            private readonly Mock<IUserService> _userService;
+            private readonly OrganizationsController _controller;
+            private readonly Organization _organization;
+            private readonly User _user;
+            private readonly Certificate _certificate;
+
+            public TheGetCertificatesAction()
+            {
+                _certificateService = GetMock<ICertificateService>();
+                _userService = GetMock<IUserService>();
+                _controller = GetController<OrganizationsController>();
+                _organization = new Organization()
+                {
+                    Key = 1,
+                    Username = "a"
+                };
+                _user = new User()
+                {
+                    Key = 2,
+                    Username = "b"
+                };
+                _certificate = new Certificate()
+                {
+                    Key = 3,
+                    Sha1Thumbprint = "c",
+                    Thumbprint = "d"
+                };
+
+                _organization.Members.Add(new Membership()
+                {
+                    MemberKey = _user.Key,
+                    Member = _user,
+                    OrganizationKey = _organization.Key,
+                    Organization = _organization,
+                    IsAdmin = true
+                });
+
+                _userService.Setup(x => x.FindByUsername(It.Is<string>(username => username == _organization.Username), false))
+                    .Returns(_organization);
+            }
+
+            [Fact]
+            public void GetCertificates_WhenCurrentUserIsNull_ReturnsUnauthorized()
+            {
+                var response = _controller.GetCertificates(_organization.Username);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.Unauthorized, _controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public void GetCertificates_WhenOrganizationIsNotFound_ReturnsNotFound()
+            {
+                _controller.SetCurrentUser(_user);
+
+                var response = _controller.GetCertificates(accountName: "nonexistent");
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.NotFound, _controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public void GetCertificates_WhenCurrentUserLacksPermission_ReturnsForbidden()
+            {
+                var nonmember = new User()
+                {
+                    Key = 4,
+                    Username = "e"
+                };
+
+                _controller.SetCurrentUser(nonmember);
+
+                var response = _controller.GetCertificates(_organization.Username);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.Forbidden, _controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public void GetCertificates_WhenOrganizationHasNoCertificates_ReturnsOK()
+            {
+                _certificateService.Setup(x => x.GetCertificates(It.Is<User>(u => u == _organization)))
+                    .Returns(Enumerable.Empty<Certificate>());
+                _controller.SetCurrentUser(_user);
+                _controller.OwinContext.AddClaim(NuGetClaims.WasMultiFactorAuthenticated);
+
+                var response = _controller.GetCertificates(_organization.Username);
+
+                Assert.NotNull(response);
+                Assert.Empty((IEnumerable<ListCertificateItemViewModel>)response.Data);
+                Assert.Equal(JsonRequestBehavior.AllowGet, response.JsonRequestBehavior);
+                Assert.Equal((int)HttpStatusCode.OK, _controller.Response.StatusCode);
+
+                _certificateService.VerifyAll();
+            }
+
+            [Fact]
+            public void GetCertificates_WhenOrganizationHasCertificate_ReturnsOK()
+            {
+                _certificateService.Setup(x => x.GetCertificates(It.Is<User>(u => u == _organization)))
+                    .Returns(new[] { _certificate });
+                _controller.SetCurrentUser(_user);
+                _controller.OwinContext.AddClaim(NuGetClaims.WasMultiFactorAuthenticated);
+
+                var response = _controller.GetCertificates(_organization.Username);
+
+                Assert.NotNull(response);
+                Assert.NotEmpty((IEnumerable<ListCertificateItemViewModel>)response.Data);
+
+                var viewModel = ((IEnumerable<ListCertificateItemViewModel>)response.Data).Single();
+
+                Assert.True(viewModel.CanDelete);
+                Assert.Equal($"/organization/{_organization.Username}/certificates/{_certificate.Thumbprint}", viewModel.DeleteUrl);
+                Assert.Equal(_certificate.Sha1Thumbprint, viewModel.Sha1Thumbprint);
+                Assert.Equal(JsonRequestBehavior.AllowGet, response.JsonRequestBehavior);
+                Assert.Equal((int)HttpStatusCode.OK, _controller.Response.StatusCode);
+
+                _certificateService.VerifyAll();
+            }
+
+            [Fact]
+            public void GetCertificates_WhenOrganizationHasCertificateAndCurrentUserIsOrganizationCollaborator_ReturnsOK()
+            {
+                _organization.Members.Single().IsAdmin = false;
+                _certificateService.Setup(x => x.GetCertificates(It.Is<User>(u => u == _organization)))
+                    .Returns(new[] { _certificate });
+                _controller.SetCurrentUser(_user);
+
+                var response = _controller.GetCertificates(_organization.Username);
+
+                Assert.NotNull(response);
+                Assert.NotEmpty((IEnumerable<ListCertificateItemViewModel>)response.Data);
+
+                var viewModel = ((IEnumerable<ListCertificateItemViewModel>)response.Data).Single();
+
+                Assert.False(viewModel.CanDelete);
+                Assert.Null(viewModel.DeleteUrl);
+                Assert.Equal(_certificate.Sha1Thumbprint, viewModel.Sha1Thumbprint);
+                Assert.Equal(JsonRequestBehavior.AllowGet, response.JsonRequestBehavior);
+                Assert.Equal((int)HttpStatusCode.OK, _controller.Response.StatusCode);
+
+                _certificateService.VerifyAll();
+            }
+        }
+
+        public class TheAddCertificateAction : AccountsControllerTestContainer
+        {
+            private readonly Mock<ICertificateService> _certificateService;
+            private readonly Mock<ISecurityPolicyService> _securityPolicyService;
+            private readonly Mock<IUserService> _userService;
+            private readonly OrganizationsController _controller;
+            private readonly Mock<IPackageService> _packageService;
+            private readonly Organization _organization;
+            private readonly User _user;
+            private readonly Certificate _certificate;
+
+            public TheAddCertificateAction()
+            {
+                _certificateService = GetMock<ICertificateService>();
+                _securityPolicyService = GetMock<ISecurityPolicyService>();
+                _userService = GetMock<IUserService>();
+                _packageService = GetMock<IPackageService>();
+                _controller = GetController<OrganizationsController>();
+                _organization = new Organization()
+                {
+                    Key = 1,
+                    Username = "a"
+                };
+                _user = new User()
+                {
+                    Key = 2,
+                    Username = "b"
+                };
+                _certificate = new Certificate()
+                {
+                    Key = 3,
+                    Sha1Thumbprint = "c",
+                    Thumbprint = "d"
+                };
+
+                _organization.Members.Add(new Membership()
+                {
+                    MemberKey = _user.Key,
+                    Member = _user,
+                    OrganizationKey = _organization.Key,
+                    Organization = _organization,
+                    IsAdmin = true
+                });
+
+                _userService.Setup(x => x.FindByUsername(It.Is<string>(username => username == _organization.Username), false))
+                    .Returns(_organization);
+            }
+
+            [Fact]
+            public void AddCertificate_WhenCurrentUserIsNull_ReturnsUnauthorized()
+            {
+                var uploadFile = new StubHttpPostedFile(contentLength: 0, fileName: "a.cer", inputStream: Stream.Null);
+                var response = _controller.AddCertificate(_organization.Username, uploadFile);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.Unauthorized, _controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public void AddCertificate_WhenOrganizationIsNotFound_ReturnsNotFound()
+            {
+                var uploadFile = GetUploadFile();
+
+                _controller.SetCurrentUser(_user);
+
+                var response = _controller.AddCertificate(accountName: "nonexistent", uploadFile: uploadFile);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.NotFound, _controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public void AddCertificate_WhenCurrentUserLacksPermission_ReturnsForbidden()
+            {
+                var uploadFile = GetUploadFile();
+                var nonmember = new User()
+                {
+                    Key = 4,
+                    Username = "e"
+                };
+
+                _controller.SetCurrentUser(nonmember);
+
+                var response = _controller.AddCertificate(_organization.Username, uploadFile);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.Forbidden, _controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public void AddCertificate_WhenCurrentUserIsNotMultiFactorAuthenticated_ReturnsForbidden()
+            {
+                var uploadFile = GetUploadFile();
+
+                _controller.SetCurrentUser(_user);
+
+                var response = _controller.AddCertificate(_organization.Username, uploadFile);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.Forbidden, _controller.Response.StatusCode);
+
+                _certificateService.VerifyAll();
+            }
+
+            [Fact]
+            public void AddCertificate_WhenUploadFileIsNull_ReturnsBadRequest()
+            {
+                _controller.SetCurrentUser(_user);
+
+                var response = _controller.AddCertificate(_organization.Username, uploadFile: null);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.BadRequest, _controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public void AddCertificate_WhenUploadFileIsValid_ReturnsCreated()
+            {
+                var uploadFile = GetUploadFile();
+
+                _certificateService.Setup(x => x.AddCertificateAsync(
+                        It.Is<HttpPostedFileBase>(file => ReferenceEquals(file, uploadFile))))
+                    .ReturnsAsync(_certificate);
+                _certificateService.Setup(x => x.ActivateCertificateAsync(
+                        It.Is<string>(thumbprint => thumbprint == _certificate.Thumbprint),
+                        It.Is<User>(user => user == _organization)))
+                    .Returns(Task.CompletedTask);
+
+                _controller.SetCurrentUser(_user);
+                _controller.OwinContext.AddClaim(NuGetClaims.WasMultiFactorAuthenticated);
+
+                var response = _controller.AddCertificate(_organization.Username, uploadFile);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.Created, _controller.Response.StatusCode);
+
+                _certificateService.VerifyAll();
+            }
+
+            [Fact]
+            public void AddCertificate_WhenUserIsSubscribedToAutomaticallyOverwriteRequiredSignerPolicy_ReturnsCreated()
+            {
+                var uploadFile = GetUploadFile();
+
+                _certificateService.Setup(x => x.AddCertificateAsync(
+                        It.Is<HttpPostedFileBase>(file => ReferenceEquals(file, uploadFile))))
+                    .ReturnsAsync(_certificate);
+                _certificateService.Setup(x => x.ActivateCertificateAsync(
+                        It.Is<string>(thumbprint => thumbprint == _certificate.Thumbprint),
+                        It.Is<User>(user => user == _organization)))
+                    .Returns(Task.CompletedTask);
+                _certificateService.Setup(x => x.GetCertificates(
+                        It.Is<User>(user => user == _organization)))
+                    .Returns(new[] { _certificate });
+                _securityPolicyService.Setup(x => x.IsSubscribed(
+                        It.Is<User>(user => user == _organization),
+                        It.Is<string>(policyName => policyName == AutomaticallyOverwriteRequiredSignerPolicy.PolicyName)))
+                    .Returns(true);
+                _packageService.Setup(x => x.SetRequiredSignerAsync(It.Is<User>(user => user == _user)))
+                    .Returns(Task.CompletedTask);
+
+                _controller.SetCurrentUser(_user);
+                _controller.OwinContext.AddClaim(NuGetClaims.WasMultiFactorAuthenticated);
+                _controller.OwinContext.AddClaim(NuGetClaims.WasMultiFactorAuthenticated);
+
+                var response = _controller.AddCertificate(_organization.Username, uploadFile);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.Created, _controller.Response.StatusCode);
+
+                _certificateService.VerifyAll();
+                _securityPolicyService.VerifyAll();
+                _packageService.Verify(x => x.SetRequiredSignerAsync(_organization), Times.Once);
+            }
+
+            private static StubHttpPostedFile GetUploadFile()
+            {
+                var bytes = Encoding.UTF8.GetBytes("certificate");
+                var stream = new MemoryStream(bytes);
+
+                return new StubHttpPostedFile((int)stream.Length, "certificate.cer", stream);
+            }
+        }
+
+        public class TheDeleteCertificateAction : AccountsControllerTestContainer
+        {
+            private readonly Mock<ICertificateService> _certificateService;
+            private readonly Mock<IUserService> _userService;
+            private readonly OrganizationsController _controller;
+            private readonly Organization _organization;
+            private readonly User _user;
+            private readonly Certificate _certificate;
+
+            public TheDeleteCertificateAction()
+            {
+                _certificateService = GetMock<ICertificateService>();
+                _userService = GetMock<IUserService>();
+                _controller = GetController<OrganizationsController>();
+                _organization = new Organization()
+                {
+                    Key = 1,
+                    Username = "a"
+                };
+                _user = new User()
+                {
+                    Key = 2,
+                    Username = "b"
+                };
+                _certificate = new Certificate()
+                {
+                    Key = 3,
+                    Sha1Thumbprint = "c",
+                    Thumbprint = "d"
+                };
+
+                _organization.Members.Add(new Membership()
+                {
+                    MemberKey = _user.Key,
+                    Member = _user,
+                    OrganizationKey = _organization.Key,
+                    Organization = _organization,
+                    IsAdmin = true
+                });
+
+                _userService.Setup(x => x.FindByUsername(It.Is<string>(username => username == _organization.Username), false))
+                    .Returns(_organization);
+            }
+
+            [Theory]
+            [InlineData(null)]
+            [InlineData("")]
+            public void DeleteCertificate_WhenThumbprintIsInvalid_ReturnsBadRequest(string thumbprint)
+            {
+                var response = _controller.DeleteCertificate(_organization.Username, thumbprint);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.BadRequest, _controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public void DeleteCertificate_WhenCurrentUserIsNull_ReturnsUnauthorized()
+            {
+                var response = _controller.DeleteCertificate(_organization.Username, _certificate.Thumbprint);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.Unauthorized, _controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public void DeleteCertificate_WhenOrganizationIsNotFound_ReturnsNotFound()
+            {
+                _controller.SetCurrentUser(_user);
+
+                var response = _controller.DeleteCertificate(accountName: "nonexistent", thumbprint: _certificate.Thumbprint);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.NotFound, _controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public void DeleteCertificate_WhenCurrentUserLacksPermission_ReturnsForbidden()
+            {
+                var nonmember = new User()
+                {
+                    Key = 4,
+                    Username = "e"
+                };
+
+                _controller.SetCurrentUser(nonmember);
+
+                var response = _controller.DeleteCertificate(_organization.Username, _certificate.Thumbprint);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.Forbidden, _controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public void DeleteCertificate_WhenCurrentUserIsNotMultiFactorAuthenticated_ReturnsForbidden()
+            {
+                _controller.SetCurrentUser(_user);
+
+                var response = _controller.DeleteCertificate(_organization.Username, _certificate.Thumbprint);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.Forbidden, _controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public void DeleteCertificate_WithValidThumbprint_ReturnsOK()
+            {
+                _certificateService.Setup(x => x.DeactivateCertificateAsync(
+                        It.Is<string>(thumbprint => thumbprint == _certificate.Thumbprint),
+                        It.Is<User>(user => user == _organization)))
+                    .Returns(Task.CompletedTask);
+                _controller.SetCurrentUser(_user);
+                _controller.OwinContext.AddClaim(NuGetClaims.WasMultiFactorAuthenticated);
+
+                var response = _controller.DeleteCertificate(_organization.Username, _certificate.Thumbprint);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.OK, _controller.Response.StatusCode);
+            }
+        }
     }
 }
\ No newline at end of file
diff --git a/tests/NuGetGallery.Facts/Controllers/PackagesControllerFacts.cs b/tests/NuGetGallery.Facts/Controllers/PackagesControllerFacts.cs
index dce041e469..b2eca3de85 100644
--- a/tests/NuGetGallery.Facts/Controllers/PackagesControllerFacts.cs
+++ b/tests/NuGetGallery.Facts/Controllers/PackagesControllerFacts.cs
@@ -3,11 +3,13 @@
 
 using System;
 using System.Collections.Generic;
+using System.Globalization;
 using System.IO;
 using System.Linq;
 using System.Linq.Expressions;
 using System.Net;
 using System.Net.Mail;
+using System.Text;
 using System.Threading.Tasks;
 using System.Web;
 using System.Web.Mvc;
@@ -21,14 +23,13 @@
 using NuGetGallery.Areas.Admin.Models;
 using NuGetGallery.AsyncFileUpload;
 using NuGetGallery.Auditing;
+using NuGetGallery.Authentication;
 using NuGetGallery.Configuration;
 using NuGetGallery.Framework;
 using NuGetGallery.Helpers;
 using NuGetGallery.Packaging;
 using NuGetGallery.Security;
 using Xunit;
-using System.Globalization;
-using System.Text;
 
 namespace NuGetGallery
 {
@@ -767,7 +768,7 @@ public async Task WithIdentityNotMatchingUserInRequestReturnsNotYourRequest(Invo
                 var currentUser = new User { Username = "userB", Key = _key++ };
 
                 var userService = new Mock<IUserService>();
-                userService.Setup(x => x.FindByUsername(requestedUser.Username)).Returns(requestedUser);
+                userService.Setup(x => x.FindByUsername(requestedUser.Username, false)).Returns(requestedUser);
 
                 var controller = CreateController(GetConfigurationService(), userService: userService);
                 controller.SetCurrentUser(currentUser);
@@ -806,7 +807,7 @@ private async Task ReturnsNotYourRequest(User currentUser, User owner, InvokeOwn
                 packageService.Setup(p => p.FindPackageRegistrationById(package.Id)).Returns(package);
 
                 var userService = new Mock<IUserService>();
-                userService.Setup(x => x.FindByUsername(owner.Username)).Returns(owner);
+                userService.Setup(x => x.FindByUsername(owner.Username, false)).Returns(owner);
 
                 var controller = CreateController(
                     GetConfigurationService(),
@@ -833,7 +834,7 @@ public async Task WithNonExistentPackageIdReturnsHttpNotFound(InvokeOwnershipReq
                 var currentUser = new User { Username = "username", Key = _key++ };
 
                 var userService = new Mock<IUserService>();
-                userService.Setup(x => x.FindByUsername(currentUser.Username)).Returns(currentUser);
+                userService.Setup(x => x.FindByUsername(currentUser.Username, false)).Returns(currentUser);
 
                 var controller = CreateController(GetConfigurationService(), userService: userService);
                 controller.SetCurrentUser(currentUser);
@@ -857,7 +858,7 @@ public async Task WithOwnerReturnsAlreadyOwnerResult(InvokeOwnershipRequest invo
                 var packageService = new Mock<IPackageService>();
                 packageService.Setup(p => p.FindPackageRegistrationById(package.Id)).Returns(package);
                 var userService = new Mock<IUserService>();
-                userService.Setup(x => x.FindByUsername(user.Username)).Returns(user);
+                userService.Setup(x => x.FindByUsername(user.Username, false)).Returns(user);
                 var packageOwnershipManagementService = new Mock<IPackageOwnershipManagementService>();
                 var controller = CreateController(
                     GetConfigurationService(),
@@ -984,7 +985,7 @@ public async Task ReturnsSuccessIfTokenIsValid(
                 var messageService = new Mock<IMessageService>();
 
                 var userService = new Mock<IUserService>();
-                userService.Setup(x => x.FindByUsername(newOwner.Username)).Returns(newOwner);
+                userService.Setup(x => x.FindByUsername(newOwner.Username, false)).Returns(newOwner);
 
                 var controller = CreateController(
                     GetConfigurationService(),
@@ -1106,8 +1107,8 @@ public async Task WithNonExistentPackageOwnershipRequestReturnsHttpNotFound(User
                     var userB = new User { Username = userBName };
 
                     var userService = new Mock<IUserService>();
-                    userService.Setup(u => u.FindByUsername(userAName)).Returns(userA);
-                    userService.Setup(u => u.FindByUsername(userBName)).Returns(userB);
+                    userService.Setup(u => u.FindByUsername(userAName, false)).Returns(userA);
+                    userService.Setup(u => u.FindByUsername(userBName, false)).Returns(userB);
 
                     var controller = CreateController(
                         GetConfigurationService(),
@@ -1140,8 +1141,8 @@ public async Task ReturnsCancelledIfPackageOwnershipRequestExists(User currentUs
                     packageService.Setup(p => p.FindPackageRegistrationById(packageId)).Returns(package);
 
                     var userService = new Mock<IUserService>();
-                    userService.Setup(u => u.FindByUsername(userAName)).Returns(userA);
-                    userService.Setup(u => u.FindByUsername(userBName)).Returns(userB);
+                    userService.Setup(u => u.FindByUsername(userAName, false)).Returns(userA);
+                    userService.Setup(u => u.FindByUsername(userBName, false)).Returns(userB);
 
                     var request = new PackageOwnerRequest() { RequestingOwner = userA, NewOwner = userB };
                     var packageOwnershipManagementRequestService = new Mock<IPackageOwnershipManagementService>();
@@ -3310,7 +3311,7 @@ public async Task WillRedirectToVerifyPackageActionWhenThereIsAlreadyAnUploadInP
                     fakeUploadFileService.Setup(x => x.SaveUploadFileAsync(It.IsAny<int>(), It.IsAny<Stream>())).Returns(Task.FromResult(0));
 
                     var fakeUserService = new Mock<IUserService>();
-                    fakeUserService.Setup(x => x.FindByUsername(currentUser.Username)).Returns(currentUser);
+                    fakeUserService.Setup(x => x.FindByUsername(currentUser.Username, false)).Returns(currentUser);
 
                     var controller = CreateController(
                         GetConfigurationService(),
@@ -3356,7 +3357,7 @@ public async Task WillRedirectToVerifyPackageActionWhenThereIsAlreadyAnUploadInP
                     fakeUploadFileService.Setup(x => x.SaveUploadFileAsync(It.IsAny<int>(), It.IsAny<Stream>())).Returns(Task.FromResult(0));
 
                     var fakeUserService = new Mock<IUserService>();
-                    fakeUserService.Setup(x => x.FindByUsername(currentUser.Username)).Returns(currentUser);
+                    fakeUserService.Setup(x => x.FindByUsername(currentUser.Username, false)).Returns(currentUser);
 
                     var fakeReservedNamespaceService = new Mock<IReservedNamespaceService>();
                     fakeReservedNamespaceService
@@ -3415,7 +3416,7 @@ public async Task WillRedirectToVerifyPackageActionWhenThereIsAlreadyAnUploadInP
                     .Returns(new PackageRegistration { Id = packageId, Owners = new[] { existingPackageOwner } });
 
                 var fakeUserService = new Mock<IUserService>();
-                fakeUserService.Setup(x => x.FindByUsername(currentUser.Username)).Returns(currentUser);
+                fakeUserService.Setup(x => x.FindByUsername(currentUser.Username, false)).Returns(currentUser);
 
                 var controller = CreateController(
                     GetConfigurationService(),
@@ -3866,7 +3867,7 @@ public async Task WillRedirectToVerifyPackageActionAfterSaving()
                 fakeUploadFileService.Setup(x => x.SaveUploadFileAsync(TestUtility.FakeUser.Key, It.IsAny<Stream>())).Returns(Task.FromResult(0));
 
                 var fakeUserService = new Mock<IUserService>();
-                fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username)).Returns(TestUtility.FakeUser);
+                fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username, false)).Returns(TestUtility.FakeUser);
 
                 var controller = CreateController(
                     GetConfigurationService(),
@@ -3949,7 +3950,7 @@ public async Task WillReturnConflictIfCommittingReturnsConflict()
                     var fakeNuGetPackage = TestPackage.CreateTestPackageStream("theId", "1.0.0");
 
                     var fakeUserService = new Mock<IUserService>();
-                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username)).Returns(TestUtility.FakeUser);
+                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username, false)).Returns(TestUtility.FakeUser);
 
                     var controller = CreateController(
                         GetConfigurationService(),
@@ -4019,7 +4020,7 @@ public async Task WillThrowIfOwnerNotValid()
 
                     var fakeUserService = new Mock<IUserService>();
                     var owner = new User { Key = 999, Username = "invalidOwner" };
-                    fakeUserService.Setup(x => x.FindByUsername(owner.Username)).Returns(owner);
+                    fakeUserService.Setup(x => x.FindByUsername(owner.Username, false)).Returns(owner);
 
                     var controller = CreateController(
                         GetConfigurationService(),
@@ -4066,7 +4067,7 @@ public async Task DoesNotThrowForAnyPackageCommitResult(PackageCommitResult comm
                     var fakeNuGetPackage = TestPackage.CreateTestPackageStream("theId", "1.0.0");
 
                     var fakeUserService = new Mock<IUserService>();
-                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username)).Returns(TestUtility.FakeUser);
+                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username, false)).Returns(TestUtility.FakeUser);
 
                     var controller = CreateController(
                         GetConfigurationService(),
@@ -4291,7 +4292,7 @@ private async Task VerifyCreateThePackage(User currentUser, User ownerInForm, bo
                     fakeReservedNamespaceService.Setup(x => x.GetReservedNamespacesForId(packageId)).Returns(matchingReservedNamespaces.ToList().AsReadOnly());
 
                     var fakeUserService = new Mock<IUserService>();
-                    fakeUserService.Setup(x => x.FindByUsername(ownerInForm.Username)).Returns(ownerInForm);
+                    fakeUserService.Setup(x => x.FindByUsername(ownerInForm.Username, false)).Returns(ownerInForm);
 
                     var controller = CreateController(
                         GetConfigurationService(),
@@ -4355,7 +4356,7 @@ public async Task WillUpdateIndexingService()
                     fakeIndexingService.Setup(f => f.UpdateIndex()).Verifiable();
 
                     var fakeUserService = new Mock<IUserService>();
-                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username)).Returns(TestUtility.FakeUser);
+                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username, false)).Returns(TestUtility.FakeUser);
 
                     var controller = CreateController(
                         GetConfigurationService(),
@@ -4407,7 +4408,7 @@ public async Task WillNotCommitChangesToPackageService()
                     var fakeNuGetPackage = TestPackage.CreateTestPackageStream("theId", "1.0.0");
 
                     var fakeUserService = new Mock<IUserService>();
-                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username)).Returns(TestUtility.FakeUser);
+                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username, false)).Returns(TestUtility.FakeUser);
 
                     var controller = CreateController(
                         GetConfigurationService(),
@@ -4448,7 +4449,7 @@ public async Task WillPublishThePackage()
                     var fakeNuGetPackage = TestPackage.CreateTestPackageStream("theId", "1.0.0");
 
                     var fakeUserService = new Mock<IUserService>();
-                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username)).Returns(TestUtility.FakeUser);
+                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username, false)).Returns(TestUtility.FakeUser);
 
                     var controller = CreateController(
                         GetConfigurationService(),
@@ -4486,7 +4487,7 @@ public async Task WillMarkThePackageUnlistedWhenListedArgumentIsFalse()
                     var fakeNuGetPackage = TestPackage.CreateTestPackageStream("theId", "1.0.0");
 
                     var fakeUserService = new Mock<IUserService>();
-                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username)).Returns(TestUtility.FakeUser);
+                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username, false)).Returns(TestUtility.FakeUser);
 
                     var controller = CreateController(
                         GetConfigurationService(),
@@ -4527,7 +4528,7 @@ public async Task WillNotMarkThePackageUnlistedWhenListedArgumentIsNullorTrue(bo
                     var fakeNuGetPackage = TestPackage.CreateTestPackageStream("theId", "1.0.0");
 
                     var fakeUserService = new Mock<IUserService>();
-                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username)).Returns(TestUtility.FakeUser);
+                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username, false)).Returns(TestUtility.FakeUser);
 
                     var controller = CreateController(
                         GetConfigurationService(),
@@ -4564,7 +4565,7 @@ public async Task WillDeleteTheUploadFile()
                     var fakeNuGetPackage = TestPackage.CreateTestPackageStream("theId", "1.0.0");
 
                     var fakeUserService = new Mock<IUserService>();
-                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username)).Returns(TestUtility.FakeUser);
+                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username, false)).Returns(TestUtility.FakeUser);
 
                     var controller = CreateController(
                         GetConfigurationService(),
@@ -4601,7 +4602,7 @@ public async Task WillSetAFlashMessage()
                     var fakeNuGetPackage = TestPackage.CreateTestPackageStream("theId", "1.0.0");
 
                     var fakeUserService = new Mock<IUserService>();
-                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username)).Returns(TestUtility.FakeUser);
+                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username, false)).Returns(TestUtility.FakeUser);
 
                     var controller = CreateController(
                         GetConfigurationService(),
@@ -4637,7 +4638,7 @@ public async Task WillRedirectToPackagePage()
                     var fakeNuGetPackage = TestPackage.CreateTestPackageStream("theId", "1.0.0");
 
                     var fakeUserService = new Mock<IUserService>();
-                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username)).Returns(TestUtility.FakeUser);
+                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username, false)).Returns(TestUtility.FakeUser);
 
                     var controller = CreateController(
                         GetConfigurationService(),
@@ -4679,7 +4680,7 @@ public async Task WillCurateThePackage()
                     var fakeNuGetPackage = TestPackage.CreateTestPackageStream("theId", "1.0.0");
 
                     var fakeUserService = new Mock<IUserService>();
-                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username)).Returns(TestUtility.FakeUser);
+                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username, false)).Returns(TestUtility.FakeUser);
 
                     var fakeAutoCuratePackageCmd = new Mock<IAutomaticallyCuratePackageCommand>();
                     var controller = CreateController(
@@ -4719,7 +4720,7 @@ public async Task WritesAnAuditRecord()
                     var fakeNuGetPackage = TestPackage.CreateTestPackageStream("theId", "1.0.0");
 
                     var fakeUserService = new Mock<IUserService>();
-                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username)).Returns(TestUtility.FakeUser);
+                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username, false)).Returns(TestUtility.FakeUser);
 
                     var auditingService = new TestAuditingService();
 
@@ -4779,7 +4780,7 @@ public async Task WillNotCommitChangesToReadMeService()
                     var fakeTelemetryService = new Mock<ITelemetryService>();
 
                     var fakeUserService = new Mock<IUserService>();
-                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username)).Returns(TestUtility.FakeUser);
+                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username, false)).Returns(TestUtility.FakeUser);
 
                     var fakeReadMeService = new Mock<IReadMeService>();
 
@@ -4845,7 +4846,7 @@ public async Task WillSendPackagePublishedEvent()
                     var fakeTelemetryService = new Mock<ITelemetryService>();
 
                     var fakeUserService = new Mock<IUserService>();
-                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username)).Returns(TestUtility.FakeUser);
+                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username, false)).Returns(TestUtility.FakeUser);
 
                     var controller = CreateController(
                         GetConfigurationService(),
@@ -4898,7 +4899,7 @@ public async Task WillSendPackageAddedNotice(bool asyncValidationEnabled, bool b
                     var fakeMessageService = new Mock<IMessageService>();
 
                     var fakeUserService = new Mock<IUserService>();
-                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username)).Returns(TestUtility.FakeUser);
+                    fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username, false)).Returns(TestUtility.FakeUser);
 
                     var controller = CreateController(
                         configurationService,
@@ -4959,7 +4960,7 @@ public async Task WillApplyReadMeForWrittenReadMeData(EditPackageVersionReadMeRe
                 fakePackageFileService.Setup(x => x.SaveReadMeMdFileAsync(fakePackage, It.IsAny<string>())).Returns(Task.CompletedTask);
 
                 var fakeUserService = new Mock<IUserService>();
-                fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username)).Returns(TestUtility.FakeUser);
+                fakeUserService.Setup(x => x.FindByUsername(TestUtility.FakeUser.Username, false)).Returns(TestUtility.FakeUser);
 
                 var controller = CreateController(
                     GetConfigurationService(),
@@ -5249,5 +5250,171 @@ public async Task ReturnsNotFoundForUnknownPackage()
                 Assert.IsType<HttpNotFoundResult>(result);
             }
         }
+
+        public class TheSetRequiredSignerMethod : TestContainer
+        {
+            private readonly PackageRegistration _packageRegistration;
+            private readonly User _signer;
+
+            public TheSetRequiredSignerMethod()
+            {
+                _packageRegistration = new PackageRegistration()
+                {
+                    Key = 1,
+                    Id = "a"
+                };
+                _signer = new User()
+                {
+                    Key = 2,
+                    Username = "b"
+                };
+            }
+
+            [Fact]
+            public async Task WhenPackageRegistrationNotFound_ReturnsNotFound()
+            {
+                var packageService = new Mock<IPackageService>();
+                var controller = CreateController(
+                    GetConfigurationService(),
+                    packageService: packageService);
+
+                packageService.Setup(x => x.FindPackageRegistrationById(It.IsAny<string>()))
+                    .Returns<PackageRegistration>(null);
+
+                var result = await controller.SetRequiredSigner(_packageRegistration.Id, _signer.Username);
+
+                Assert.NotNull(result);
+                Assert.Equal((int)HttpStatusCode.NotFound, controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public async Task WhenSignerNotFound_ReturnsNotFound()
+            {
+                var packageService = new Mock<IPackageService>();
+                var userService = new Mock<IUserService>();
+                var controller = CreateController(
+                    GetConfigurationService(),
+                    packageService: packageService,
+                    userService: userService);
+
+                var currentUser = new User()
+                {
+                    Key = 3,
+                    Username = "c"
+                };
+
+                _packageRegistration.Owners.Add(currentUser);
+
+                packageService.Setup(x => x.FindPackageRegistrationById(
+                        It.Is<string>(id => id == _packageRegistration.Id)))
+                    .Returns(_packageRegistration);
+                userService.Setup(x => x.FindByUsername(It.Is<string>(username => username == _signer.Username), false))
+                    .Returns<User>(null);
+
+                controller.SetCurrentUser(currentUser);
+                controller.OwinContext.AddClaim(NuGetClaims.WasMultiFactorAuthenticated);
+
+                var result = await controller.SetRequiredSigner(_packageRegistration.Id, _signer.Username);
+
+                Assert.NotNull(result);
+                Assert.Equal((int)HttpStatusCode.NotFound, controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public async Task WhenCurrentUserIsNotAuthenticated_ReturnsForbidden()
+            {
+                var packageService = new Mock<IPackageService>();
+                var controller = CreateController(
+                    GetConfigurationService(),
+                    packageService: packageService);
+
+                _packageRegistration.Owners.Add(_signer);
+
+                packageService.Setup(x => x.FindPackageRegistrationById(
+                        It.Is<string>(id => id == _packageRegistration.Id)))
+                    .Returns(_packageRegistration);
+
+                var result = await controller.SetRequiredSigner(_packageRegistration.Id, _signer.Username);
+
+                Assert.NotNull(result);
+                Assert.Equal((int)HttpStatusCode.Forbidden, controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public async Task WhenCurrentUserIsNotMultiFactorAuthenticated_ReturnsForbidden()
+            {
+                var packageService = new Mock<IPackageService>();
+                var userService = new Mock<IUserService>();
+                var controller = CreateController(
+                    GetConfigurationService(),
+                    packageService: packageService,
+                    userService: userService);
+
+                packageService.Setup(x => x.FindPackageRegistrationById(
+                        It.Is<string>(id => id == _packageRegistration.Id)))
+                    .Returns(_packageRegistration);
+                userService.Setup(x => x.FindByUsername(It.Is<string>(username => username == _signer.Username), false))
+                    .Returns(_signer);
+
+                _packageRegistration.Owners.Add(_signer);
+                controller.SetCurrentUser(_signer);
+
+                var result = await controller.SetRequiredSigner(_packageRegistration.Id, _signer.Username);
+
+                Assert.NotNull(result);
+                Assert.Equal((int)HttpStatusCode.Forbidden, controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public async Task WhenCurrentUserIsNotPackageOwner_ReturnsForbidden()
+            {
+                var packageService = new Mock<IPackageService>();
+                var userService = new Mock<IUserService>();
+                var controller = CreateController(
+                    GetConfigurationService(),
+                    packageService: packageService,
+                    userService: userService);
+
+                packageService.Setup(x => x.FindPackageRegistrationById(
+                        It.Is<string>(id => id == _packageRegistration.Id)))
+                    .Returns(_packageRegistration);
+                userService.Setup(x => x.FindByUsername(It.Is<string>(username => username == _signer.Username), false))
+                    .Returns(_signer);
+
+                controller.SetCurrentUser(_signer);
+
+                var result = await controller.SetRequiredSigner(_packageRegistration.Id, _signer.Username);
+
+                Assert.NotNull(result);
+                Assert.Equal((int)HttpStatusCode.Forbidden, controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public async Task WhenCurrentUserIsAuthenticatedOwner_ReturnsOK()
+            {
+                var packageService = new Mock<IPackageService>();
+                var userService = new Mock<IUserService>();
+                var controller = CreateController(
+                    GetConfigurationService(),
+                    packageService: packageService,
+                    userService: userService);
+
+                _packageRegistration.Owners.Add(_signer);
+
+                packageService.Setup(x => x.FindPackageRegistrationById(
+                        It.Is<string>(id => id == _packageRegistration.Id)))
+                    .Returns(_packageRegistration);
+                userService.Setup(x => x.FindByUsername(It.Is<string>(username => username == _signer.Username), false))
+                    .Returns(_signer);
+
+                controller.SetCurrentUser(_signer);
+                controller.OwinContext.AddClaim(NuGetClaims.WasMultiFactorAuthenticated);
+
+                var result = await controller.SetRequiredSigner(_packageRegistration.Id, _signer.Username);
+
+                Assert.NotNull(result);
+                Assert.Equal((int)HttpStatusCode.OK, controller.Response.StatusCode);
+            }
+        }
     }
-}
+}
\ No newline at end of file
diff --git a/tests/NuGetGallery.Facts/Controllers/UsersControllerFacts.cs b/tests/NuGetGallery.Facts/Controllers/UsersControllerFacts.cs
index 2cbf6da0b4..fad28866ed 100644
--- a/tests/NuGetGallery.Facts/Controllers/UsersControllerFacts.cs
+++ b/tests/NuGetGallery.Facts/Controllers/UsersControllerFacts.cs
@@ -4,10 +4,13 @@
 using System;
 using System.Collections.Generic;
 using System.Globalization;
+using System.IO;
 using System.Linq;
 using System.Net;
-using System.Net.Mail;
+using System.Text;
+using System.Security.Claims;
 using System.Threading.Tasks;
+using System.Web;
 using System.Web.Mvc;
 using Moq;
 using NuGetGallery.Areas.Admin;
@@ -16,6 +19,7 @@
 using NuGetGallery.Authentication;
 using NuGetGallery.Framework;
 using NuGetGallery.Infrastructure.Authentication;
+using NuGetGallery.Security;
 using Xunit;
 
 namespace NuGetGallery
@@ -24,26 +28,30 @@ public class UsersControllerFacts
         : AccountsControllerFacts<UsersController, User, UserAccountViewModel>
     {
         public static readonly int CredentialKey = 123;
-        
+
+        private static Func<Fakes, User> _getFakesUser = (Fakes fakes) => fakes.User;
+
         public class TheAccountAction : TheAccountBaseAction
         {
-            protected override ActionResult InvokeAccount(UsersController controller)
+            public static IEnumerable<object[]> AllowedCurrentUsers_Data
             {
-                return controller.Account();
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesUser);
+                }
             }
 
-            protected override User GetCurrentUser(UsersController controller)
+            protected override ActionResult InvokeAccount(UsersController controller)
             {
-                return GetAccount(controller);
+                return controller.Account();
             }
-            
+
             [Fact]
             public void LoadsDescriptionsOfCredentialsInToViewModel()
             {
                 // Arrange
                 var credentialBuilder = new CredentialBuilder();
-                var fakes = Get<Fakes>();
-                var user = fakes.CreateUser(
+                var user = Fakes.CreateUser(
                     "test",
                     credentialBuilder.CreatePasswordCredential("hunter2"),
                     TestCredentialHelper.CreateV1ApiKey(Guid.NewGuid(), Fakes.ExpirationForApiKeyV1),
@@ -71,7 +79,6 @@ public void FiltersOutUnsupportedCredentialsInToViewModel()
             {
                 // Arrange
                 var credentialBuilder = new CredentialBuilder();
-                var fakes = Get<Fakes>();
 
                 var credentials = new List<Credential>
                 {
@@ -84,7 +91,7 @@ public void FiltersOutUnsupportedCredentialsInToViewModel()
                     new Credential() { Type = "unsupported" }
                 };
 
-                var user = fakes.CreateUser("test", credentials.ToArray());
+                var user = Fakes.CreateUser("test", credentials.ToArray());
 
                 var controller = GetController<UsersController>();
                 controller.SetCurrentUser(user);
@@ -110,9 +117,12 @@ public void FiltersOutUnsupportedCredentialsInToViewModel()
 
         public class TheCancelChangeEmailAction : TheCancelChangeEmailBaseAction
         {
-            protected override User GetCurrentUser(UsersController controller)
+            public static IEnumerable<object[]> AllowedCurrentUsers_Data
             {
-                return GetAccount(controller);
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesUser);
+                }
             }
 
             // Note general account tests are in the base class. User-specific tests are below.
@@ -120,9 +130,12 @@ protected override User GetCurrentUser(UsersController controller)
 
         public class TheChangeEmailAction : TheChangeEmailBaseAction
         {
-            protected override User GetCurrentUser(UsersController controller)
+            public static IEnumerable<object[]> AllowedCurrentUsers_Data
             {
-                return GetAccount(controller);
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesUser);
+                }
             }
 
             // Note general account tests are in the base class. User-specific tests are below.
@@ -166,9 +179,12 @@ public async Task WhenPasswordValidationFailsErrorIsReturned()
 
         public class TheConfirmationRequiredAction : TheConfirmationRequiredBaseAction
         {
-            protected override User GetCurrentUser(UsersController controller)
+            public static IEnumerable<object[]> AllowedCurrentUsers_Data
             {
-                return GetAccount(controller);
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesUser);
+                }
             }
 
             // Note general account tests are in the base class. User-specific tests are below.
@@ -176,9 +192,12 @@ protected override User GetCurrentUser(UsersController controller)
 
         public class TheConfirmationRequiredPostAction : TheConfirmationRequiredPostBaseAction
         {
-            protected override User GetCurrentUser(UsersController controller)
+            public static IEnumerable<object[]> AllowedCurrentUsers_Data
             {
-                return GetAccount(controller);
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesUser);
+                }
             }
 
             // Note general account tests are in the base class. User-specific tests are below.
@@ -186,11 +205,16 @@ protected override User GetCurrentUser(UsersController controller)
 
         public class TheChangeEmailSubscriptionAction : TheChangeEmailSubscriptionBaseAction
         {
-            protected override User GetCurrentUser(UsersController controller)
+            public static IEnumerable<object[]> AllowedCurrentUsers_Data
             {
-                return GetAccount(controller);
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesUser);
+                }
             }
 
+            public static IEnumerable<object[]> UpdatesEmailPreferences_Data => MemberDataHelper.Combine(AllowedCurrentUsers_Data, UpdatesEmailPreferences_DefaultData);
+
             // Note general account tests are in the base class. User-specific tests are below.
         }
 
@@ -423,7 +447,7 @@ public async Task SendsPasswordAddedMessageWhenForgotFalse()
                 await controller.ResetPassword("user", "token", model, forgot: false);
 
                 GetMock<IMessageService>()
-                    .Verify(m => m.SendCredentialAddedNotice(cred.User, 
+                    .Verify(m => m.SendCredentialAddedNotice(cred.User,
                                                              It.Is<CredentialViewModel>(c => c.Type == cred.Type)));
             }
 
@@ -445,12 +469,15 @@ public async Task WhenModelIsInvalidItIsRetried(bool forgot)
                 Assert.Equal(forgot, viewResult.ViewBag.ForgotPassword);
             }
         }
-        
+
         public class TheConfirmAction : TheConfirmBaseAction
         {
-            protected override User GetCurrentUser(UsersController controller)
+            public static IEnumerable<object[]> AllowedCurrentUsers_Data
             {
-                return GetAccount(controller);
+                get
+                {
+                    yield return MemberDataHelper.AsData(_getFakesUser);
+                }
             }
 
             // Note general account tests are in the base class. User-specific tests are below.
@@ -463,8 +490,8 @@ public static IEnumerable<object[]> CurrentUserIsInPackageOwnersWithPushNew_Data
             {
                 get
                 {
-                    foreach (var currentUser in 
-                        new[] 
+                    foreach (var currentUser in
+                        new[]
                         {
                             TestUtility.FakeUser,
                             TestUtility.FakeAdminUser,
@@ -489,7 +516,7 @@ public void CurrentUserIsFirstInPackageOwnersWithPushNew(User currentUser)
                 Assert.True(firstPackageOwner.CanPushExisting);
                 Assert.True(firstPackageOwner.CanUnlist);
             }
-            
+
             [Theory]
             [InlineData(true)]
             [InlineData(false)]
@@ -578,8 +605,8 @@ public static IEnumerable<object[]> WhenScopeOwnerDoesNotMatch_ReturnsBadRequest
             {
                 get
                 {
-                    foreach (var getCurrentUser in 
-                        new Func<Fakes, User>[] 
+                    foreach (var getCurrentUser in
+                        new Func<Fakes, User>[]
                         {
                             (fakes) => fakes.User,
                             (fakes) => fakes.Admin
@@ -603,7 +630,7 @@ public async Task WhenScopeOwnerDoesNotMatch_ReturnsBadRequest(Func<Fakes, User>
                 var userInOwnerScope = fakes.ShaUser;
 
                 GetMock<IUserService>()
-                    .Setup(u => u.FindByUsername(userInOwnerScope.Username))
+                    .Setup(u => u.FindByUsername(userInOwnerScope.Username, false))
                     .Returns(userInOwnerScope);
 
                 var controller = GetController<UsersController>();
@@ -640,7 +667,7 @@ public static IEnumerable<object[]> WhenScopeOwnerMatchesOrganizationWithPermiss
                     }
                 }
             }
-            
+
             [Theory]
             [MemberData(nameof(WhenScopeOwnerMatchesOrganizationWithPermission_ReturnsSuccess_Data))]
             public async Task WhenScopeOwnerMatchesOrganizationWithPermission_ReturnsSuccess(bool isAdmin, string scope)
@@ -650,7 +677,7 @@ public async Task WhenScopeOwnerMatchesOrganizationWithPermission_ReturnsSuccess
                 var user = isAdmin ? fakes.OrganizationAdmin : fakes.OrganizationCollaborator;
                 var orgUser = fakes.Organization;
                 GetMock<IUserService>()
-                    .Setup(u => u.FindByUsername(orgUser.Username))
+                    .Setup(u => u.FindByUsername(orgUser.Username, false))
                     .Returns(orgUser);
 
                 GetMock<AuthenticationService>()
@@ -709,7 +736,7 @@ public async Task WhenExpirationInDaysIsProvidedItsUsed(int? inputExpirationInDa
                 var controller = GetController<UsersController>();
                 controller.SetCurrentUser(user);
                 GetMock<IUserService>()
-                    .Setup(u => u.FindByUsername(user.Username))
+                    .Setup(u => u.FindByUsername(user.Username, false))
                     .Returns(user);
 
                 // Act
@@ -800,7 +827,7 @@ public async Task CreatesNewApiKeyCredential(string description, string[] scopes
                 // Arrange 
                 var user = new User("the-username");
                 GetMock<IUserService>()
-                    .Setup(u => u.FindByUsername(user.Username))
+                    .Setup(u => u.FindByUsername(user.Username, false))
                     .Returns(user);
 
                 GetMock<AuthenticationService>()
@@ -867,7 +894,7 @@ public async Task ReturnsNewCredentialJson()
                 controller.SetCurrentUser(user);
 
                 GetMock<IUserService>()
-                    .Setup(u => u.FindByUsername(user.Username))
+                    .Setup(u => u.FindByUsername(user.Username, false))
                     .Returns(user);
 
                 // Act
@@ -913,7 +940,7 @@ public async Task SendsNotificationMailToUser()
                 var controller = GetController<UsersController>();
                 controller.SetCurrentUser(user);
                 GetMock<IUserService>()
-                    .Setup(u => u.FindByUsername(user.Username))
+                    .Setup(u => u.FindByUsername(user.Username, false))
                     .Returns(user);
 
 
@@ -948,7 +975,7 @@ public void Returns404ForMissingOrDeletedUser(User user)
                 var username = "test";
 
                 GetMock<IUserService>()
-                    .Setup(x => x.FindByUsername(username))
+                    .Setup(x => x.FindByUsername(username, false))
                     .Returns(user);
 
                 var controller = GetController<UsersController>();
@@ -980,7 +1007,7 @@ public void ReturnsSinglePackageAsExpected(User currentUser, User owner)
             {
                 // Arrange
                 var username = "test";
-                
+
                 var package = new Package
                 {
                     Version = "1.1.1",
@@ -996,7 +1023,7 @@ public void ReturnsSinglePackageAsExpected(User currentUser, User owner)
                 };
 
                 GetMock<IUserService>()
-                    .Setup(x => x.FindByUsername(username))
+                    .Setup(x => x.FindByUsername(username, false))
                     .Returns(owner);
 
                 GetMock<IPackageService>()
@@ -1050,7 +1077,7 @@ public void SortsPackagesByDownloadCount(User currentUser, User owner)
                 };
 
                 GetMock<IUserService>()
-                    .Setup(x => x.FindByUsername(username))
+                    .Setup(x => x.FindByUsername(username, false))
                     .Returns(owner);
 
                 GetMock<IPackageService>()
@@ -1123,7 +1150,7 @@ public async Task GivenInvalidView_ItReturnsView()
                 {
                     ChangePassword = new ChangePasswordViewModel
                     {
-                        EnablePasswordLogin = true,
+                        DisablePasswordLogin = false,
                     }
                 };
                 controller.SetCurrentUser(new User()
@@ -1159,7 +1186,7 @@ public async Task GivenMismatchedNewPassword_ItAddsModelError()
                 {
                     ChangePassword = new ChangePasswordViewModel()
                     {
-                        EnablePasswordLogin = true,
+                        DisablePasswordLogin = false,
                         OldPassword = "old",
                         NewPassword = "new",
                         VerifyPassword = "new2",
@@ -1200,7 +1227,7 @@ public async Task GivenFailureInAuthService_ItAddsModelError()
                 {
                     ChangePassword = new ChangePasswordViewModel()
                     {
-                        EnablePasswordLogin = true,
+                        DisablePasswordLogin = false,
                         OldPassword = "old",
                         NewPassword = "new",
                         VerifyPassword = "new",
@@ -1237,7 +1264,7 @@ public async Task GivenDisabledPasswordLogin_RemovesCredentialAndSendsNotice()
                     .Completes()
                     .Verifiable();
                 GetMock<IMessageService>()
-                    .Setup(m => 
+                    .Setup(m =>
                                 m.SendCredentialRemovedNotice(
                                     user,
                                     It.Is<CredentialViewModel>(c => c.Type == CredentialTypes.External.MicrosoftAccount)))
@@ -1249,7 +1276,7 @@ public async Task GivenDisabledPasswordLogin_RemovesCredentialAndSendsNotice()
                 {
                     ChangePassword = new ChangePasswordViewModel()
                     {
-                        EnablePasswordLogin = false,
+                        DisablePasswordLogin = true,
                     }
                 };
 
@@ -1277,7 +1304,7 @@ public async Task GivenSuccessInAuthService_ItRedirectsBackToManageCredentialsWi
                 {
                     ChangePassword = new ChangePasswordViewModel()
                     {
-                        EnablePasswordLogin = true,
+                        DisablePasswordLogin = false,
                         OldPassword = "old",
                         NewPassword = "new",
                         VerifyPassword = "new",
@@ -1349,6 +1376,40 @@ public async Task GivenNoOldPasswordForUnconfirmedAccount_ItAddsModelError()
             }
         }
 
+        public class TheChangeMultiFactorAuthenticationAction : TestContainer
+        {
+            [Theory]
+            [InlineData(true)]
+            [InlineData(false)]
+            public async Task SettingsAreUpdated_RedirectsBackWithMessage(bool enable2FA)
+            {
+                // Arrange
+                var fakes = Get<Fakes>();
+                var user = fakes.CreateUser("user1");
+                user.EnableMultiFactorAuthentication = !enable2FA;
+
+                var controller = GetController<UsersController>();
+                controller.SetCurrentUser(user);
+
+                var userServiceMock = GetMock<IUserService>();
+                userServiceMock
+                    .Setup(x => x.ChangeMultiFactorAuthentication(user, enable2FA))
+                    .Returns(Task.CompletedTask)
+                    .Verifiable();
+
+                // Act
+                var result = await controller.ChangeMultiFactorAuthentication(enable2FA);
+
+                // Assert
+                userServiceMock.Verify(x => x.ChangeMultiFactorAuthentication(user, enable2FA));
+                Assert.NotNull(controller.TempData["Message"]);
+                var identity = controller.OwinContext.Authentication.User.Identity as ClaimsIdentity;
+                Assert.NotNull(identity);
+                Assert.Equal(enable2FA, ClaimsExtensions.HasBooleanClaim(identity, NuGetClaims.EnabledMultiFactorAuthentication));
+                ResultAssert.IsRedirectToRoute(result, new { action = "Account" });
+            }
+        }
+
         public class TheRemovePasswordAction : TestContainer
         {
             [Fact]
@@ -1510,7 +1571,7 @@ public async Task GivenValidRequest_ItRemovesCredAndSendsNotificationToUser()
                     .Completes()
                     .Verifiable();
                 GetMock<IMessageService>()
-                    .Setup(m => 
+                    .Setup(m =>
                                 m.SendCredentialRemovedNotice(
                                     user,
                                     It.Is<CredentialViewModel>(c => c.Type == CredentialTypes.External.MicrosoftAccount)))
@@ -1740,7 +1801,7 @@ public async Task GivenValidRequest_ItGeneratesNewCredAndRemovesOldCredAndSendsN
                 Assert.NotEqual(newApiKey.Value, viewModel.Value);
                 Assert.True(ApiKeyV4.TryParse(viewModel.Value, out ApiKeyV4 apiKeyV4));
                 Assert.True(apiKeyV4.Verify(newApiKey.Value));
-                
+
                 Assert.Equal(newApiKey.Key, viewModel.Key);
                 Assert.Equal(description, viewModel.Description);
                 Assert.Equal(newApiKey.Expires.Value.ToString("O"), viewModel.Expires);
@@ -1976,7 +2037,7 @@ public void DeleteNotExistentAccount()
                 var result = controller.Delete(accountName: "NotFoundUser");
 
                 // Assert
-                Assert.Equal((int)HttpStatusCode.NotFound, (int)((HttpNotFoundResult)result).StatusCode);
+                ResultAssert.IsNotFound(result);
             }
 
             [Fact]
@@ -1991,18 +2052,20 @@ public void DeleteDeletedAccount()
                 testUser.IsDeleted = true;
 
                 GetMock<IUserService>()
-                    .Setup(stub => stub.FindByUsername(userName))
+                    .Setup(stub => stub.FindByUsername(userName, false))
                     .Returns(testUser);
 
                 // act
                 var result = controller.Delete(accountName: userName);
 
                 // Assert
-                Assert.Equal((int)HttpStatusCode.NotFound, (int)((HttpNotFoundResult)result).StatusCode);
+                ResultAssert.IsNotFound(result);
             }
 
-            [Fact]
-            public void DeleteHappyAccount()
+            [Theory]
+            [InlineData(false)]
+            [InlineData(true)]
+            public void DeleteHappyAccount(bool withPendingIssues)
             {
                 // Arrange
                 string userName = "DeletedUser";
@@ -2010,6 +2073,8 @@ public void DeleteHappyAccount()
                 var fakes = Get<Fakes>();
                 var testUser = fakes.CreateUser(userName);
                 testUser.IsDeleted = false;
+                testUser.Key = 1;
+                controller.SetCurrentUser(fakes.Admin);
 
                 PackageRegistration packageRegistration = new PackageRegistration();
                 packageRegistration.Owners.Add(testUser);
@@ -2024,9 +2089,21 @@ public void DeleteHappyAccount()
                 packageRegistration.Packages.Add(userPackage);
 
                 List<Package> userPackages = new List<Package>() { userPackage };
+                List<Issue> issues = new List<Issue>();
+                if (withPendingIssues)
+                {
+                    issues.Add(new Issue()
+                    {
+                        IssueTitle = Strings.AccountDelete_SupportRequestTitle,
+                        OwnerEmail = testUser.EmailAddress,
+                        CreatedBy = userName,
+                        UserKey = testUser.Key,
+                        IssueStatus = new IssueStatus() { Key = IssueStatusKeys.New, Name = "OneIssue" }
+                    });
+                }
 
                 GetMock<IUserService>()
-                    .Setup(stub => stub.FindByUsername(userName))
+                    .Setup(stub => stub.FindByUsername(userName, false))
                     .Returns(testUser);
                 GetMock<IPackageService>()
                     .Setup(stub => stub.FindPackagesByAnyMatchingOwner(testUser, It.IsAny<bool>(), false))
@@ -2034,13 +2111,17 @@ public void DeleteHappyAccount()
                 GetMock<IPackageService>()
                     .Setup(stub => stub.FindPackagesByAnyMatchingOwner(testUser, It.IsAny<bool>(), false))
                     .Returns(userPackages);
+                GetMock<ISupportRequestService>()
+                    .Setup(stub => stub.GetIssues(null, null, null, null))
+                    .Returns(issues);
 
                 // act
-                var model = ResultAssert.IsView<DeleteUserAccountViewModel>(controller.Delete(accountName: userName), viewName: "DeleteUserAccount");
+                var model = ResultAssert.IsView<DeleteUserViewModel>(controller.Delete(accountName: userName), viewName: "DeleteUserAccount");
 
                 // Assert
                 Assert.Equal(userName, model.AccountName);
-                Assert.Equal<int>(1, model.Packages.Count());
+                Assert.Equal(1, model.Packages.Count());
+                Assert.Equal(withPendingIssues, model.HasPendingRequests);
             }
         }
 
@@ -2049,19 +2130,12 @@ public class TheDeleteAccountRequestAction : TestContainer
             [Theory]
             [InlineData(false)]
             [InlineData(true)]
-            public void DeleteAccountRequestView(bool withPendingIssues)
+            public void ShowsViewWithCorrectData(bool withPendingIssues)
             {
                 // Arrange
-                string userName = "DeletedUser";
-                string emailAddress = $"{userName}@coldmail.com";
-                int userKey = 1;
-
                 var controller = GetController<UsersController>();
                 var fakes = Get<Fakes>();
-                var testUser = fakes.CreateUser(userName);
-                testUser.EmailAddress = emailAddress;
-                testUser.Key = userKey;
-                testUser.IsDeleted = false;
+                var testUser = fakes.User;
 
                 controller.SetCurrentUser(testUser);
                 PackageRegistration packageRegistration = new PackageRegistration();
@@ -2083,15 +2157,15 @@ public void DeleteAccountRequestView(bool withPendingIssues)
                     issues.Add(new Issue()
                     {
                         IssueTitle = Strings.AccountDelete_SupportRequestTitle,
-                        OwnerEmail = emailAddress,
-                        CreatedBy = userName,
-                        UserKey = 1,
+                        OwnerEmail = testUser.EmailAddress,
+                        CreatedBy = testUser.Username,
+                        UserKey = testUser.Key,
                         IssueStatus = new IssueStatus() { Key = IssueStatusKeys.New, Name = "OneIssue" }
                     });
                 }
 
                 GetMock<IUserService>()
-                    .Setup(stub => stub.FindByUsername(userName))
+                    .Setup(stub => stub.FindByUsername(testUser.Username, false))
                     .Returns(testUser);
                 GetMock<IPackageService>()
                     .Setup(stub => stub.FindPackagesByAnyMatchingOwner(testUser, It.IsAny<bool>(), false))
@@ -2102,22 +2176,53 @@ public void DeleteAccountRequestView(bool withPendingIssues)
 
                 // act
                 var result = controller.DeleteRequest() as ViewResult;
-                var model = (DeleteAccountViewModel)result.Model;
+                var model = ResultAssert.IsView<DeleteUserViewModel>(result, "DeleteAccount");
 
                 // Assert
-                Assert.Equal(userName, model.AccountName);
-                Assert.Equal<int>(1, model.Packages.Count());
-                Assert.Equal<bool>(true, model.HasOrphanPackages);
-                Assert.Equal<bool>(withPendingIssues, model.HasPendingRequests);
+                Assert.Equal(testUser.Username, model.AccountName);
+                Assert.Equal(1, model.Packages.Count());
+                Assert.Equal(true, model.HasOrphanPackages);
+                Assert.Equal(withPendingIssues, model.HasPendingRequests);
             }
         }
 
         public class TheRequestAccountDeletionAction : TestContainer
         {
+            [Fact]
+            public async Task ReturnsNotFoundWithoutCurrentUser()
+            {
+                // Arrange
+                var controller = GetController<UsersController>();
+
+                // Act & Assert
+                await ReturnsNotFound(controller);
+            }
+
+            [Fact]
+            public async Task ReturnsNotFoundWithDeletedCurrentUser()
+            {
+                // Arrange
+                var controller = GetController<UsersController>();
+
+                var currentUser = Get<Fakes>().User;
+                currentUser.IsDeleted = true;
+                controller.SetCurrentUser(currentUser);
+
+                // Act & Assert
+                await ReturnsNotFound(controller);
+            }
+
+            private async Task ReturnsNotFound(UsersController controller)
+            {
+                var result = await controller.RequestAccountDeletion(string.Empty);
+                
+                ResultAssert.IsNotFound(result);
+            }
+
             [Theory]
             [InlineData(false)]
             [InlineData(true)]
-            public async Task RequestDeleteAccountAsync(bool successOnSentRequest)
+            public async Task SucceedsIfSupportRequestIsAdded(bool successOnSentRequest)
             {
                 // Arrange
                 string userName = "DeletedUser";
@@ -2134,7 +2239,7 @@ public async Task RequestDeleteAccountAsync(bool successOnSentRequest)
                 List<Issue> issues = new List<Issue>();
 
                 GetMock<IUserService>()
-                    .Setup(stub => stub.FindByUsername(userName))
+                    .Setup(stub => stub.FindByUsername(userName, false))
                     .Returns(testUser);
                 GetMock<IPackageService>()
                     .Setup(stub => stub.FindPackagesByAnyMatchingOwner(testUser, It.IsAny<bool>(), false))
@@ -2151,9 +2256,50 @@ public async Task RequestDeleteAccountAsync(bool successOnSentRequest)
 
                 // Assert
                 Assert.NotNull(result);
-                Assert.Equal<string>("DeleteRequest", (string)result.RouteValues["action"]);
+                Assert.Equal("DeleteRequest", (string)result.RouteValues["action"]);
                 bool tempData = controller.TempData.ContainsKey("RequestFailedMessage");
-                Assert.Equal<bool>(!successOnSentRequest, tempData);
+                Assert.Equal(!successOnSentRequest, tempData);
+                GetMock<IMessageService>()
+                    .Verify(
+                        stub => stub.SendAccountDeleteNotice(testUser), 
+                        successOnSentRequest ? Times.Once() : Times.Never());
+            }
+
+            /// <summary>
+            /// If the user does not have the email account confirmed the user record is deleted without sending a support request.
+            /// </summary>
+            [Fact]
+            public async Task WhenUserIsUnconfirmedDeletesAccount()
+            {
+                // Arrange
+                string userName = "DeletedUser";
+                string emailAddress = $"{userName}@coldmail.com";
+
+                var controller = GetController<UsersController>();
+
+                var fakes = Get<Fakes>();
+                var testUser = fakes.CreateUser(userName);
+                testUser.UnconfirmedEmailAddress = emailAddress;
+                controller.SetCurrentUser(testUser);
+
+                GetMock<IUserService>()
+                    .Setup(stub => stub.FindByUsername(userName, false))
+                    .Returns(testUser);
+
+                GetMock<IDeleteAccountService>()
+                    .Setup(stub => stub.DeleteAccountAsync(testUser, It.IsAny<User>(), It.IsAny<bool>(), It.IsAny<AccountDeletionOrphanPackagePolicy>(), It.IsAny<string>()))
+                    .Returns(value: Task.FromResult(new DeleteUserAccountStatus()
+                    {
+                        AccountName = userName,
+                        Description = "Delete user",
+                        Success = true
+                    }));
+
+                // act
+                var result = await controller.RequestAccountDeletion() as NuGetGallery.SafeRedirectResult;
+
+                // Assert
+                Assert.NotNull(result);
             }
         }
 
@@ -2168,7 +2314,7 @@ protected UsersController CreateController(string accountToTransform, string can
                 controller.SetCurrentUser(currentUser);
 
                 GetMock<IUserService>()
-                    .Setup(u => u.FindByUsername("OrgAdmin"))
+                    .Setup(u => u.FindByUsername("OrgAdmin", false))
                     .Returns(new User("OrgAdmin")
                     {
                         EmailAddress = "orgadmin@example.com"
@@ -2184,7 +2330,8 @@ protected UsersController CreateController(string accountToTransform, string can
 
                 GetMock<IUserService>()
                     .Setup(s => s.RequestTransformToOrganizationAccount(It.IsAny<User>(), It.IsAny<User>()))
-                    .Callback<User, User>((acct, admin) => {
+                    .Callback<User, User>((acct, admin) =>
+                    {
                         acct.OrganizationMigrationRequest = new OrganizationMigrationRequest()
                         {
                             NewOrganization = acct,
@@ -2230,7 +2377,8 @@ public async Task WhenCanTransformReturnsFalse_ShowsError()
                 var controller = CreateController(accountToTransform, canTransformErrorReason: "error");
 
                 // Act
-                var result = await controller.TransformToOrganization(new TransformAccountViewModel() {
+                var result = await controller.TransformToOrganization(new TransformAccountViewModel()
+                {
                     AdminUsername = "OrgAdmin"
                 }) as ViewResult;
 
@@ -2285,7 +2433,7 @@ public async Task WhenAdminIsNotFound_ShowsError()
                     controller.ModelState[string.Empty].Errors.First().ErrorMessage);
 
                 GetMock<IMessageService>()
-                    .Verify(m => 
+                    .Verify(m =>
                         m.SendOrganizationTransformRequest(
                             It.IsAny<User>(),
                             It.IsAny<User>(),
@@ -2295,7 +2443,7 @@ public async Task WhenAdminIsNotFound_ShowsError()
                         Times.Never());
 
                 GetMock<IMessageService>()
-                    .Verify(m => 
+                    .Verify(m =>
                         m.SendOrganizationTransformInitiatedNotice(
                             It.IsAny<User>(),
                             It.IsAny<User>(),
@@ -2334,8 +2482,8 @@ public async Task WhenValid_CreatesRequestAndRedirects()
 
                 GetMock<IMessageService>()
                     .Verify(m => m.SendOrganizationTransformInitiatedNotice(
-                        It.IsAny<User>(), 
-                        It.IsAny<User>(), 
+                        It.IsAny<User>(),
+                        It.IsAny<User>(),
                         It.IsAny<string>()));
 
                 GetMock<ITelemetryService>()
@@ -2343,7 +2491,7 @@ public async Task WhenValid_CreatesRequestAndRedirects()
                         t => t.TrackOrganizationTransformInitiated(It.IsAny<User>()));
             }
         }
-        
+
         public class TheConfirmTransformToOrganizationAction : TestContainer
         {
             [Fact]
@@ -2476,7 +2624,7 @@ private UsersController CreateController(string accountToTransform, string canTr
                 controller.SetCurrentUser(currentUser);
 
                 GetMock<IUserService>()
-                    .Setup(u => u.FindByUsername(accountToTransform))
+                    .Setup(u => u.FindByUsername(accountToTransform, false))
                     .Returns(new User(accountToTransform)
                     {
                         EmailAddress = $"{accountToTransform}@example.com"
@@ -2514,7 +2662,7 @@ public async Task WhenAccountToTransformIsNotFound_ShowsError()
                 // Assert
                 Assert.NotNull(result);
                 Assert.Equal(
-                    String.Format(CultureInfo.CurrentCulture, Strings.TransformAccount_OrganizationAccountDoesNotExist, "account"), 
+                    String.Format(CultureInfo.CurrentCulture, Strings.TransformAccount_OrganizationAccountDoesNotExist, "account"),
                     controller.TempData["Message"]);
 
                 GetMock<IMessageService>()
@@ -2570,7 +2718,7 @@ public async Task WhenUserServiceReturnsSuccess_Redirects()
                 // Assert
                 Assert.NotNull(result);
                 Assert.Equal(
-                    String.Format(CultureInfo.CurrentCulture, Strings.TransformAccount_Rejected, accountToTransform), 
+                    String.Format(CultureInfo.CurrentCulture, Strings.TransformAccount_Rejected, accountToTransform),
                     controller.TempData["Message"]);
 
                 GetMock<IMessageService>()
@@ -2594,7 +2742,7 @@ private UsersController CreateController(string accountToTransform, bool success
                 controller.SetCurrentUser(currentUser);
 
                 GetMock<IUserService>()
-                    .Setup(u => u.FindByUsername(accountToTransform))
+                    .Setup(u => u.FindByUsername(accountToTransform, false))
                     .Returns(new User(accountToTransform)
                     {
                         EmailAddress = $"{accountToTransform}@example.com"
@@ -2689,6 +2837,376 @@ private UsersController CreateController(bool success = true)
                 return controller;
             }
         }
-    }
-}
 
+        public class TheGetCertificateAction : TestContainer
+        {
+            private readonly Mock<ICertificateService> _certificateService;
+            private readonly UsersController _controller;
+            private readonly User _user;
+            private readonly Certificate _certificate;
+
+            public TheGetCertificateAction()
+            {
+                _certificateService = GetMock<ICertificateService>();
+                _controller = GetController<UsersController>();
+                _user = new User()
+                {
+                    Key = 1,
+                    Username = "a"
+                };
+                _certificate = new Certificate()
+                {
+                    Key = 2,
+                    Sha1Thumbprint = "b",
+                    Thumbprint = "c"
+                };
+            }
+
+            [Theory]
+            [InlineData(null)]
+            [InlineData("")]
+            public void GetCertificate_WhenThumbprintIsInvalid_ReturnsBadRequest(string thumbprint)
+            {
+                _controller.SetCurrentUser(_user);
+
+                var response = _controller.GetCertificate(accountName: null, thumbprint: thumbprint);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.BadRequest, _controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public void GetCertificate_WhenCurrentUserIsNull_ReturnsUnauthorized()
+            {
+                var response = _controller.GetCertificate(accountName: null, thumbprint: _certificate.Thumbprint);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.Unauthorized, _controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public void GetCertificate_WhenCurrentUserHasNoCertificates_ReturnsOK()
+            {
+                _certificateService.Setup(x => x.GetCertificates(It.Is<User>(u => u == _user)))
+                    .Returns(Enumerable.Empty<Certificate>());
+                _controller.SetCurrentUser(_user);
+                _controller.OwinContext.AddClaim(NuGetClaims.WasMultiFactorAuthenticated);
+
+                var response = _controller.GetCertificate(accountName: null, thumbprint: _certificate.Thumbprint);
+
+                Assert.NotNull(response);
+                Assert.Empty((IEnumerable<ListCertificateItemViewModel>)response.Data);
+                Assert.Equal(JsonRequestBehavior.AllowGet, response.JsonRequestBehavior);
+                Assert.Equal((int)HttpStatusCode.OK, _controller.Response.StatusCode);
+
+                _certificateService.VerifyAll();
+            }
+
+            [Fact]
+            public void GetCertificate_WhenCurrentUserHasCertificate_ReturnsOK()
+            {
+                _certificateService.Setup(x => x.GetCertificates(It.Is<User>(u => u == _user)))
+                    .Returns(new[] { _certificate });
+                _controller.SetCurrentUser(_user);
+                _controller.OwinContext.AddClaim(NuGetClaims.WasMultiFactorAuthenticated);
+
+                var response = _controller.GetCertificate(accountName: null, thumbprint: _certificate.Thumbprint);
+
+                Assert.NotNull(response);
+                Assert.NotEmpty((IEnumerable<ListCertificateItemViewModel>)response.Data);
+
+                var viewModel = ((IEnumerable<ListCertificateItemViewModel>)response.Data).Single();
+
+                Assert.True(viewModel.CanDelete);
+                Assert.Equal($"/account/certificates/{_certificate.Thumbprint}", viewModel.DeleteUrl);
+                Assert.Equal(_certificate.Sha1Thumbprint, viewModel.Sha1Thumbprint);
+                Assert.Equal(JsonRequestBehavior.AllowGet, response.JsonRequestBehavior);
+                Assert.Equal((int)HttpStatusCode.OK, _controller.Response.StatusCode);
+
+                _certificateService.VerifyAll();
+            }
+        }
+
+        public class TheGetCertificatesAction : TestContainer
+        {
+            private readonly Mock<ICertificateService> _certificateService;
+            private readonly UsersController _controller;
+            private readonly User _user;
+            private readonly Certificate _certificate;
+
+            public TheGetCertificatesAction()
+            {
+                _certificateService = GetMock<ICertificateService>();
+                _controller = GetController<UsersController>();
+                _user = new User()
+                {
+                    Key = 1,
+                    Username = "a"
+                };
+                _certificate = new Certificate()
+                {
+                    Key = 2,
+                    Sha1Thumbprint = "b",
+                    Thumbprint = "c"
+                };
+            }
+
+            [Fact]
+            public void GetCertificates_WhenCurrentUserIsNull_ReturnsUnauthorized()
+            {
+                var response = _controller.GetCertificates(accountName: null);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.Unauthorized, _controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public void GetCertificates_WhenCurrentUserHasNoCertificates_ReturnsOK()
+            {
+                _certificateService.Setup(x => x.GetCertificates(It.Is<User>(u => u == _user)))
+                    .Returns(Enumerable.Empty<Certificate>());
+                _controller.SetCurrentUser(_user);
+                _controller.OwinContext.AddClaim(NuGetClaims.WasMultiFactorAuthenticated);
+
+                var response = _controller.GetCertificates(accountName: null);
+
+                Assert.NotNull(response);
+                Assert.Empty((IEnumerable<ListCertificateItemViewModel>)response.Data);
+                Assert.Equal(JsonRequestBehavior.AllowGet, response.JsonRequestBehavior);
+                Assert.Equal((int)HttpStatusCode.OK, _controller.Response.StatusCode);
+
+                _certificateService.VerifyAll();
+            }
+
+            [Fact]
+            public void GetCertificates_WhenCurrentUserHasCertificate_ReturnsOK()
+            {
+                _certificateService.Setup(x => x.GetCertificates(It.Is<User>(u => u == _user)))
+                    .Returns(new[] { _certificate });
+                _controller.SetCurrentUser(_user);
+                _controller.OwinContext.AddClaim(NuGetClaims.WasMultiFactorAuthenticated);
+
+                var response = _controller.GetCertificates(accountName: null);
+
+                Assert.NotNull(response);
+                Assert.NotEmpty((IEnumerable<ListCertificateItemViewModel>)response.Data);
+
+                var viewModel = ((IEnumerable<ListCertificateItemViewModel>)response.Data).Single();
+
+                Assert.True(viewModel.CanDelete);
+                Assert.Equal($"/account/certificates/{_certificate.Thumbprint}", viewModel.DeleteUrl);
+                Assert.Equal(_certificate.Sha1Thumbprint, viewModel.Sha1Thumbprint);
+                Assert.Equal(JsonRequestBehavior.AllowGet, response.JsonRequestBehavior);
+                Assert.Equal((int)HttpStatusCode.OK, _controller.Response.StatusCode);
+
+                _certificateService.VerifyAll();
+            }
+        }
+
+        public class TheAddCertificateAction : TestContainer
+        {
+            private readonly Mock<ICertificateService> _certificateService;
+            private readonly Mock<ISecurityPolicyService> _securityPolicyService;
+            private readonly Mock<IPackageService> _packageService;
+            private readonly UsersController _controller;
+            private readonly User _user;
+            private readonly Certificate _certificate;
+
+            public TheAddCertificateAction()
+            {
+                _certificateService = GetMock<ICertificateService>();
+                _securityPolicyService = GetMock<ISecurityPolicyService>();
+                _packageService = GetMock<IPackageService>();
+                _controller = GetController<UsersController>();
+                _user = new User()
+                {
+                    Key = 1,
+                    Username = "a"
+                };
+                _certificate = new Certificate()
+                {
+                    Key = 2,
+                    Sha1Thumbprint = "b",
+                    Thumbprint = "c"
+                };
+            }
+
+            [Fact]
+            public void AddCertificate_WhenCurrentUserIsNull_ReturnsUnauthorized()
+            {
+                var uploadFile = new StubHttpPostedFile(contentLength: 0, fileName: "a.cer", inputStream: Stream.Null);
+                var response = _controller.AddCertificate(accountName: null, uploadFile: uploadFile);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.Unauthorized, _controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public void AddCertificate_WhenUploadFileIsNull_ReturnsBadRequest()
+            {
+                _controller.SetCurrentUser(_user);
+
+                var response = _controller.AddCertificate(accountName: null, uploadFile: null);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.BadRequest, _controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public void AddCertificate_WhenCurrentUserIsNotMultiFactorAuthenticated_ReturnsForbidden()
+            {
+                var uploadFile = GetUploadFile();
+
+                _controller.SetCurrentUser(_user);
+
+                var response = _controller.AddCertificate(accountName: null, uploadFile: uploadFile);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.Forbidden, _controller.Response.StatusCode);
+
+                _certificateService.VerifyAll();
+            }
+
+            [Fact]
+            public void AddCertificate_WhenUploadFileIsValid_ReturnsCreated()
+            {
+                var uploadFile = GetUploadFile();
+
+                _certificateService.Setup(x => x.AddCertificateAsync(
+                        It.Is<HttpPostedFileBase>(file => ReferenceEquals(file, uploadFile))))
+                    .ReturnsAsync(_certificate);
+                _certificateService.Setup(x => x.ActivateCertificateAsync(
+                        It.Is<string>(thumbprint => thumbprint == _certificate.Thumbprint),
+                        It.Is<User>(user => user == _user)))
+                    .Returns(Task.CompletedTask);
+
+                _controller.SetCurrentUser(_user);
+                _controller.OwinContext.AddClaim(NuGetClaims.WasMultiFactorAuthenticated);
+
+                var response = _controller.AddCertificate(accountName: null, uploadFile: uploadFile);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.Created, _controller.Response.StatusCode);
+
+                _certificateService.VerifyAll();
+            }
+
+            [Fact]
+            public void AddCertificate_WhenUserIsSubscribedToAutomaticallyOverwriteRequiredSignerPolicy_ReturnsCreated()
+            {
+                var uploadFile = GetUploadFile();
+
+                _certificateService.Setup(x => x.AddCertificateAsync(
+                        It.Is<HttpPostedFileBase>(file => ReferenceEquals(file, uploadFile))))
+                    .ReturnsAsync(_certificate);
+                _certificateService.Setup(x => x.ActivateCertificateAsync(
+                        It.Is<string>(thumbprint => thumbprint == _certificate.Thumbprint),
+                        It.Is<User>(user => user == _user)))
+                    .Returns(Task.CompletedTask);
+                _certificateService.Setup(x => x.GetCertificates(
+                        It.Is<User>(user => user == _user)))
+                    .Returns(new[] { _certificate });
+                _securityPolicyService.Setup(x => x.IsSubscribed(
+                        It.Is<User>(user => user == _user),
+                        It.Is<string>(policyName => policyName == AutomaticallyOverwriteRequiredSignerPolicy.PolicyName)))
+                    .Returns(true);
+                _packageService.Setup(x => x.SetRequiredSignerAsync(It.Is<User>(user => user == _user)))
+                    .Returns(Task.CompletedTask);
+
+                _controller.SetCurrentUser(_user);
+                _controller.OwinContext.AddClaim(NuGetClaims.WasMultiFactorAuthenticated);
+
+                var response = _controller.AddCertificate(accountName: null, uploadFile: uploadFile);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.Created, _controller.Response.StatusCode);
+
+                _certificateService.VerifyAll();
+                _securityPolicyService.VerifyAll();
+                _packageService.Verify(x => x.SetRequiredSignerAsync(_user), Times.Once);
+            }
+
+            private static StubHttpPostedFile GetUploadFile()
+            {
+                var bytes = Encoding.UTF8.GetBytes("certificate");
+                var stream = new MemoryStream(bytes);
+
+                return new StubHttpPostedFile((int)stream.Length, "certificate.cer", stream);
+            }
+        }
+
+        public class TheDeleteCertificateAction : TestContainer
+        {
+            private readonly Mock<ICertificateService> _certificateService;
+            private readonly UsersController _controller;
+            private readonly User _user;
+            private readonly Certificate _certificate;
+
+            public TheDeleteCertificateAction()
+            {
+                _certificateService = GetMock<ICertificateService>();
+                _controller = GetController<UsersController>();
+                _user = new User()
+                {
+                    Key = 1,
+                    Username = "a"
+                };
+                _certificate = new Certificate()
+                {
+                    Key = 2,
+                    Sha1Thumbprint = "b",
+                    Thumbprint = "c"
+                };
+            }
+
+            [Theory]
+            [InlineData(null)]
+            [InlineData("")]
+            public void DeleteCertificate_WhenThumbprintIsInvalid_ReturnsBadRequest(string thumbprint)
+            {
+                _controller.SetCurrentUser(_user);
+
+                var response = _controller.DeleteCertificate(accountName: null, thumbprint: thumbprint);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.BadRequest, _controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public void DeleteCertificate_WhenCurrentUserIsNull_ReturnsUnauthorized()
+            {
+                var response = _controller.DeleteCertificate(accountName: null, thumbprint: _certificate.Thumbprint);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.Unauthorized, _controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public void DeleteCertificate_WhenCurrentUserIsNotMultiFactorAuthenticated_ReturnsForbidden()
+            {
+                _controller.SetCurrentUser(_user);
+
+                var response = _controller.DeleteCertificate(accountName: null, thumbprint: _certificate.Thumbprint);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.Forbidden, _controller.Response.StatusCode);
+            }
+
+            [Fact]
+            public void DeleteCertificate_WithValidThumbprint_ReturnsOK()
+            {
+                _certificateService.Setup(x => x.DeactivateCertificateAsync(
+                        It.Is<string>(thumbprint => thumbprint == _certificate.Thumbprint),
+                        It.Is<User>(user => user == _user)))
+                    .Returns(Task.CompletedTask);
+                _controller.SetCurrentUser(_user);
+                _controller.OwinContext.AddClaim(NuGetClaims.WasMultiFactorAuthenticated);
+
+                var response = _controller.DeleteCertificate(accountName: null, thumbprint: _certificate.Thumbprint);
+
+                Assert.NotNull(response);
+                Assert.Equal((int)HttpStatusCode.OK, _controller.Response.StatusCode);
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/NuGetGallery.Facts/Extensions/RouteExtensionsFacts.cs b/tests/NuGetGallery.Facts/Extensions/RouteExtensionsFacts.cs
index 726ed1cf36..c10b8760c7 100644
--- a/tests/NuGetGallery.Facts/Extensions/RouteExtensionsFacts.cs
+++ b/tests/NuGetGallery.Facts/Extensions/RouteExtensionsFacts.cs
@@ -6,19 +6,41 @@
 
 namespace NuGetGallery.Extensions
 {
-    public class RouteExtensionsFacts 
+    public class RouteExtensionsFacts
     {
-        private static string  _routeUrl = "test/{user}";
+        private static string _routeUrl = "test/{user}";
         private static string _url = "test/user1";
         private static int _segment = 1;
         private static string _obfuscatedValue = "obfuscatedData";
 
         [Fact]
-        public void MapRouteAddObfuscation()
+        public void MapRoute_WithoutConstraints_AddsObfuscation()
         {
             // Arrange
             var routes = new RouteCollection();
-            routes.MapRoute("test", _routeUrl, null, new RouteExtensions.ObfuscatedMetadata(_segment, _obfuscatedValue));
+            routes.MapRoute(
+                "test",
+                _routeUrl,
+                defaults: null,
+                obfuscationMetadata: new RouteExtensions.ObfuscatedMetadata(_segment, _obfuscatedValue));
+
+            // Act + Assert
+            Assert.True(RouteExtensions.ObfuscatedRouteMap.ContainsKey(_routeUrl));
+            Assert.Equal(_segment, RouteExtensions.ObfuscatedRouteMap[_routeUrl][0].ObfuscatedSegment);
+            Assert.Equal(_obfuscatedValue, RouteExtensions.ObfuscatedRouteMap[_routeUrl][0].ObfuscateValue);
+        }
+
+        [Fact]
+        public void MapRoute_WithConstraints_AddsObfuscation()
+        {
+            // Arrange
+            var routes = new RouteCollection();
+            routes.MapRoute(
+                "test",
+                _routeUrl,
+                defaults: null,
+                constraints: null,
+                obfuscationMetadata: new RouteExtensions.ObfuscatedMetadata(_segment, _obfuscatedValue));
 
             // Act + Assert
             Assert.True(RouteExtensions.ObfuscatedRouteMap.ContainsKey(_routeUrl));
@@ -27,7 +49,7 @@ public void MapRouteAddObfuscation()
         }
 
         [Fact]
-        public void ObfuscateRoutePath_ReturnsNullWhenNotObfuscated()
+        public void ObfuscateUrlPath_ReturnsNullWhenNotObfuscated()
         {
             //Arrange
             var urlInput = "newtest/{user}";
@@ -41,7 +63,7 @@ public void ObfuscateRoutePath_ReturnsNullWhenNotObfuscated()
         }
 
         [Fact]
-        public void ObfuscateRoutePath_CorrectObfuscation()
+        public void ObfuscateUrlPath_ReturnsObfuscatedPathWhenObfuscated()
         {
             //Arrange
             var routes = new RouteCollection();
@@ -55,4 +77,4 @@ public void ObfuscateRoutePath_CorrectObfuscation()
             Assert.Equal($"test/{_obfuscatedValue}", obfuscated);
         }
     }
-}
+}
\ No newline at end of file
diff --git a/tests/NuGetGallery.Facts/Framework/TestAuditingService.cs b/tests/NuGetGallery.Facts/Framework/TestAuditingService.cs
index 38d4e33886..6d016562f6 100644
--- a/tests/NuGetGallery.Facts/Framework/TestAuditingService.cs
+++ b/tests/NuGetGallery.Facts/Framework/TestAuditingService.cs
@@ -24,6 +24,11 @@ public Task SaveAuditRecordAsync(AuditRecord record)
 
     public static class AuditingServiceTestExtensions
     {
+        public static bool WroteRecord<T>(this IAuditingService self) where T : AuditRecord
+        {
+            return self.WroteRecord<T>(ar => true);
+        }
+
         public static bool WroteRecord<T>(this IAuditingService self, Func<T, bool> predicate) where T : AuditRecord
         {
             TestAuditingService testService = self as TestAuditingService;
diff --git a/tests/NuGetGallery.Facts/Framework/UnitTestBindings.cs b/tests/NuGetGallery.Facts/Framework/UnitTestBindings.cs
index be3c45e689..487277d6e8 100644
--- a/tests/NuGetGallery.Facts/Framework/UnitTestBindings.cs
+++ b/tests/NuGetGallery.Facts/Framework/UnitTestBindings.cs
@@ -90,7 +90,7 @@ protected override void Load(ContainerBuilder builder)
 
                 foreach (var user in fakes.Users)
                 {
-                    mockService.Setup(u => u.FindByUsername(user.Username)).Returns(user);
+                    mockService.Setup(u => u.FindByUsername(user.Username, false)).Returns(user);
                 }
 
                 return mockService.Object;
diff --git a/tests/NuGetGallery.Facts/Helpers/ObfuscationHelperFacts.cs b/tests/NuGetGallery.Facts/Helpers/ObfuscationHelperFacts.cs
new file mode 100644
index 0000000000..593f73371f
--- /dev/null
+++ b/tests/NuGetGallery.Facts/Helpers/ObfuscationHelperFacts.cs
@@ -0,0 +1,72 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Web;
+using System.Web.Routing;
+using Moq;
+using Xunit;
+
+namespace NuGetGallery.Helpers
+{
+    public class ObfuscationHelperFacts
+    {
+        public class TheObfuscateCurrentRequestUrlFacts
+        {
+            private const string _relativeTestPath = "profiles/user1";
+            private RouteCollection _currentRoutes;
+
+            public TheObfuscateCurrentRequestUrlFacts()
+            {
+                if (_currentRoutes == null)
+                {
+                    _currentRoutes = new RouteCollection();
+                    Routes.RegisterApiV2Routes(_currentRoutes);
+                    Routes.RegisterUIRoutes(_currentRoutes);
+                }
+            }
+
+            [Fact]
+            public void WithNullContextReturnsEmptyString()
+            {
+                // Assert + Assert
+                var result = ObfuscationHelper.ObfuscateRequestUrl(null, _currentRoutes);
+                Assert.Equal("", result);
+            }
+
+            [Fact]
+            public void WithNullRoutesReturnsEmptyString()
+            {
+                //Arrange 
+                var context = GetMockedHttpContext();
+
+                // Assert + Assert
+                var result = ObfuscationHelper.ObfuscateRequestUrl(context, null);
+                Assert.Equal("", result);
+            }
+
+            [Fact]
+            public void ValidData()
+            {
+                //Arrange 
+                var context = GetMockedHttpContext();
+
+                // Assert + Assert
+                var result = ObfuscationHelper.ObfuscateRequestUrl(context, _currentRoutes);
+                Assert.Equal("profiles/ObfuscatedUserName", result);
+            }
+
+            private HttpContextBase GetMockedHttpContext()
+            {
+                var context = new Mock<HttpContextBase>();
+                var request = new Mock<HttpRequestBase>();
+                context.Setup(ctx => ctx.Request).Returns(request.Object);
+                
+                request.Setup(req => req.Url).Returns(new Uri($"https://localhost/{_relativeTestPath}"));
+                request.Setup(req => req.AppRelativeCurrentExecutionFilePath).Returns($"~/{_relativeTestPath}");
+                return context.Object;
+            }
+        }
+    }
+}
+
diff --git a/tests/NuGetGallery.Facts/NuGetGallery.Facts.csproj b/tests/NuGetGallery.Facts/NuGetGallery.Facts.csproj
index 654fce1407..9d5659685f 100644
--- a/tests/NuGetGallery.Facts/NuGetGallery.Facts.csproj
+++ b/tests/NuGetGallery.Facts/NuGetGallery.Facts.csproj
@@ -217,21 +217,21 @@
     <Reference Include="NuGet.Protocol, Version=4.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\..\packages\NuGet.Protocol.4.3.0-preview1-2524\lib\net45\NuGet.Protocol.dll</HintPath>
     </Reference>
-    <Reference Include="NuGet.Services.Contracts, Version=2.10.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\NuGet.Services.Contracts.2.10.0\lib\net45\NuGet.Services.Contracts.dll</HintPath>
+    <Reference Include="NuGet.Services.Contracts, Version=2.25.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\NuGet.Services.Contracts.2.25.0-master-30191\lib\net45\NuGet.Services.Contracts.dll</HintPath>
     </Reference>
     <Reference Include="NuGet.Services.KeyVault, Version=1.0.0.0, Culture=neutral, processorArchitecture=MSIL">
       <HintPath>..\..\packages\NuGet.Services.KeyVault.1.0.0.0\lib\net45\NuGet.Services.KeyVault.dll</HintPath>
       <Private>True</Private>
     </Reference>
-    <Reference Include="NuGet.Services.ServiceBus, Version=2.10.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\NuGet.Services.ServiceBus.2.10.0\lib\net45\NuGet.Services.ServiceBus.dll</HintPath>
+    <Reference Include="NuGet.Services.ServiceBus, Version=2.25.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\NuGet.Services.ServiceBus.2.25.0-master-30191\lib\net45\NuGet.Services.ServiceBus.dll</HintPath>
     </Reference>
-    <Reference Include="NuGet.Services.Validation, Version=2.10.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\NuGet.Services.Validation.2.10.0\lib\net45\NuGet.Services.Validation.dll</HintPath>
+    <Reference Include="NuGet.Services.Validation, Version=2.25.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\NuGet.Services.Validation.2.25.0-master-30191\lib\net45\NuGet.Services.Validation.dll</HintPath>
     </Reference>
-    <Reference Include="NuGet.Services.Validation.Issues, Version=2.10.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\NuGet.Services.Validation.Issues.2.10.0\lib\net45\NuGet.Services.Validation.Issues.dll</HintPath>
+    <Reference Include="NuGet.Services.Validation.Issues, Version=2.25.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\NuGet.Services.Validation.Issues.2.25.0-master-30191\lib\net45\NuGet.Services.Validation.Issues.dll</HintPath>
     </Reference>
     <Reference Include="NuGet.Versioning, Version=4.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\..\packages\NuGet.Versioning.4.3.0-preview1-2524\lib\net45\NuGet.Versioning.dll</HintPath>
@@ -266,10 +266,7 @@
     </Reference>
     <Reference Include="System.IO.Compression" />
     <Reference Include="System.Net" />
-    <Reference Include="System.Net.Http, Version=4.1.1.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\System.Net.Http.4.3.0-beta-24431-01\lib\net46\System.Net.Http.dll</HintPath>
-      <Private>True</Private>
-    </Reference>
+    <Reference Include="System.Net.Http" />
     <Reference Include="System.Net.Http.Extensions, Version=2.2.29.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
       <HintPath>..\..\packages\Microsoft.Net.Http.2.2.29\lib\net45\System.Net.Http.Extensions.dll</HintPath>
@@ -413,6 +410,7 @@
     <Compile Include="Extensions\OrganizationExtensionsFacts.cs" />
     <Compile Include="Filters\UIAuthorizeAttributeFacts.cs" />
     <Compile Include="Framework\MemberDataHelper.cs" />
+    <Compile Include="Helpers\ObfuscationHelperFacts.cs" />
     <Compile Include="Infrastructure\Authentication\ApiKeyV3Facts.cs" />
     <Compile Include="Infrastructure\Authentication\ApiKeyV4Facts.cs" />
     <Compile Include="Infrastructure\Authentication\V3HasherTests.cs" />
@@ -444,9 +442,14 @@
     <Compile Include="Helpers\HtmlExtensionsFacts.cs" />
     <Compile Include="HttpContextBaseExtensionsFacts.cs" />
     <Compile Include="Infrastructure\Authentication\Base32EncoderTests.cs" />
+    <Compile Include="Security\ControlRequiredSignerPolicyFacts.cs" />
+    <Compile Include="Security\AutomaticallyOverwriteRequiredSignerPolicyFacts.cs" />
     <Compile Include="Security\RequireMinProtocolVersionForPushPolicyFacts.cs" />
     <Compile Include="Security\RequireOrganizationTenantPolicyFacts.cs" />
     <Compile Include="Services\ActionRequiringEntityPermissionsFacts.cs" />
+    <Compile Include="Services\CloudDownloadCountServiceFacts.cs" />
+    <Compile Include="Services\CertificateServiceFacts.cs" />
+    <Compile Include="Services\CertificateValidatorFacts.cs" />
     <Compile Include="Services\DeleteAccountServiceFacts.cs" />
     <Compile Include="Services\JsonStatisticsServiceFacts.cs" />
     <Compile Include="Services\ContentObjectServiceFacts.cs" />
@@ -547,16 +550,19 @@
     <Compile Include="TestUtils\OwinAssert.cs" />
     <Compile Include="TestUtils\OwinTestExtensions.cs" />
     <Compile Include="TestUtils\ResultAssert.cs" />
+    <Compile Include="TestUtils\StubHttpPostedFile.cs" />
     <Compile Include="TestUtils\TestServiceUtility.cs" />
     <Compile Include="TestUtils\TestDataUtility.cs" />
     <Compile Include="TestUtils\TestUtility.cs" />
     <Compile Include="UrlExtensionsFacts.cs" />
-    <Compile Include="ViewModels\DeleteAccountViewModelFacts.cs" />
     <Compile Include="ViewModels\DependencySetsViewModelFacts.cs" />
     <Compile Include="ViewModels\DisplayPackageViewModelFacts.cs" />
+    <Compile Include="ViewModels\ListCertificateItemViewModelFacts.cs" />
+    <Compile Include="ViewModels\ListPackageItemRequiredSignerViewModelFacts.cs" />
     <Compile Include="ViewModels\ListPackageItemViewModelFacts.cs" />
     <Compile Include="ViewModels\PackageViewModelFacts.cs" />
     <Compile Include="ViewModels\PreviousNextPagerViewModelFacts.cs" />
+    <Compile Include="ViewModels\SignerViewModelFacts.cs" />
     <Compile Include="ViewModels\UserProfileModelFacts.cs" />
     <Compile Include="Views\Packages\ValidationIssueFacts.cs" />
     <Compile Include="Views\UrlHelperFacts.cs" />
@@ -571,6 +577,7 @@
     <None Include="packages.config">
       <SubType>Designer</SubType>
     </None>
+    <EmbeddedResource Include="TestData\certificate.cer" />
   </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\..\src\NuGet.Services.Search.Client\NuGet.Services.Search.Client.csproj">
diff --git a/tests/NuGetGallery.Facts/Security/AutomaticallyOverwriteRequiredSignerPolicyFacts.cs b/tests/NuGetGallery.Facts/Security/AutomaticallyOverwriteRequiredSignerPolicyFacts.cs
new file mode 100644
index 0000000000..65533424b5
--- /dev/null
+++ b/tests/NuGetGallery.Facts/Security/AutomaticallyOverwriteRequiredSignerPolicyFacts.cs
@@ -0,0 +1,62 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using Xunit;
+
+namespace NuGetGallery.Security
+{
+    public class AutomaticallyOverwriteRequiredSignerPolicyFacts
+    {
+        [Fact]
+        public void PolicyName_IsTypeName()
+        {
+            Assert.Equal(
+                nameof(AutomaticallyOverwriteRequiredSignerPolicy),
+                AutomaticallyOverwriteRequiredSignerPolicy.PolicyName);
+        }
+
+        [Fact]
+        public void Constructor_InitializesProperties()
+        {
+            var policy = new AutomaticallyOverwriteRequiredSignerPolicy();
+
+            Assert.Equal(nameof(AutomaticallyOverwriteRequiredSignerPolicy), policy.Name);
+            Assert.Equal(nameof(AutomaticallyOverwriteRequiredSignerPolicy), policy.SubscriptionName);
+            Assert.Equal(SecurityPolicyAction.AutomaticallyOverwriteRequiredSigner, policy.Action);
+            Assert.Equal(1, policy.Policies.Count());
+            Assert.Equal(nameof(AutomaticallyOverwriteRequiredSignerPolicy), policy.Policies.Single().Name);
+            Assert.Equal(nameof(AutomaticallyOverwriteRequiredSignerPolicy), policy.Policies.Single().Subscription);
+        }
+
+        [Fact]
+        public void Evaluate_Throws()
+        {
+            var policy = new AutomaticallyOverwriteRequiredSignerPolicy();
+
+            Assert.Throws<NotImplementedException>(() => policy.Evaluate(context: null));
+        }
+
+        [Fact]
+        public void OnSubscribeAsync_ReturnsCompletedTask()
+        {
+            var policy = new AutomaticallyOverwriteRequiredSignerPolicy();
+
+            var task = policy.OnSubscribeAsync(context: null);
+
+            Assert.Same(Task.CompletedTask, task);
+        }
+
+        [Fact]
+        public void OnUnsubscribeAsync_ReturnsCompletedTask()
+        {
+            var policy = new AutomaticallyOverwriteRequiredSignerPolicy();
+
+            var task = policy.OnSubscribeAsync(context: null);
+
+            Assert.Same(Task.CompletedTask, task);
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/NuGetGallery.Facts/Security/ControlRequiredSignerPolicyFacts.cs b/tests/NuGetGallery.Facts/Security/ControlRequiredSignerPolicyFacts.cs
new file mode 100644
index 0000000000..f2825f8e0e
--- /dev/null
+++ b/tests/NuGetGallery.Facts/Security/ControlRequiredSignerPolicyFacts.cs
@@ -0,0 +1,60 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using Xunit;
+
+namespace NuGetGallery.Security
+{
+    public class ControlRequiredSignerPolicyFacts
+    {
+        [Fact]
+        public void PolicyName_IsTypeName()
+        {
+            Assert.Equal(nameof(ControlRequiredSignerPolicy), ControlRequiredSignerPolicy.PolicyName);
+        }
+
+        [Fact]
+        public void Constructor_InitializesProperties()
+        {
+            var policy = new ControlRequiredSignerPolicy();
+
+            Assert.Equal(nameof(ControlRequiredSignerPolicy), policy.Name);
+            Assert.Equal(nameof(ControlRequiredSignerPolicy), policy.SubscriptionName);
+            Assert.Equal(SecurityPolicyAction.ControlRequiredSigner, policy.Action);
+            Assert.Equal(1, policy.Policies.Count());
+            Assert.Equal(nameof(ControlRequiredSignerPolicy), policy.Policies.Single().Name);
+            Assert.Equal(nameof(ControlRequiredSignerPolicy), policy.Policies.Single().Subscription);
+        }
+
+        [Fact]
+        public void Evaluate_Throws()
+        {
+            var policy = new ControlRequiredSignerPolicy();
+
+            Assert.Throws<NotImplementedException>(() => policy.Evaluate(context: null));
+        }
+
+        [Fact]
+        public void OnSubscribeAsync_ReturnsCompletedTask()
+        {
+            var policy = new ControlRequiredSignerPolicy();
+
+            var task = policy.OnSubscribeAsync(context: null);
+
+            Assert.Same(Task.CompletedTask, task);
+        }
+
+        [Fact]
+        public void OnUnsubscribeAsync_ReturnsCompletedTask()
+        {
+            var policy = new ControlRequiredSignerPolicy();
+
+            var task = policy.OnSubscribeAsync(context: null);
+
+            Assert.Same(Task.CompletedTask, task);
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/NuGetGallery.Facts/Security/SecurityPolicyServiceFacts.cs b/tests/NuGetGallery.Facts/Security/SecurityPolicyServiceFacts.cs
index 9e07ddfa1a..a34c8537d4 100644
--- a/tests/NuGetGallery.Facts/Security/SecurityPolicyServiceFacts.cs
+++ b/tests/NuGetGallery.Facts/Security/SecurityPolicyServiceFacts.cs
@@ -55,10 +55,12 @@ public void UserHandlers_ReturnsRegisteredUserSecurityPolicyHandlers()
 
             // Assert
             Assert.NotNull(handlers);
-            Assert.Equal(3, handlers.Count);
+            Assert.Equal(5, handlers.Count);
             Assert.Equal(typeof(RequirePackageVerifyScopePolicy), handlers[0].GetType());
             Assert.Equal(typeof(RequireMinProtocolVersionForPushPolicy), handlers[1].GetType());
             Assert.Equal(typeof(RequireOrganizationTenantPolicy), handlers[2].GetType());
+            Assert.Equal(typeof(ControlRequiredSignerPolicy), handlers[3].GetType());
+            Assert.Equal(typeof(AutomaticallyOverwriteRequiredSignerPolicy), handlers[4].GetType());
         }
 
         [Fact]
diff --git a/tests/NuGetGallery.Facts/Services/CertificateServiceFacts.cs b/tests/NuGetGallery.Facts/Services/CertificateServiceFacts.cs
new file mode 100644
index 0000000000..724272f259
--- /dev/null
+++ b/tests/NuGetGallery.Facts/Services/CertificateServiceFacts.cs
@@ -0,0 +1,556 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Data.Entity;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Web;
+using Moq;
+using NuGetGallery.Auditing;
+using Xunit;
+
+namespace NuGetGallery.Services
+{
+    public class CertificateServiceFacts
+    {
+        private static readonly byte[] _certificateBytes = Encoding.UTF8.GetBytes("certificate");
+        private const string _sha1Thumbprint = "735ad571c189d7ba84464bf4a9f1d2280175b128";
+        private const string _sha256Thumbprint = "03d66dd08835c1ca3f128cceacd1f31ac94163096b20f445ae84285bc0832d72";
+
+        private readonly Mock<IAuditingService> _auditingService;
+        private readonly Mock<IEntityRepository<Certificate>> _certificateRepository;
+        private readonly Mock<ICertificateValidator> _certificateValidator;
+        private readonly Mock<IEntitiesContext> _entitiesContext;
+        private readonly Mock<IFileStorageService> _fileStorageService;
+        private readonly Mock<ITelemetryService> _telemetryService;
+        private readonly Mock<IEntityRepository<User>> _userRepository;
+
+        private readonly User _user;
+        private readonly Certificate _certificate;
+
+        public CertificateServiceFacts()
+        {
+            _auditingService = new Mock<IAuditingService>(MockBehavior.Strict);
+            _certificateRepository = new Mock<IEntityRepository<Certificate>>(MockBehavior.Strict);
+            _certificateValidator = new Mock<ICertificateValidator>(MockBehavior.Strict);
+            _entitiesContext = new Mock<IEntitiesContext>(MockBehavior.Strict);
+            _fileStorageService = new Mock<IFileStorageService>(MockBehavior.Strict);
+            _telemetryService = new Mock<ITelemetryService>(MockBehavior.Strict);
+            _userRepository = new Mock<IEntityRepository<User>>(MockBehavior.Strict);
+
+            _user = new User()
+            {
+                Key = 3,
+                Username = "_user"
+            };
+            _certificate = new Certificate()
+            {
+                Key = 1,
+                Sha1Thumbprint = _sha1Thumbprint,
+                Thumbprint = _sha256Thumbprint,
+                UserCertificates = new List<UserCertificate>()
+            };
+        }
+
+        [Fact]
+        public void Constructor_WhenCertificateValidatorIsNull_Throws()
+        {
+            ICertificateValidator certificateValidator = null;
+
+            var exception = Assert.Throws<ArgumentNullException>(
+                () => new CertificateService(
+                    certificateValidator,
+                    _certificateRepository.Object,
+                    _userRepository.Object,
+                    _entitiesContext.Object,
+                    _fileStorageService.Object,
+                    _auditingService.Object,
+                    _telemetryService.Object));
+
+            Assert.Equal("certificateValidator", exception.ParamName);
+        }
+
+        [Fact]
+        public void Constructor_WhenCertificateRepositoryIsNull_Throws()
+        {
+            IEntityRepository<Certificate> certificateRepository = null;
+
+            var exception = Assert.Throws<ArgumentNullException>(
+                () => new CertificateService(
+                    _certificateValidator.Object,
+                    certificateRepository,
+                    _userRepository.Object,
+                    _entitiesContext.Object,
+                    _fileStorageService.Object,
+                    _auditingService.Object,
+                    _telemetryService.Object));
+
+            Assert.Equal("certificateRepository", exception.ParamName);
+        }
+
+        [Fact]
+        public void Constructor_WhenUserRepositoryIsNull_Throws()
+        {
+            IEntityRepository<User> userRepository = null;
+
+            var exception = Assert.Throws<ArgumentNullException>(
+                () => new CertificateService(
+                    _certificateValidator.Object,
+                    _certificateRepository.Object,
+                    userRepository,
+                    _entitiesContext.Object,
+                    _fileStorageService.Object,
+                    _auditingService.Object,
+                    _telemetryService.Object));
+
+            Assert.Equal("userRepository", exception.ParamName);
+        }
+
+        [Fact]
+        public void Constructor_WhenEntitiesContextIsNull_Throws()
+        {
+            IEntitiesContext entitiesContext = null;
+
+            var exception = Assert.Throws<ArgumentNullException>(
+                () => new CertificateService(
+                    _certificateValidator.Object,
+                    _certificateRepository.Object,
+                    _userRepository.Object,
+                    entitiesContext,
+                    _fileStorageService.Object,
+                    _auditingService.Object,
+                    _telemetryService.Object));
+
+            Assert.Equal("entitiesContext", exception.ParamName);
+        }
+
+        [Fact]
+        public void Constructor_WhenFileStorageServiceIsNull_Throws()
+        {
+            IFileStorageService fileStorageService = null;
+
+            var exception = Assert.Throws<ArgumentNullException>(
+                () => new CertificateService(
+                    _certificateValidator.Object,
+                    _certificateRepository.Object,
+                    _userRepository.Object,
+                    _entitiesContext.Object,
+                    fileStorageService,
+                    _auditingService.Object,
+                    _telemetryService.Object));
+
+            Assert.Equal("fileStorageService", exception.ParamName);
+        }
+
+        [Fact]
+        public void Constructor_WhenAuditingServiceIsNull_Throws()
+        {
+            IAuditingService auditingService = null;
+
+            var exception = Assert.Throws<ArgumentNullException>(
+                () => new CertificateService(
+                    _certificateValidator.Object,
+                    _certificateRepository.Object,
+                    _userRepository.Object,
+                    _entitiesContext.Object,
+                    _fileStorageService.Object,
+                    auditingService,
+                    _telemetryService.Object));
+
+            Assert.Equal("auditingService", exception.ParamName);
+        }
+
+        [Fact]
+        public void Constructor_WhenTelemetryServiceIsNull_Throws()
+        {
+            ITelemetryService telemetryService = null;
+
+            var exception = Assert.Throws<ArgumentNullException>(
+                () => new CertificateService(
+                    _certificateValidator.Object,
+                    _certificateRepository.Object,
+                    _userRepository.Object,
+                    _entitiesContext.Object,
+                    _fileStorageService.Object,
+                    _auditingService.Object,
+                    telemetryService));
+
+            Assert.Equal("telemetryService", exception.ParamName);
+        }
+
+        [Fact]
+        public async Task AddCertificateAsync_WhenFileIsNull_Throws()
+        {
+            var service = GetCertificateService();
+
+            var exception = await Assert.ThrowsAsync<ArgumentNullException>(
+                () => service.AddCertificateAsync(file: null));
+
+            Assert.Equal("file", exception.ParamName);
+        }
+
+        [Fact]
+        public async Task AddCertificateAsync_WhenCertificateDoesNotAlreadyExistInEntitiesContext_Succeeds()
+        {
+            _certificateValidator.Setup(x => x.Validate(It.IsNotNull<HttpPostedFileBase>()));
+            _certificateRepository.Setup(x => x.GetAll())
+                .Returns(new EnumerableQuery<Certificate>(Array.Empty<Certificate>()));
+            _certificateRepository.Setup(
+                x => x.InsertOnCommit(
+                    It.Is<Certificate>(certificate =>
+                        certificate.Sha1Thumbprint == _sha1Thumbprint &&
+                        certificate.Thumbprint == _sha256Thumbprint)));
+            _certificateRepository.Setup(x => x.CommitChangesAsync())
+                .Returns(Task.CompletedTask);
+            _fileStorageService.Setup(
+                x => x.SaveFileAsync(
+                    It.Is<string>(folderName => folderName == CoreConstants.UserCertificatesFolderName),
+                    It.Is<string>(fileName => fileName == $"SHA-256/{_sha256Thumbprint}.cer"),
+                    It.IsNotNull<Stream>(),
+                    It.Is<bool>(overwrite => overwrite == false)))
+                .Returns(Task.CompletedTask);
+            _auditingService.Setup(
+                x => x.SaveAuditRecordAsync(
+                    It.Is<CertificateAuditRecord>(record =>
+                        record.Action == AuditedCertificateAction.Add && record.Thumbprint == _sha256Thumbprint)))
+                .Returns(Task.CompletedTask);
+            _telemetryService.Setup(
+                x => x.TrackCertificateAdded(It.Is<string>(thumbprint => thumbprint == _sha256Thumbprint)));
+
+            var service = GetCertificateService();
+
+            var file = GetFile();
+
+            using (file.InputStream)
+            {
+                var certificate = await service.AddCertificateAsync(file);
+
+                Assert.NotNull(certificate);
+                Assert.Equal(_sha1Thumbprint, certificate.Sha1Thumbprint);
+                Assert.Equal(_sha256Thumbprint, certificate.Thumbprint);
+            }
+
+            VerifyMockExpectations();
+        }
+
+        [Fact]
+        public async Task AddCertificateAsync_WhenCertificateAlreadyExistsInEntitiesContext_Succeeds()
+        {
+            _certificateValidator.Setup(x => x.Validate(It.IsNotNull<HttpPostedFileBase>()));
+            _certificateRepository.Setup(x => x.GetAll())
+                .Returns(new EnumerableQuery<Certificate>(new[] { _certificate }));
+
+            var service = GetCertificateService();
+
+            var file = GetFile();
+
+            using (file.InputStream)
+            {
+                var certificate = await service.AddCertificateAsync(file);
+
+                Assert.NotNull(certificate);
+                Assert.Equal(1, certificate.Key);
+                Assert.Equal(_sha1Thumbprint, certificate.Sha1Thumbprint);
+                Assert.Equal(_sha256Thumbprint, certificate.Thumbprint);
+            }
+
+            VerifyMockExpectations();
+        }
+
+        [Theory]
+        [InlineData(null)]
+        [InlineData("")]
+        public async Task ActivateCertificateAsync_WhenThumbprintIsInvalid_Throws(string thumbprint)
+        {
+            var service = GetCertificateService();
+
+            var exception = await Assert.ThrowsAsync<ArgumentException>(
+                () => service.ActivateCertificateAsync(thumbprint, new User()));
+
+            Assert.Equal("thumbprint", exception.ParamName);
+        }
+
+        [Fact]
+        public async Task ActivateCertificateAsync_WhenAccountIsNull_Throws()
+        {
+            var service = GetCertificateService();
+
+            var exception = await Assert.ThrowsAsync<ArgumentNullException>(
+                () => service.ActivateCertificateAsync(_sha256Thumbprint, account: null));
+
+            Assert.Equal("account", exception.ParamName);
+        }
+
+        [Fact]
+        public async Task ActivateCertificateAsync_WhenCertificateDoesNotAlreadyExistInEntitiesContext_Throws()
+        {
+            _certificateRepository.Setup(x => x.GetAll())
+                .Returns(new EnumerableQuery<Certificate>(Array.Empty<Certificate>()));
+
+            var service = GetCertificateService();
+
+            var exception = await Assert.ThrowsAsync<ArgumentException>(
+                () => service.ActivateCertificateAsync(_sha256Thumbprint, new User()));
+
+            Assert.Equal("thumbprint", exception.ParamName);
+            Assert.StartsWith("The certificate does not exist.", exception.Message);
+
+            VerifyMockExpectations();
+        }
+
+        [Fact]
+        public async Task ActivateCertificateAsync_WhenCertificateAlreadyExistsInEntitiesContextButUserCertificateDoesNot_Succeeds()
+        {
+            _certificateRepository.Setup(x => x.GetAll())
+                .Returns(new EnumerableQuery<Certificate>(new[] { _certificate }));
+
+            var userCertificates = new Mock<IDbSet<UserCertificate>>(MockBehavior.Strict);
+            var userCertificate = new UserCertificate()
+            {
+                Key = 7,
+                CertificateKey = _certificate.Key,
+                Certificate = _certificate,
+                UserKey = _user.Key,
+                User = _user
+            };
+            userCertificates.Setup(x => x.Add(It.Is<UserCertificate>(uc => uc.CertificateKey == _certificate.Key && uc.UserKey == _user.Key)))
+                .Returns(userCertificate);
+            _entitiesContext.SetupGet(x => x.UserCertificates)
+                .Returns(userCertificates.Object);
+            _entitiesContext.Setup(x => x.SaveChangesAsync())
+                .Returns(Task.FromResult(0))
+                .Callback(() => _certificate.UserCertificates.Add(userCertificate));
+            _auditingService.Setup(x => x.SaveAuditRecordAsync(
+                It.Is<CertificateAuditRecord>(
+                    record => record.Action == AuditedCertificateAction.Activate &&
+                        record.HashAlgorithm == "SHA-256" &&
+                        record.Thumbprint == _sha256Thumbprint)))
+                .Returns(Task.CompletedTask);
+            _telemetryService.Setup(x => x.TrackCertificateActivated(
+                It.Is<string>(thumbprint => thumbprint == _sha256Thumbprint)));
+
+            var service = GetCertificateService();
+
+            await service.ActivateCertificateAsync(_sha256Thumbprint, _user);
+
+            userCertificate = _certificate.UserCertificates.Single();
+
+            Assert.Same(_certificate, userCertificate.Certificate);
+            Assert.Same(_user, userCertificate.User);
+
+            VerifyMockExpectations();
+
+            userCertificates.VerifyAll();
+        }
+
+        [Fact]
+        public async Task ActivateCertificateAsync_WhenCertificateAndUserCertificateAlreadyExistInEntitiesContext_Succeeds()
+        {
+            _certificate.UserCertificates.Add(new UserCertificate()
+            {
+                Key = 7,
+                UserKey = _user.Key,
+                User = _user,
+                CertificateKey = _certificate.Key,
+                Certificate = _certificate
+            });
+
+            _certificateRepository.Setup(x => x.GetAll())
+                .Returns(new EnumerableQuery<Certificate>(new[] { _certificate }));
+
+            var service = GetCertificateService();
+
+            await service.ActivateCertificateAsync(_sha256Thumbprint, _user);
+
+            var userCertificate = _certificate.UserCertificates.Single();
+
+            Assert.Same(_certificate, userCertificate.Certificate);
+            Assert.Same(_user, userCertificate.User);
+
+            VerifyMockExpectations();
+        }
+
+        [Theory]
+        [InlineData(null)]
+        [InlineData("")]
+        public async Task DeactivateCertificateAsync_WhenThumbprintIsInvalid_Throws(string thumbprint)
+        {
+            var service = GetCertificateService();
+
+            var exception = await Assert.ThrowsAsync<ArgumentException>(
+                () => service.DeactivateCertificateAsync(thumbprint, new User()));
+
+            Assert.Equal("thumbprint", exception.ParamName);
+        }
+
+        [Fact]
+        public async Task DeativateCertificateAsync_WhenAccountIsNull_Throws()
+        {
+            var service = GetCertificateService();
+
+            var exception = await Assert.ThrowsAsync<ArgumentNullException>(
+                () => service.DeactivateCertificateAsync(_sha256Thumbprint, account: null));
+
+            Assert.Equal("account", exception.ParamName);
+        }
+
+        [Fact]
+        public async Task DeativateCertificateAsync_WhenCertificateDoesNotAlreadyExistInEntitiesContext_Throws()
+        {
+            _certificateRepository.Setup(x => x.GetAll())
+                .Returns(new EnumerableQuery<Certificate>(Array.Empty<Certificate>()));
+
+            var service = GetCertificateService();
+
+            var exception = await Assert.ThrowsAsync<ArgumentException>(
+                () => service.DeactivateCertificateAsync(_sha256Thumbprint, new User()));
+
+            Assert.Equal("thumbprint", exception.ParamName);
+            Assert.StartsWith("The certificate does not exist.", exception.Message);
+
+            VerifyMockExpectations();
+        }
+
+        [Fact]
+        public async Task DeactivateCertificateAsync_WhenCertificateAlreadyExistsInEntitiesContextButUserCertificateDoesNot_Succeeds()
+        {
+            _certificateRepository.Setup(x => x.GetAll())
+                .Returns(new EnumerableQuery<Certificate>(new[] { _certificate }));
+
+            var service = GetCertificateService();
+
+            await service.DeactivateCertificateAsync(_sha256Thumbprint, _user);
+
+            Assert.Empty(_certificate.UserCertificates);
+
+            VerifyMockExpectations();
+        }
+
+        [Fact]
+        public async Task DeativateCertificateAsync_WhenCertificateAndUserCertificateAlreadyExistInEntitiesContextAndUserCertificate_Succeeds()
+        {
+            _certificate.UserCertificates.Add(new UserCertificate()
+            {
+                Key = 7,
+                UserKey = _user.Key,
+                User = _user,
+                CertificateKey = _certificate.Key,
+                Certificate = _certificate
+            });
+
+            _certificateRepository.Setup(x => x.GetAll())
+                .Returns(new EnumerableQuery<Certificate>(new[] { _certificate }));
+            _entitiesContext.Setup(x => x.DeleteOnCommit(
+                It.Is<UserCertificate>(uc => uc.CertificateKey == _certificate.Key && uc.UserKey == _user.Key)));
+            _entitiesContext.Setup(x => x.SaveChangesAsync())
+                .ReturnsAsync(0)
+                .Callback(() =>
+                {
+                    _certificate.UserCertificates.Clear();
+                });
+            _auditingService.Setup(x => x.SaveAuditRecordAsync(
+                It.Is<CertificateAuditRecord>(
+                    record => record.Action == AuditedCertificateAction.Deactivate &&
+                        record.HashAlgorithm == "SHA-256" &&
+                        record.Thumbprint == _sha256Thumbprint)))
+                .Returns(Task.CompletedTask);
+            _telemetryService.Setup(x => x.TrackCertificateDeactivated(
+                It.Is<string>(thumbprint => thumbprint == _sha256Thumbprint)));
+
+            var service = GetCertificateService();
+
+            await service.DeactivateCertificateAsync(_sha256Thumbprint, _user);
+
+            var userCertificate = _certificate.UserCertificates.SingleOrDefault();
+
+            Assert.Null(userCertificate);
+
+            VerifyMockExpectations();
+        }
+
+        [Fact]
+        public void GetCertificates_WhenAccountIsNull_Throws()
+        {
+            var service = GetCertificateService();
+
+            var exception = Assert.Throws<ArgumentNullException>(
+                () => service.GetCertificates(account: null));
+
+            Assert.Equal("account", exception.ParamName);
+        }
+
+        [Fact]
+        public void GetCertificates_WhenNoUserCertificatesExistInEntitiesContext_ReturnsEmptyEnumerable()
+        {
+            _userRepository.Setup(x => x.GetAll())
+                .Returns(new EnumerableQuery<User>(new[] { _user }));
+
+            var service = GetCertificateService();
+
+            var certificates = service.GetCertificates(_user);
+
+            Assert.Empty(certificates);
+
+            VerifyMockExpectations();
+        }
+
+        [Fact]
+        public void GetCertificates_WhenUserCertificateExistsInEntitiesContext_ReturnsCertificate()
+        {
+            _user.UserCertificates.Add(new UserCertificate()
+            {
+                Key = 7,
+                UserKey = _user.Key,
+                User = _user,
+                CertificateKey = _certificate.Key,
+                Certificate = _certificate
+            });
+
+            _userRepository.Setup(x => x.GetAll())
+                .Returns(new EnumerableQuery<User>(new[] { _user }));
+
+            var service = GetCertificateService();
+
+            var certificates = service.GetCertificates(_user);
+
+            Assert.Equal(1, certificates.Count());
+            Assert.Same(_certificate, certificates.Single());
+
+            VerifyMockExpectations();
+        }
+
+        private StubHttpPostedFile GetFile()
+        {
+            var stream = new MemoryStream(_certificateBytes);
+
+            return new StubHttpPostedFile((int)stream.Length, "certificate.cer", stream);
+        }
+
+        private CertificateService GetCertificateService()
+        {
+            return new CertificateService(
+                _certificateValidator.Object,
+                _certificateRepository.Object,
+                _userRepository.Object,
+                _entitiesContext.Object,
+                _fileStorageService.Object,
+                _auditingService.Object,
+                _telemetryService.Object);
+        }
+
+        private void VerifyMockExpectations()
+        {
+            _certificateValidator.VerifyAll();
+            _certificateRepository.VerifyAll();
+            _userRepository.VerifyAll();
+            _entitiesContext.VerifyAll();
+            _fileStorageService.VerifyAll();
+            _auditingService.VerifyAll();
+            _telemetryService.VerifyAll();
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/NuGetGallery.Facts/Services/CertificateValidatorFacts.cs b/tests/NuGetGallery.Facts/Services/CertificateValidatorFacts.cs
new file mode 100644
index 0000000000..5b5b1eb536
--- /dev/null
+++ b/tests/NuGetGallery.Facts/Services/CertificateValidatorFacts.cs
@@ -0,0 +1,250 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.IO;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using Xunit;
+
+namespace NuGetGallery.Services
+{
+    public class CertificateValidatorFacts
+    {
+        private const int MaximumSizeInBytes = 10000;
+
+        [Fact]
+        public void Validate_WhenFileIsNull_Throws()
+        {
+            var exception = Assert.Throws<UserSafeException>(() => new CertificateValidator().Validate(file: null));
+
+            Assert.Equal("file", ((ArgumentNullException)exception.InnerException).ParamName);
+            Assert.Equal("A certificate file is required.", exception.Message);
+        }
+
+        [Theory]
+        [InlineData(null)]
+        [InlineData("")]
+        [InlineData(".")]
+        [InlineData("a.crt")]
+        [InlineData("a.pfx")]
+        [InlineData(".pfx")]
+        public void Validate_WhenFileExtensionIsInvalid_Throws(string fileName)
+        {
+            var file = new StubHttpPostedFile(contentLength: 1024, fileName: fileName, inputStream: Stream.Null);
+            var exception = Assert.Throws<UserSafeException>(() => new CertificateValidator().Validate(file));
+
+            Assert.Equal("The file extension must be .cer.", exception.Message);
+        }
+
+        [Fact]
+        public void Validate_WhenStreamIsNull_Throws()
+        {
+            var file = new StubHttpPostedFile(contentLength: 1024, fileName: "a.cer", inputStream: null);
+            var exception = Assert.Throws<UserSafeException>(() => new CertificateValidator().Validate(file));
+
+            Assert.Equal("The file stream is invalid.", exception.Message);
+        }
+
+        [Fact]
+        public void Validate_WhenStreamIsNotSeekable_Throws()
+        {
+            using (var stream = new NonSeekableStream())
+            {
+                var file = new StubHttpPostedFile(contentLength: 1024, fileName: "a.cer", inputStream: stream);
+                var exception = Assert.Throws<UserSafeException>(() => new CertificateValidator().Validate(file));
+
+                Assert.Equal("The file stream must be seekable.", exception.Message);
+            }
+        }
+
+        [Theory]
+        [InlineData(-1)]
+        [InlineData(0)]
+        public void Validate_WhenContentLengthIsTooSmall_Throws(int contentLength)
+        {
+            var file = new StubHttpPostedFile(contentLength, "a.cer", Stream.Null);
+            var exception = Assert.Throws<UserSafeException>(() => new CertificateValidator().Validate(file));
+
+            Assert.Equal("The file length is invalid.", exception.Message);
+        }
+
+        [Theory]
+        [InlineData(-1)]
+        [InlineData(0)]
+        public void Validate_WhenStreamLengthIsTooSmall_Throws(long streamLength)
+        {
+            using (var stream = new CustomLengthStream(streamLength))
+            {
+                var file = new StubHttpPostedFile(contentLength: 1024, fileName: "a.cer", inputStream: stream);
+                var exception = Assert.Throws<UserSafeException>(() => new CertificateValidator().Validate(file));
+
+                Assert.Equal("The file length is invalid.", exception.Message);
+            }
+        }
+
+        [Fact]
+        public void Validate_WhenContentLengthIsTooLarge_Throws()
+        {
+            using (var stream = GetDerEncodedCertificateStream())
+            {
+                var file = new StubHttpPostedFile(contentLength: MaximumSizeInBytes + 1, fileName: "a.cer", inputStream: stream);
+                var exception = Assert.Throws<UserSafeException>(() => new CertificateValidator().Validate(file));
+
+                Assert.Equal($"The file exceeds the size limit of {MaximumSizeInBytes} bytes.", exception.Message);
+            }
+        }
+
+        [Fact]
+        public void Validate_WhenStreamLengthIsTooLarge_Throws()
+        {
+            using (var stream = new CustomLengthStream(MaximumSizeInBytes + 1))
+            {
+                var file = new StubHttpPostedFile(contentLength: 1024, fileName: "a.cer", inputStream: stream);
+                var exception = Assert.Throws<UserSafeException>(() => new CertificateValidator().Validate(file));
+
+                Assert.Equal($"The file exceeds the size limit of {MaximumSizeInBytes} bytes.", exception.Message);
+            }
+        }
+
+        [Fact]
+        public void Validate_WhenStreamIsPfx_Throws()
+        {
+            using (var stream = GetPfxStream())
+            {
+                var file = new StubHttpPostedFile((int)stream.Length, fileName: "a.cer", inputStream: stream);
+                var exception = Assert.Throws<UserSafeException>(() => new CertificateValidator().Validate(file));
+
+                Assert.Equal("The file must be a DER encoded binary X.509 certificate.", exception.Message);
+            }
+        }
+
+        [Fact]
+        public void Validate_WhenStreamIsPemEncodedCertificate_Throws()
+        {
+            using (var stream = GetPemEncodedCertificateStream())
+            {
+                var file = new StubHttpPostedFile((int)stream.Length, fileName: "a.cer", inputStream: stream);
+                var exception = Assert.Throws<UserSafeException>(() => new CertificateValidator().Validate(file));
+
+                Assert.Equal("The file must be a DER encoded binary X.509 certificate.", exception.Message);
+            }
+        }
+
+        [Fact]
+        public void Validate_WhenStreamIsDerEncodingIsMalformedShortFormLength_Throws()
+        {
+            var bytes = new byte[3];
+
+            bytes[0] = 0x30;  // constructed sequence
+            bytes[1] = 0x02;  // short form length
+
+            // The DER encoding says there's 2 bytes of content but the array only has 1 remaining byte.
+
+            using (var stream = new MemoryStream(bytes, writable: false))
+            {
+                var file = new StubHttpPostedFile((int)stream.Length, fileName: "a.cer", inputStream: stream);
+                var exception = Assert.Throws<UserSafeException>(() => new CertificateValidator().Validate(file));
+
+                Assert.Equal("The file must be a DER encoded binary X.509 certificate.", exception.Message);
+            }
+        }
+
+        [Fact]
+        public void Validate_WhenStreamIsDerEncodingIsMalformedLongFormLength_Throws()
+        {
+            var bytes = new byte[4];
+
+            bytes[0] = 0x30;  // constructed sequence
+            bytes[1] = 0x81;  // long form length
+            bytes[2] = 0x01;  // 256
+
+            // The DER encoding says there's 256 bytes of content but the array only has 1 remaining byte.
+
+            using (var stream = new MemoryStream(bytes, writable: false))
+            {
+                var file = new StubHttpPostedFile((int)stream.Length, fileName: "a.cer", inputStream: stream);
+                var exception = Assert.Throws<UserSafeException>(() => new CertificateValidator().Validate(file));
+
+                Assert.Equal("The file must be a DER encoded binary X.509 certificate.", exception.Message);
+            }
+        }
+
+        [Theory]
+        [InlineData("a.cer")]
+        [InlineData("A.CER")]
+        public void Validate_WhenStreamIsDerEncodedCertificate_Succeeds(string fileName)
+        {
+            using (var stream = GetDerEncodedCertificateStream())
+            {
+                var file = new StubHttpPostedFile((int)stream.Length, fileName, stream);
+
+                new CertificateValidator().Validate(file);
+            }
+        }
+
+        private byte[] GetResourceBytes(string name)
+        {
+            var resourceName = $"NuGetGallery.TestData.{name}";
+
+            using (var reader = new BinaryReader(GetType().Assembly.GetManifestResourceStream(resourceName)))
+            {
+                return reader.ReadBytes((int)reader.BaseStream.Length);
+            }
+        }
+
+        private X509Certificate2 GetCertificate()
+        {
+            return new X509Certificate2(GetResourceBytes("certificate.cer"));
+        }
+
+        private MemoryStream GetDerEncodedCertificateStream()
+        {
+            using (var certificate = GetCertificate())
+            {
+                return new MemoryStream(certificate.RawData, writable: false);
+            }
+        }
+
+        private MemoryStream GetPfxStream()
+        {
+            var builder = new StringBuilder();
+
+            builder.AppendLine("-----BEGIN CERTIFICATE-----");
+
+            using (var certificate = GetCertificate())
+            {
+                builder.AppendLine(Convert.ToBase64String(certificate.RawData, Base64FormattingOptions.InsertLineBreaks));
+            }
+
+            builder.AppendLine("-----END CERTIFICATE-----");
+
+            var pem = builder.ToString();
+
+            return new MemoryStream(Encoding.UTF8.GetBytes(pem), writable: false);
+        }
+
+        private MemoryStream GetPemEncodedCertificateStream()
+        {
+            using (var certificate = GetCertificate())
+            {
+                return new MemoryStream(certificate.Export(X509ContentType.Pfx), writable: false);
+            }
+        }
+
+        private sealed class NonSeekableStream : MemoryStream
+        {
+            public override bool CanSeek => false;
+        }
+
+        private sealed class CustomLengthStream : MemoryStream
+        {
+            public override long Length { get; }
+
+            internal CustomLengthStream(long length)
+            {
+                Length = length;
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/NuGetGallery.Facts/Services/CloudDownloadCountServiceFacts.cs b/tests/NuGetGallery.Facts/Services/CloudDownloadCountServiceFacts.cs
new file mode 100644
index 0000000000..864eda150b
--- /dev/null
+++ b/tests/NuGetGallery.Facts/Services/CloudDownloadCountServiceFacts.cs
@@ -0,0 +1,191 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Concurrent;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading;
+using System.Threading.Tasks;
+using Moq;
+using Xunit;
+
+namespace NuGetGallery
+{
+    public class CloudDownloadCountServiceFacts
+    {
+        public class TheTryGetDownloadCountForPackageRegistrationMethod : BaseFacts
+        {
+            [Theory]
+            [InlineData("NuGet.Versioning", "NuGet.Frameworks")]
+            [InlineData("NuGet.Versioning", " NuGet.Versioning ")]
+            [InlineData("NuGet.Versioning", "NuGet.Versioning ")]
+            [InlineData("NuGet.Versioning", " NuGet.Versioning")]
+            [InlineData("İ", "ı")]
+            [InlineData("İ", "i")]
+            [InlineData("İ", "I")]
+            [InlineData("ı", "İ")]
+            [InlineData("ı", "i")]
+            [InlineData("ı", "I")]
+            [InlineData("i", "İ")]
+            [InlineData("i", "ı")]
+            [InlineData("I", "İ")]
+            [InlineData("I", "ı")]
+            public void ReturnsZeroWhenIdDoesNotExist(string inputId, string contentId)
+            {
+                // Arrange
+                _content = $"[[\"{contentId}\",[\"4.6.0\",23],[\"4.6.2\",42]]";
+                _target.Refresh();
+
+                // Act
+                var found = _target.TryGetDownloadCountForPackageRegistration(inputId, out var actual);
+
+                // Assert
+                Assert.Equal(0, actual);
+                Assert.False(found, "The package ID should not have been found.");
+            }
+
+            [Theory]
+            [InlineData("NuGet.Versioning", "NuGet.Versioning")]
+            [InlineData("NUGET.VERSIONING", "nuget.versioning")]
+            [InlineData("nuget.versioning", "NUGET.VERSIONING")]
+            [InlineData("İ", "İ")]
+            [InlineData("ı", "ı")]
+            public void ReturnsSumOfVersionsWhenIdExists(string inputId, string contentId)
+            {
+                // Arrange
+                _content = $"[[\"{contentId}\",[\"4.6.0\",23],[\"4.6.2\",42]]";
+                _target.Refresh();
+
+                // Act
+                var found = _target.TryGetDownloadCountForPackageRegistration(inputId, out var actual);
+
+                // Assert
+                Assert.Equal(23 + 42, actual);
+                Assert.True(found, "The package ID should have been found.");
+            }
+
+            [Fact]
+            public async Task CanCalculatedDownloadCountsDuringRefresh()
+            {
+                // Arrange
+                var id = "NuGet.Versioning";
+                var duration = TimeSpan.FromSeconds(3);
+                var refreshTask = LoadNewVersionsAsync(id, TimeSpan.FromSeconds(1));
+                var getDownloadCountsTask = GetDownloadCountsAsync(id, duration);
+                _calculateSum = v => v.Sum(kvp => { Thread.Sleep(1); return kvp.Value; });
+
+                // Act & Assert
+                // We are just ensuring that no exception is thrown.
+                await Task.WhenAll(refreshTask, getDownloadCountsTask);
+            }
+
+            private async Task LoadNewVersionsAsync(string id, TimeSpan duration)
+            {
+                await Task.Yield();
+                var stopwatch = Stopwatch.StartNew();
+                var iteration = 0;
+                while (stopwatch.Elapsed < duration)
+                {
+                    iteration++;
+                    var version = $"0.0.0-beta{iteration}";
+                    _content = $"[[\"{id}\",[\"{version}\",1]]";
+                    _target.Refresh();
+                    await Task.Delay(5);
+                }
+            }
+
+            private async Task GetDownloadCountsAsync(string id, TimeSpan duration)
+            {
+                await Task.Yield();
+                var stopwatch = Stopwatch.StartNew();
+                while (stopwatch.Elapsed < duration)
+                {
+                    _target.TryGetDownloadCountForPackageRegistration(id, out var downloadCount);
+                    await Task.Delay(5);
+                }
+            }
+        }
+
+        public class TheTryGetDownloadCountForPackageMethod : BaseFacts
+        {
+            [Fact]
+            public void ReturnsZeroWhenVersionDoesNotExist()
+            {
+                // Arrange
+                _target.Refresh();
+
+                // Act
+                var found = _target.TryGetDownloadCountForPackage("NuGet.Versioning", "9.9.9", out var actual);
+
+                // Assert
+                Assert.Equal(0, actual);
+                Assert.False(found, "The package version should not have been found.");
+            }
+
+            [Fact]
+            public void ReturnsCountWhenVersionExists()
+            {
+                // Arrange
+                _target.Refresh();
+
+                // Act
+                var found = _target.TryGetDownloadCountForPackage("NuGet.Versioning", "4.6.0", out var actual);
+
+                // Assert
+                Assert.Equal(23, actual);
+                Assert.True(found, "The package version should have been found.");
+            }
+        }
+
+        public class BaseFacts
+        {
+            internal readonly Mock<ITelemetryClient> _telemetryService;
+            internal string _content;
+            internal Func<IDictionary<string, int>, int> _calculateSum;
+            internal TestableCloudDownloadCountService _target;
+
+            public BaseFacts()
+            {
+                _telemetryService = new Mock<ITelemetryClient>();
+                _content = "[[\"NuGet.Versioning\",[\"4.6.0\",23],[\"4.6.2\",42]]";
+                _calculateSum = null;
+                _target = new TestableCloudDownloadCountService(this);
+            }
+        }
+
+        public class TestableCloudDownloadCountService : CloudDownloadCountService
+        {
+            private readonly BaseFacts _baseFacts;
+
+            public TestableCloudDownloadCountService(BaseFacts baseFacts)
+                    : base(baseFacts._telemetryService.Object, "UseDevelopmentStorage=true", readAccessGeoRedundant: true)
+            {
+                _baseFacts = baseFacts;
+            }
+
+            protected override int CalculateSum(ConcurrentDictionary<string, int> versions)
+            {
+                if (_baseFacts._calculateSum == null)
+                {
+                    return base.CalculateSum(versions);
+                }
+
+                return _baseFacts._calculateSum(versions);
+            }
+
+            protected override Stream GetBlobStream()
+            {
+                if (_baseFacts._content == null)
+                {
+                    return null;
+                }
+
+                return new MemoryStream(Encoding.UTF8.GetBytes(_baseFacts._content));
+            }
+        }
+    }
+}
diff --git a/tests/NuGetGallery.Facts/Services/ContentObjectServiceFacts.cs b/tests/NuGetGallery.Facts/Services/ContentObjectServiceFacts.cs
index 1847b194d5..38fd7b2379 100644
--- a/tests/NuGetGallery.Facts/Services/ContentObjectServiceFacts.cs
+++ b/tests/NuGetGallery.Facts/Services/ContentObjectServiceFacts.cs
@@ -34,9 +34,8 @@ public async Task RefreshRefreshesObject()
                 var exceptions = new[] { "exception@example.com" };
                 var shouldTransforms = new[] { "transfomer@example.com" };
                 var orgTenantPairs = new[] { new OrganizationTenantPair("example.com", "tenantId") };
-                var orgsEnabledForAll = true;
 
-                var config = new LoginDiscontinuationConfiguration(emails, domains, exceptions, shouldTransforms, orgTenantPairs, orgsEnabledForAll);
+                var config = new LoginDiscontinuationConfiguration(emails, domains, exceptions, shouldTransforms, orgTenantPairs);
                 var configString = JsonConvert.SerializeObject(config);
 
                 GetMock<IContentService>()
@@ -54,7 +53,6 @@ public async Task RefreshRefreshesObject()
                 Assert.True(loginDiscontinuationConfiguration.DiscontinuedForDomains.SequenceEqual(domains));
                 Assert.True(loginDiscontinuationConfiguration.ExceptionsForEmailAddresses.SequenceEqual(exceptions));
                 Assert.True(loginDiscontinuationConfiguration.EnabledOrganizationAadTenants.SequenceEqual(orgTenantPairs));
-                Assert.Equal(orgsEnabledForAll, loginDiscontinuationConfiguration.OrganizationsEnabledForAll);
             }
         }
     }
diff --git a/tests/NuGetGallery.Facts/Services/DeleteAccountServiceFacts.cs b/tests/NuGetGallery.Facts/Services/DeleteAccountServiceFacts.cs
index 6e999660ea..5ff65c1224 100644
--- a/tests/NuGetGallery.Facts/Services/DeleteAccountServiceFacts.cs
+++ b/tests/NuGetGallery.Facts/Services/DeleteAccountServiceFacts.cs
@@ -4,14 +4,12 @@
 using System;
 using System.Collections.Generic;
 using System.Data.Entity;
-using System.Globalization;
 using System.Linq;
 using System.Threading.Tasks;
 using NuGetGallery.Areas.Admin;
 using NuGetGallery.Areas.Admin.Models;
 using NuGetGallery.Auditing;
 using NuGetGallery.Authentication;
-using NuGetGallery.Framework;
 using NuGetGallery.Security;
 using Xunit;
 using Moq;
@@ -22,105 +20,65 @@ public class DeleteAccountServiceFacts
     {
         public class TheDeleteGalleryUserAccountAsyncMethod
         {
-            [Fact]
-            public async Task WhenAccountIsOrganization_DoesNotDelete()
-            {
-                // Arrange
-                var fakes = new Fakes();
-                var testableService = new DeleteAccountTestService(fakes.Organization, fakes.Package);
-                var deleteAccountService = testableService.GetDeleteAccountService();
-
-                // Act
-                var result = await deleteAccountService.DeleteGalleryUserAccountAsync(
-                    fakes.Organization,
-                    fakes.Admin,
-                    "signature",
-                    unlistOrphanPackages: true,
-                    commitAsTransaction: false);
-
-                // Assert
-                Assert.False(result.Success);
-
-                var expected = string.Format(CultureInfo.CurrentCulture,
-                    Strings.AccountDelete_OrganizationDeleteNotImplemented,
-                    fakes.Organization.Username);
-                Assert.Equal(expected, result.Description);
-            }
-
-            [Fact]
-            public async Task WhenAccountIsOrganizationMember_DoesNotDelete()
-            {
-                // Arrange
-                var fakes = new Fakes();
-                var account = fakes.OrganizationCollaborator;
-                var testableService = new DeleteAccountTestService(account, fakes.Package);
-                var deleteAccountService = testableService.GetDeleteAccountService();
-
-                // Act
-                var result = await deleteAccountService.DeleteGalleryUserAccountAsync(
-                    account,
-                    fakes.Admin,
-                    "signature",
-                    unlistOrphanPackages: true,
-                    commitAsTransaction: false);
-
-                // Assert
-                Assert.False(result.Success);
-
-                var expected = string.Format(CultureInfo.CurrentCulture,
-                    Strings.AccountDelete_OrganizationMemberDeleteNotImplemented,
-                    account.Username);
-                Assert.Equal(expected, result.Description);
-            }
+            private static int Key = -1;
 
             [Fact]
             public async Task NullUser()
             {
-                //Arange
+                // Arrange
                 PackageRegistration registration = null;
                 var testUser = CreateTestData(ref registration);
                 var testableService = new DeleteAccountTestService(testUser, registration);
                 var deleteAccountService = testableService.GetDeleteAccountService();
 
-                //Assert
-                await Assert.ThrowsAsync<ArgumentNullException>(() => deleteAccountService.DeleteGalleryUserAccountAsync(null, new User("AdminUser"), "Signature", unlistOrphanPackages: true, commitAsTransaction: false));
+                // Assert
+                await Assert.ThrowsAsync<ArgumentNullException>(() => deleteAccountService.DeleteAccountAsync(
+                    null, 
+                    new User("AdminUser") { Key = Key++ },
+                    commitAsTransaction: false,
+                    signature: "signature",
+                    orphanPackagePolicy: AccountDeletionOrphanPackagePolicy.UnlistOrphans));
             }
 
             [Fact]
             public async Task NullAdmin()
             {
-                //Arange
+                // Arrange
                 PackageRegistration registration = null;
                 var testUser = CreateTestData(ref registration);
                 var testableService = new DeleteAccountTestService(testUser, registration);
                 var deleteAccountService = testableService.GetDeleteAccountService();
 
-                //Assert
-                await Assert.ThrowsAsync<ArgumentNullException>(() => deleteAccountService.DeleteGalleryUserAccountAsync(new User("TestUser"),null , "Signature", unlistOrphanPackages: true, commitAsTransaction: false));
+                // Assert
+                await Assert.ThrowsAsync<ArgumentNullException>(() => deleteAccountService.DeleteAccountAsync(
+                    new User("TestUser") { Key = Key++ },
+                    null,
+                    commitAsTransaction: false,
+                    signature: "signature",
+                    orphanPackagePolicy: AccountDeletionOrphanPackagePolicy.UnlistOrphans));
             }
 
             /// <summary>
-            /// The action to delete a deleted user will be noop.
+            /// The action to delete a deleted user will be a no-op.
             /// </summary>
-            /// <returns></returns>
             [Fact]
             public async Task DeleteDeletedUser()
             {
-                //Arange
+                // Arrange
                 PackageRegistration registration = null;
                 var testUser = CreateTestData(ref registration);
                 testUser.IsDeleted = true;
                 var testableService = new DeleteAccountTestService(testUser, registration);
                 var deleteAccountService = testableService.GetDeleteAccountService();
 
-                //Act
+                // Act
                 var signature = "Hello";
                 var result = await deleteAccountService.
-                    DeleteGalleryUserAccountAsync(userToBeDeleted: testUser,
-                                                admin: testUser,
+                    DeleteAccountAsync(userToBeDeleted: testUser,
+                                                userToExecuteTheDelete: testUser,
+                                                commitAsTransaction: false,
                                                 signature: signature,
-                                                unlistOrphanPackages: true,
-                                                commitAsTransaction: false);
+                                                orphanPackagePolicy: AccountDeletionOrphanPackagePolicy.UnlistOrphans);
                 string expected = $"The account:{testUser.Username} was already deleted. No action was performed.";
                 Assert.Equal<string>(expected, result.Description);
             }
@@ -134,33 +92,182 @@ public async Task DeleteDeletedUser()
             /// The namespace will be unassigned from the user.
             /// The information about the deletion will be saved.
             /// </summary>
-            /// <returns></returns>
             [Fact]
             public async Task DeleteHappyUser()
             {
-                //Arange
+                // Arrange
                 PackageRegistration registration = null;
                 var testUser = CreateTestData(ref registration);
+                var testUserOrganizations = testUser.Organizations.ToList();
                 var testableService = new DeleteAccountTestService(testUser, registration);
                 var deleteAccountService = testableService.GetDeleteAccountService();
 
-                //Act
+                // Act
                 var signature = "Hello";
                 await deleteAccountService.
-                    DeleteGalleryUserAccountAsync(userToBeDeleted: testUser,
-                                                admin: testUser,
+                    DeleteAccountAsync(userToBeDeleted: testUser,
+                                                userToExecuteTheDelete: testUser,
+                                                commitAsTransaction: false,
                                                 signature: signature,
-                                                unlistOrphanPackages: true,
-                                                commitAsTransaction: false);
-
-                Assert.Equal<int>(0, registration.Owners.Count());
-                Assert.Equal<int>(0, testUser.SecurityPolicies.Count());
-                Assert.Equal<int>(0, testUser.ReservedNamespaces.Count());
-                Assert.Equal<bool>(false, registration.Packages.ElementAt(0).Listed);
+                                                orphanPackagePolicy: AccountDeletionOrphanPackagePolicy.UnlistOrphans);
+                
+                Assert.Empty(registration.Owners);
+                Assert.Empty(testUser.SecurityPolicies);
+                Assert.Empty(testUser.ReservedNamespaces);
+                Assert.Equal(false, registration.Packages.ElementAt(0).Listed);
                 Assert.Null(testUser.EmailAddress);
-                Assert.Equal<int>(1, testableService.DeletedAccounts.Count());
-                Assert.Equal<string>(signature, testableService.DeletedAccounts.ElementAt(0).Signature);
-                Assert.Equal<int>(1, testableService.SupportRequests.Count);
+                Assert.Equal(1, testableService.DeletedAccounts.Count());
+                Assert.Equal(signature, testableService.DeletedAccounts.ElementAt(0).Signature);
+                Assert.Equal(1, testableService.SupportRequests.Count());
+                Assert.Empty(testableService.PackageOwnerRequests);
+                Assert.Equal(1, testableService.AuditService.Records.Count());
+                Assert.Null(testUser.OrganizationMigrationRequest);
+                Assert.Empty(testUser.OrganizationMigrationRequests);
+                Assert.Empty(testUser.OrganizationRequests);
+
+                Assert.Empty(testUser.Organizations);
+                foreach (var testUserOrganization in testUserOrganizations)
+                {
+                    var notDeletedMembers = testUserOrganization.Organization.Members.Where(m => m.Member != testUser);
+                    if (!notDeletedMembers.Any())
+                    {
+                        Assert.Contains(testUserOrganization.Organization, testableService.DeletedUsers);
+                    }
+                    else
+                    {
+                        Assert.True(notDeletedMembers.Any(m => m.IsAdmin));
+                    }
+                }
+                
+                var deleteRecord = testableService.AuditService.Records[0] as DeleteAccountAuditRecord;
+                Assert.True(deleteRecord != null);
+            }
+
+            [Fact]
+            public async Task WhenUserIsNotConfirmedTheUserRecordIsDeleted()
+            {
+                //Arange
+                User testUser = new User("TestsUser") { Key = Key++, UnconfirmedEmailAddress = "user@test.com" };
+                var testableService = new DeleteAccountTestService(testUser);
+                var deleteAccountService = testableService.GetDeleteAccountService();
+
+                //Act
+                var status = await deleteAccountService.DeleteAccountAsync(userToBeDeleted: testUser,
+                                                userToExecuteTheDelete: testUser,
+                                                commitAsTransaction: false,
+                                                signature: testUser.Username,
+                                                orphanPackagePolicy: AccountDeletionOrphanPackagePolicy.UnlistOrphans);
+
+                //Assert
+                Assert.True(status.Success);
+                Assert.Null(testableService.User);
+                Assert.Equal(1, testableService.AuditService.Records.Count);
+                var deleteAccountAuditRecord = testableService.AuditService.Records[0] as DeleteAccountAuditRecord;
+                Assert.NotNull(deleteAccountAuditRecord);
+                Assert.Equal(testUser.Username, deleteAccountAuditRecord.AdminUsername);
+                Assert.Equal(testUser.Username, deleteAccountAuditRecord.Username);
+                Assert.Equal(DeleteAccountAuditRecord.ActionStatus.Success, deleteAccountAuditRecord.Status);
+            }
+
+            [Fact]
+            public async Task DeleteConfirmedOrganization()
+            {
+                // Arrange
+                var member = new User("testUser") { Key = Key++ };
+                var organization = new Organization("testOrganization") { Key = Key++, EmailAddress = "org@test.com" };
+
+                var membership = new Membership() { Organization = organization, Member = member };
+                member.Organizations.Add(membership);
+                organization.Members.Add(membership);
+
+                var requestedMember = new User("testRequestedMember") { Key = Key++ };
+                var memberRequest = new MembershipRequest() { Organization = organization, NewMember = requestedMember };
+                requestedMember.OrganizationRequests.Add(memberRequest);
+                organization.MemberRequests.Add(memberRequest);
+
+                PackageRegistration registration = new PackageRegistration();
+                registration.Owners.Add(organization);
+
+                Package p = new Package()
+                {
+                    Description = "TestPackage",
+                    Key = 1
+                };
+                p.PackageRegistration = registration;
+                registration.Packages.Add(p);
+
+                var testableService = new DeleteAccountTestService(organization, registration);
+                var deleteAccountService = testableService.GetDeleteAccountService();
+
+                // Act
+                var status = await deleteAccountService.
+                    DeleteAccountAsync(
+                        organization,
+                        member,
+                        commitAsTransaction: false,
+                        orphanPackagePolicy: AccountDeletionOrphanPackagePolicy.KeepOrphans);
+
+                // Assert
+                Assert.True(status.Success);
+                Assert.Null(organization.EmailAddress);
+                Assert.Equal(0, registration.Owners.Count());
+                Assert.Equal(0, organization.SecurityPolicies.Count());
+                Assert.Equal(0, organization.ReservedNamespaces.Count());
+                Assert.Equal(1, testableService.DeletedAccounts.Count());
+                Assert.Equal(1, testableService.SupportRequests.Count);
+                Assert.Equal(0, testableService.PackageOwnerRequests.Count);
+                Assert.Equal(1, testableService.AuditService.Records.Count);
+                var deleteRecord = testableService.AuditService.Records[0] as DeleteAccountAuditRecord;
+                Assert.True(deleteRecord != null);
+            }
+
+            [Fact]
+            public async Task DeleteUnconfirmedOrganization()
+            {
+                // Arrange
+                var member = new User("testUser") { Key = Key++ };
+                var organization = new Organization("testOrganization") { Key = Key++ };
+
+                var membership = new Membership() { Organization = organization, Member = member };
+                member.Organizations.Add(membership);
+                organization.Members.Add(membership);
+
+                var requestedMember = new User("testRequestedMember") { Key = Key++ };
+                var memberRequest = new MembershipRequest() { Organization = organization, NewMember = requestedMember };
+                requestedMember.OrganizationRequests.Add(memberRequest);
+                organization.MemberRequests.Add(memberRequest);
+
+                PackageRegistration registration = new PackageRegistration();
+                registration.Owners.Add(organization);
+
+                Package p = new Package()
+                {
+                    Description = "TestPackage",
+                    Key = 1
+                };
+                p.PackageRegistration = registration;
+                registration.Packages.Add(p);
+
+                var testableService = new DeleteAccountTestService(organization, registration);
+                var deleteAccountService = testableService.GetDeleteAccountService();
+
+                // Act
+                var status = await deleteAccountService.
+                    DeleteAccountAsync(
+                        organization,
+                        member,
+                        commitAsTransaction: false,
+                        orphanPackagePolicy: AccountDeletionOrphanPackagePolicy.KeepOrphans);
+
+                // Assert
+                Assert.True(status.Success);
+                Assert.Null(testableService.User);
+                Assert.Equal(0, registration.Owners.Count());
+                Assert.Equal(0, organization.SecurityPolicies.Count());
+                Assert.Equal(0, organization.ReservedNamespaces.Count());
+                Assert.Equal(0, testableService.DeletedAccounts.Count());
+                Assert.Equal(1, testableService.SupportRequests.Count);
+                Assert.Equal(0, testableService.PackageOwnerRequests.Count);
                 Assert.Equal(1, testableService.AuditService.Records.Count);
                 var deleteRecord = testableService.AuditService.Records[0] as DeleteAccountAuditRecord;
                 Assert.True(deleteRecord != null);
@@ -168,14 +275,29 @@ await deleteAccountService.
 
             private static User CreateTestData(ref PackageRegistration registration)
             {
-                User testUser = new User();
-                testUser.Username = "TestsUser";
+                var testUser = new User("TestUser") { Key = Key++ };
                 testUser.EmailAddress = "user@test.com";
 
+                AddOrganizationMigrationRequest(testUser);
+                AddOrganizationMigrationRequests(testUser);
+                AddOrganizationRequests(testUser, false);
+                AddOrganizationRequests(testUser, true);
+
+                foreach (var isAdmin in new[] { false, true })
+                {
+                    foreach (var hasAdminMember in new[] { false, true })
+                    {
+                        foreach (var hasCollaboratorMember in new[] { false, true })
+                        {
+                            AddOrganization(testUser, isAdmin, hasAdminMember, hasCollaboratorMember);
+                        }
+                    }
+                }
+
                 registration = new PackageRegistration();
                 registration.Owners.Add(testUser);
 
-                Package p = new Package()
+                var p = new Package()
                 {
                     Description = "TestPackage",
                     Key = 1
@@ -184,6 +306,59 @@ private static User CreateTestData(ref PackageRegistration registration)
                 registration.Packages.Add(p);
                 return testUser;
             }
+
+            private static void AddOrganizationMigrationRequest(User testUser)
+            {
+                var testOrganizationAdmin = new User("TestOrganizationAdmin") { Key = Key++ };
+
+                var request = new OrganizationMigrationRequest { AdminUser = testOrganizationAdmin, NewOrganization = testUser };
+                testUser.OrganizationMigrationRequest = request;
+                testOrganizationAdmin.OrganizationMigrationRequests.Add(request);
+            }
+
+            private static void AddOrganizationMigrationRequests(User testUser)
+            {
+                var testOrganization = new Organization("testOrganization") { Key = Key++ };
+
+                var request = new OrganizationMigrationRequest { AdminUser = testUser, NewOrganization = testOrganization };
+                testOrganization.OrganizationMigrationRequest = request;
+                testUser.OrganizationMigrationRequests.Add(request);
+            }
+
+            private static void AddOrganizationRequests(User testUser, bool isAdmin)
+            {
+                var testOrganization = new Organization("testOrganization") { Key = Key++ };
+
+                var request = new MembershipRequest { IsAdmin = isAdmin, NewMember = testUser, Organization = testOrganization };
+                testOrganization.MemberRequests.Add(request);
+                testUser.OrganizationRequests.Add(request);
+            }
+
+            private static void AddOrganization(User testUser, bool isAdmin, bool hasAdminMember, bool hasCollaboratorMember)
+            {
+                var testOrganization = new Organization("testOrganization") { Key = Key++ };
+
+                AddMemberToOrganization(testOrganization, testUser, isAdmin);
+
+                if (hasAdminMember)
+                {
+                    var adminUser = new User("testAdministrator") { Key = Key++ };
+                    AddMemberToOrganization(testOrganization, adminUser, isAdmin);
+                }
+
+                if (hasCollaboratorMember)
+                {
+                    var collaboratorUser = new User("testCollaborator") { Key = Key++ };
+                    AddMemberToOrganization(testOrganization, collaboratorUser, isAdmin);
+                }
+            }
+
+            private static void AddMemberToOrganization(Organization organization, User user, bool isAdmin)
+            {
+                var membership = new Membership { IsAdmin = isAdmin, Organization = organization, Member = user };
+                organization.Members.Add(membership);
+                user.Organizations.Add(membership);
+            }
         }
 
         public class DeleteAccountTestService
@@ -197,8 +372,18 @@ public class DeleteAccountTestService
             private ICollection<Package> _userPackages;
 
             public List<AccountDelete> DeletedAccounts = new List<AccountDelete>();
+            public List<User> DeletedUsers = new List<User>();
             public List<Issue> SupportRequests = new List<Issue>();
-            public FakeAuditingService AuditService;
+            public List<PackageOwnerRequest> PackageOwnerRequests = new List<PackageOwnerRequest>();
+            public FakeAuditingService AuditService = new FakeAuditingService();
+
+            public DeleteAccountTestService(User user)
+            {
+                _user = user;
+                _userPackages = new List<Package>();
+
+                AuditService = new FakeAuditingService();
+            }
 
             public DeleteAccountTestService(User user, PackageRegistration userPackagesRegistration)
             {
@@ -208,6 +393,7 @@ public DeleteAccountTestService(User user, PackageRegistration userPackagesRegis
                 _user.SecurityPolicies.Add(_securityPolicy);
                 _userPackagesRegistration = userPackagesRegistration;
                 _userPackages = userPackagesRegistration.Packages;
+
                 SupportRequests.Add(new Issue()
                 {
                     CreatedBy = user.Username,
@@ -215,8 +401,9 @@ public DeleteAccountTestService(User user, PackageRegistration userPackagesRegis
                     IssueTitle = Strings.AccountDelete_SupportRequestTitle,
                     OwnerEmail = user.EmailAddress,
                     IssueStatusId = IssueStatusKeys.New,
-                    HistoryEntries = new List<History>() { new History() { EditedBy = user.Username, IssueId = 1, Key = 1, IssueStatusId = IssueStatusKeys.New} }
+                    HistoryEntries = new List<History>() { new History() { EditedBy = user.Username, IssueId = 1, Key = 1, IssueStatusId = IssueStatusKeys.New } }
                 });
+
                 SupportRequests.Add(new Issue()
                 {
                     CreatedBy = $"{user.Username}_second",
@@ -227,7 +414,21 @@ public DeleteAccountTestService(User user, PackageRegistration userPackagesRegis
                     HistoryEntries = new List<History>() { new History() { EditedBy = $"{user.Username}_second", IssueId = 2, Key = 2, IssueStatusId = IssueStatusKeys.New } }
                 });
 
-                AuditService = new FakeAuditingService();
+                PackageOwnerRequests.Add(new PackageOwnerRequest()
+                {
+                    PackageRegistration = new PackageRegistration() { Id = $"{user.Username}_first" },
+                    NewOwner = _user
+                });
+
+                PackageOwnerRequests.Add(new PackageOwnerRequest()
+                {
+                    PackageRegistration = new PackageRegistration() { Id = $"{user.Username}_second" },
+                    NewOwner = _user
+                });
+            }
+
+            public DeleteAccountTestService()
+            {
             }
 
             public DeleteAccountService GetDeleteAccountService()
@@ -255,6 +456,11 @@ public Task SaveAuditRecordAsync(AuditRecord record)
                 }
             }
 
+            public User User
+            {
+                get { return _user; }
+            }
+
             private class TestableAuthService : AuthenticationService
             {
                 public TestableAuthService() : base()
@@ -284,27 +490,35 @@ private Mock<IEntitiesContext> SetupEntitiesContext()
             private Mock<IReservedNamespaceService> SetupReservedNamespaceService()
             {
                 var namespaceService = new Mock<IReservedNamespaceService>();
-                namespaceService.Setup(m => m.DeleteOwnerFromReservedNamespaceAsync(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<bool>()))
-                                .Returns(Task.CompletedTask)
-                                .Callback(() => _user.ReservedNamespaces.Remove(_reserverdNamespace));
+                if (_user != null)
+                {
+                    namespaceService.Setup(m => m.DeleteOwnerFromReservedNamespaceAsync(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<bool>()))
+                                    .Returns(Task.CompletedTask)
+                                    .Callback(() => _user.ReservedNamespaces.Remove(_reserverdNamespace));
+                }
+
                 return namespaceService;
             }
 
             private Mock<ISecurityPolicyService> SetupSecurityPolicyService()
             {
                 var securityPolicyService = new Mock<ISecurityPolicyService>();
-                securityPolicyService.Setup(m => m.UnsubscribeAsync(It.IsAny<User>(), SubscriptionName))
-                                     .Returns(Task.CompletedTask)
-                                     .Callback(() => _user.SecurityPolicies.Remove(_securityPolicy));
+                if (_user != null)
+                {
+                    securityPolicyService.Setup(m => m.UnsubscribeAsync(_user, SubscriptionName))
+                                         .Returns(Task.CompletedTask)
+                                         .Callback(() => _user.SecurityPolicies.Remove(_securityPolicy));
+                }
+
                 return securityPolicyService;
             }
 
             private Mock<IEntityRepository<AccountDelete>> SetupAccountDeleteRepository()
             {
-                var acountDeleteRepository = new Mock<IEntityRepository<AccountDelete>>();
-                acountDeleteRepository.Setup(m => m.InsertOnCommit(It.IsAny<AccountDelete>()))
+                var accountDeleteRepository = new Mock<IEntityRepository<AccountDelete>>();
+                accountDeleteRepository.Setup(m => m.InsertOnCommit(It.IsAny<AccountDelete>()))
                                       .Callback<AccountDelete>(account => DeletedAccounts.Add(account));
-                return acountDeleteRepository;
+                return accountDeleteRepository;
             }
 
             private Mock<IEntityRepository<User>> SetupUserRepository()
@@ -312,28 +526,46 @@ private Mock<IEntityRepository<User>> SetupUserRepository()
                 var userRepository = new Mock<IEntityRepository<User>>();
                 userRepository.Setup(m => m.CommitChangesAsync())
                               .Returns(Task.CompletedTask);
+                userRepository.Setup(m => m.DeleteOnCommit(It.IsAny<User>()))
+                              .Callback<User>(user =>
+                              {
+                                  if (user == _user)
+                                  {
+                                      _user = null;
+                                  }
+                                  else
+                                  {
+                                      DeletedUsers.Add(user);
+                                  }
+                              });
                 return userRepository;
             }
 
             private Mock<IPackageService> SetupPackageService()
             {
                 var packageService = new Mock<IPackageService>();
-                packageService.Setup(m => m.FindPackagesByAnyMatchingOwner(_user, true, It.IsAny<bool>())).Returns(_userPackages);
+                if (_user != null)
+                {
+                    packageService.Setup(m => m.FindPackagesByAnyMatchingOwner(_user, true, It.IsAny<bool>())).Returns(_userPackages);
+                }
                 //the .Returns(Task.CompletedTask) to avoid NullRef exception by the Mock infrastructure when invoking async operations
                 packageService.Setup(m => m.MarkPackageUnlistedAsync(It.IsAny<Package>(), true))
                               .Returns(Task.CompletedTask)
                               .Callback<Package, bool>((package, commit) => { package.Listed = false; });
                 return packageService;
             }
-             
+
             private Mock<ISupportRequestService> SetupSupportRequestService()
             {
                 var supportService = new Mock<ISupportRequestService>();
                 supportService.Setup(m => m.GetIssues(null, null, null, null)).Returns(SupportRequests);
-                var issue = SupportRequests.Where(i => string.Equals(i.CreatedBy, _user.Username)).FirstOrDefault();
-                supportService.Setup(m => m.DeleteSupportRequestsAsync(_user.Username))
-                              .Returns(Task.FromResult<bool>(true))
-                              .Callback( () => SupportRequests.Remove(issue));
+                if (_user != null)
+                {
+                    var issue = SupportRequests.Where(i => string.Equals(i.CreatedBy, _user.Username)).FirstOrDefault();
+                    supportService.Setup(m => m.DeleteSupportRequestsAsync(_user.Username))
+                                  .Returns(Task.FromResult(true))
+                                  .Callback(() => SupportRequests.Remove(issue));
+                }
 
                 return supportService;
             }
@@ -341,16 +573,29 @@ private Mock<ISupportRequestService> SetupSupportRequestService()
             private Mock<IPackageOwnershipManagementService> SetupPackageOwnershipManagementService()
             {
                 var packageOwnershipManagementService = new Mock<IPackageOwnershipManagementService>();
-                packageOwnershipManagementService.Setup(m => m.RemovePackageOwnerAsync(It.IsAny<PackageRegistration>(), It.IsAny<User>(), It.IsAny<User>(), false))
-                                                 .Returns(Task.CompletedTask)
-                                                 .Callback(() => 
-                                                 {
-                                                     _userPackagesRegistration.Owners.Remove(_user);
-                                                     _userPackagesRegistration.ReservedNamespaces.Remove(_reserverdNamespace);
-                                                 }
-                                                            );
+                if (_user != null)
+                {
+                    packageOwnershipManagementService.Setup(m => m.RemovePackageOwnerAsync(It.IsAny<PackageRegistration>(), It.IsAny<User>(), It.IsAny<User>(), false))
+                                                     .Returns(Task.CompletedTask)
+                                                     .Callback(() =>
+                                                     {
+                                                         _userPackagesRegistration.Owners.Remove(_user);
+                                                         _userPackagesRegistration.ReservedNamespaces.Remove(_reserverdNamespace);
+                                                     });
+
+                    packageOwnershipManagementService.Setup(m => m.GetPackageOwnershipRequests(null, null, _user))
+                        .Returns(PackageOwnerRequests);
+
+                    packageOwnershipManagementService.Setup(m => m.DeletePackageOwnershipRequestAsync(It.IsAny<PackageRegistration>(), _user))
+                        .Returns(Task.CompletedTask)
+                        .Callback<PackageRegistration, User>((package, user) =>
+                        {
+                            PackageOwnerRequests.Remove(PackageOwnerRequests.First(r => r.PackageRegistration == package && r.NewOwner == user));
+                        });
+                }
+
                 return packageOwnershipManagementService;
             }
         }
     }
-}
+}
\ No newline at end of file
diff --git a/tests/NuGetGallery.Facts/Services/FileSystemFileStorageServiceFacts.cs b/tests/NuGetGallery.Facts/Services/FileSystemFileStorageServiceFacts.cs
index f3002b835b..4fc20193e0 100644
--- a/tests/NuGetGallery.Facts/Services/FileSystemFileStorageServiceFacts.cs
+++ b/tests/NuGetGallery.Facts/Services/FileSystemFileStorageServiceFacts.cs
@@ -362,7 +362,7 @@ await _target.SaveFileAsync(
                     _destFileName,
                     new MemoryStream(Encoding.ASCII.GetBytes(content)));
 
-                await Assert.ThrowsAsync<InvalidOperationException>(
+                await Assert.ThrowsAsync<FileAlreadyExistsException>(
                     () => _target.CopyFileAsync(
                         _srcFolderName,
                         _srcFileName,
@@ -386,7 +386,7 @@ await _target.SaveFileAsync(
                     new MemoryStream(Encoding.ASCII.GetBytes("Something else.")));
 
                 // Act & Assert
-                await Assert.ThrowsAsync<InvalidOperationException>(
+                await Assert.ThrowsAsync<FileAlreadyExistsException>(
                     () => _target.CopyFileAsync(
                         _srcFolderName,
                         _srcFileName,
@@ -576,7 +576,7 @@ public async Task WillThrowIfFileExistsAndOverwriteFalse()
                     fakeFileSystemService.Setup(x => x.FileExists(It.IsAny<string>())).Returns(true);
                     var service = CreateService(fileSystemService: fakeFileSystemService);
 
-                    await Assert.ThrowsAsync<InvalidOperationException>(async () => await service.SaveFileAsync(FolderName, FileName, fakeFileStream, false));
+                    await Assert.ThrowsAsync<FileAlreadyExistsException>(async () => await service.SaveFileAsync(FolderName, FileName, fakeFileStream, false));
 
                     fakeFileSystemService.Verify();
                 }
@@ -639,7 +639,7 @@ public async Task WillThrowIfFileExistsAndOverwriteFalseAndRealFileSystemIsUsed(
                     File.WriteAllText(filePath, FileContent);
 
                     // Act
-                    var exception = await Assert.ThrowsAsync<InvalidOperationException>(() => service.SaveFileAsync(
+                    var exception = await Assert.ThrowsAsync<FileAlreadyExistsException>(() => service.SaveFileAsync(
                         FolderName,
                         FileName,
                         new MemoryStream(),
diff --git a/tests/NuGetGallery.Facts/Services/LoginDiscontinuationConfigurationFacts.cs b/tests/NuGetGallery.Facts/Services/LoginDiscontinuationConfigurationFacts.cs
index dd87df58a7..148f6e10dd 100644
--- a/tests/NuGetGallery.Facts/Services/LoginDiscontinuationConfigurationFacts.cs
+++ b/tests/NuGetGallery.Facts/Services/LoginDiscontinuationConfigurationFacts.cs
@@ -33,12 +33,9 @@ public static IEnumerable<object[]> PossibleListStates
                             {
                                 foreach (var isOnTenantPairList in new[] { true, false })
                                 {
-                                    foreach (var organizationsEnabledForAll in new[] { true, false })
+                                    foreach (var isWrongCase in new[] { true, false })
                                     {
-                                        foreach (var isWrongCase in new[] { true, false })
-                                        {
-                                            yield return MemberDataHelper.AsData(isOnWhiteList, isOnDomainList, isOnExceptionList, isOnTransformList, isOnTenantPairList, organizationsEnabledForAll, isWrongCase);
-                                        }
+                                        yield return MemberDataHelper.AsData(isOnWhiteList, isOnDomainList, isOnExceptionList, isOnTransformList, isOnTenantPairList, isWrongCase);
                                     }
                                 }
                             }
@@ -48,7 +45,7 @@ public static IEnumerable<object[]> PossibleListStates
             }
         }
 
-        public static ILoginDiscontinuationConfiguration CreateConfiguration(bool isOnWhiteList, bool isOnDomainList, bool isOnExceptionList, bool isOnTransformList, bool isOnTenantPairList, bool organizationsEnabledForAll, bool isWrongCase)
+        public static ILoginDiscontinuationConfiguration CreateConfiguration(bool isOnWhiteList, bool isOnDomainList, bool isOnExceptionList, bool isOnTransformList, bool isOnTenantPairList, bool isWrongCase)
         {
             var emails = isOnWhiteList ? new[] { ToUppercaseIfWrongCase(_email, isWrongCase) } : new[] { ToUppercaseIfWrongCase(_incorrectEmail, isWrongCase) };
             var domains = isOnDomainList ? new[] { ToUppercaseIfWrongCase(_domain, isWrongCase) } : new[] { ToUppercaseIfWrongCase(_incorrectDomain, isWrongCase) };
@@ -58,7 +55,7 @@ public static ILoginDiscontinuationConfiguration CreateConfiguration(bool isOnWh
                 new[] { new OrganizationTenantPair(ToUppercaseIfWrongCase(_domain, isWrongCase), ToUppercaseIfWrongCase(_tenant, isWrongCase)) } :
                 new[] { new OrganizationTenantPair(ToUppercaseIfWrongCase(_incorrectDomain, isWrongCase), ToUppercaseIfWrongCase(_incorrectTenant, isWrongCase)) };
 
-            return new LoginDiscontinuationConfiguration(emails, domains, exceptions, shouldTransforms, orgTenantPairs, organizationsEnabledForAll);
+            return new LoginDiscontinuationConfiguration(emails, domains, exceptions, shouldTransforms, orgTenantPairs);
         }
 
         private static string ToUppercaseIfWrongCase(string input, bool isWrongCase)
@@ -152,7 +149,7 @@ private void TestIsLoginDiscontinued(string credentialType, bool isOnWhiteList,
                 var user = new User("test") { EmailAddress = _email, Credentials = new[] { credential } };
                 var authUser = new AuthenticatedUser(user, credential);
 
-                var config = CreateConfiguration(isOnWhiteList, isOnDomainList, isOnExceptionList, isOnTransformList, isOnTenantPairList: false, organizationsEnabledForAll: false, isWrongCase: isWrongCase);
+                var config = CreateConfiguration(isOnWhiteList, isOnDomainList, isOnExceptionList, isOnTransformList, isOnTenantPairList: false, isWrongCase: isWrongCase);
 
                 // Act
                 var result = config.IsLoginDiscontinued(authUser);
@@ -169,7 +166,6 @@ public class WhitelistMethodData
             public bool IsOnExceptionList { get; }
             public bool IsOnTransformList { get; }
             public bool IsOnTenantPairList { get; }
-            public bool OrganizationsEnabledForAll { get; }
             public bool IsWrongCase { get; }
             
             public WhitelistMethodData(object[] data)
@@ -191,10 +187,7 @@ public WhitelistMethodData(object[] data)
                 var isOnTenantPairList = boolData[4];
                 IsOnTenantPairList = isOnTenantPairList;
 
-                var organizationsEnabledForAll = boolData[5];
-                OrganizationsEnabledForAll = organizationsEnabledForAll;
-
-                var isWrongCase = boolData[6];
+                var isWrongCase = boolData[5];
                 IsWrongCase = isWrongCase;
             }
         }
@@ -248,7 +241,7 @@ public void ReturnsExpectedWhenNull(WhitelistMethodData data)
 
             private ILoginDiscontinuationConfiguration GetConfiguration(WhitelistMethodData data)
             {
-                return CreateConfiguration(data.IsOnWhiteList, data.IsOnDomainList, data.IsOnExceptionList, data.IsOnTransformList, data.IsOnTenantPairList, data.OrganizationsEnabledForAll, data.IsWrongCase);
+                return CreateConfiguration(data.IsOnWhiteList, data.IsOnDomainList, data.IsOnExceptionList, data.IsOnTransformList, data.IsOnTenantPairList, data.IsWrongCase);
             }
         }
 
@@ -295,56 +288,5 @@ protected override bool GetWhitelistValue(ILoginDiscontinuationConfiguration con
                 return config.ShouldUserTransformIntoOrganization(user);
             }
         }
-
-        public class TheAreOrganizationsSupportedForUserMethodData : WhitelistMethodData
-        {
-            public bool HasOrganization { get; }
-
-            public TheAreOrganizationsSupportedForUserMethodData(object[] data, bool hasOrganization)
-                : base(data)
-            {
-                HasOrganization = hasOrganization;
-            }
-        }
-
-        public class TheAreOrganizationsSupportedForUserMethod : WhitelistBaseMethod
-        {
-            protected override User GetUser(WhitelistMethodData data)
-            {
-                var user = base.GetUser(data);
-                if ((data as TheAreOrganizationsSupportedForUserMethodData).HasOrganization)
-                {
-                    user.Organizations = new[] { new Membership() };
-                }
-
-                return user;
-            }
-
-            public static IEnumerable<object[]> ReturnsAsExpectedWhenNonNull_Data =>
-                PossibleListStates.SelectMany(data => 
-                    new[] { false, true }
-                        .Select(hasOrganization => 
-                            MemberDataHelper.AsData(
-                                new TheAreOrganizationsSupportedForUserMethodData(data, hasOrganization))));
-
-            public override bool GetExpectedValueForNonNull(WhitelistMethodData data)
-            {
-                return data.OrganizationsEnabledForAll || 
-                    (data as TheAreOrganizationsSupportedForUserMethodData).HasOrganization || 
-                    new TheIsUserOnWhitelistMethod().GetExpectedValueForNonNull(data);
-            }
-
-            public static IEnumerable<object[]> ReturnsFalseWhenNull_Data => WhitelistBaseMethodReturnsExpected_Data;
-
-            public override bool GetExpectedValueForNull(WhitelistMethodData data)
-            {
-                return data.OrganizationsEnabledForAll;
-            }
-
-            protected override bool GetWhitelistValue(ILoginDiscontinuationConfiguration config, User user)
-            {
-                return config.AreOrganizationsSupportedForUser(user);
-            }
-        }
     }
 }
diff --git a/tests/NuGetGallery.Facts/Services/MessageServiceFacts.cs b/tests/NuGetGallery.Facts/Services/MessageServiceFacts.cs
index acdfbf9c21..df0ac5439f 100644
--- a/tests/NuGetGallery.Facts/Services/MessageServiceFacts.cs
+++ b/tests/NuGetGallery.Facts/Services/MessageServiceFacts.cs
@@ -1027,7 +1027,8 @@ public void WillSendEmailToAllOwners(string version)
                 var package = new Package
                 {
                     Version = version,
-                    PackageRegistration = packageRegistration
+                    PackageRegistration = packageRegistration,
+                    User = new User("userThatPushed")
                 };
                 packageRegistration.Packages.Add(package);
 
@@ -1046,7 +1047,7 @@ public void WillSendEmailToAllOwners(string version)
                 Assert.Equal(TestGalleryNoReplyAddress, message.From);
                 Assert.Contains($"[{TestGalleryOwner.DisplayName}] Package published - {packageRegistration.Id} {nugetVersion.ToNormalizedString()}", message.Subject);
                 Assert.Contains(
-                    $"The package [{packageRegistration.Id} {nugetVersion.ToFullString()}]({packageUrl}) was just published on {TestGalleryOwner.DisplayName}. If this was not intended, please [contact support]({supportUrl}).", message.Body);
+                    $"The package [{packageRegistration.Id} {nugetVersion.ToFullString()}]({packageUrl}) was recently published on {TestGalleryOwner.DisplayName} by {package.User.Username}. If this was not intended, please [contact support]({supportUrl}).", message.Body);
             }
 
             [Fact]
@@ -1065,7 +1066,8 @@ public void WillNotSendEmailToOwnerThatOptsOut()
                 var package = new Package
                 {
                     Version = "1.2.3",
-                    PackageRegistration = packageRegistration
+                    PackageRegistration = packageRegistration,
+                    User = new User("userThatPushed")
                 };
                 packageRegistration.Packages.Add(package);
 
@@ -1096,7 +1098,8 @@ public void WillNotAttemptToSendIfNoOwnersAllow()
                 var package = new Package
                 {
                     Version = "1.2.3",
-                    PackageRegistration = packageRegistration
+                    PackageRegistration = packageRegistration,
+                    User = new User("userThatPushed")
                 };
                 packageRegistration.Packages.Add(package);
 
@@ -1406,7 +1409,8 @@ public void WillSendEmailToAllOwners(string version)
                 var package = new Package
                 {
                     Version = version,
-                    PackageRegistration = packageRegistration
+                    PackageRegistration = packageRegistration,
+                    User = new User("userThatPushed")
                 };
                 packageRegistration.Packages.Add(package);
 
@@ -1426,7 +1430,7 @@ public void WillSendEmailToAllOwners(string version)
                 Assert.Contains($"[{TestGalleryOwner.DisplayName}] Package uploaded - {packageRegistration.Id} {nugetVersion.ToNormalizedString()}", message.Subject);
                 Assert.DoesNotContain("publish", message.Subject);
                 Assert.Contains(
-                    $"The package [{packageRegistration.Id} {nugetVersion.ToFullString()}]({packageUrl}) was just uploaded to {TestGalleryOwner.DisplayName}. If this was not intended, please [contact support]({supportUrl}).", message.Body);
+                    $"The package [{packageRegistration.Id} {nugetVersion.ToFullString()}]({packageUrl}) was recently uploaded to {TestGalleryOwner.DisplayName} by {package.User.Username}. If this was not intended, please [contact support]({supportUrl}).", message.Body);
             }
 
             [Fact]
@@ -1445,7 +1449,8 @@ public void WillNotSendEmailToOwnerThatOptsOut()
                 var package = new Package
                 {
                     Version = "1.2.3",
-                    PackageRegistration = packageRegistration
+                    PackageRegistration = packageRegistration,
+                    User = new User("userThatPushed")
                 };
                 packageRegistration.Packages.Add(package);
 
@@ -1476,7 +1481,8 @@ public void WillNotAttemptToSendIfNoOwnersAllow()
                 var package = new Package
                 {
                     Version = "1.2.3",
-                    PackageRegistration = packageRegistration
+                    PackageRegistration = packageRegistration,
+                    User = new User("userThatPushed")
                 };
                 packageRegistration.Packages.Add(package);
 
diff --git a/tests/NuGetGallery.Facts/Services/PackageServiceFacts.cs b/tests/NuGetGallery.Facts/Services/PackageServiceFacts.cs
index b333911a30..6d13b0d00a 100644
--- a/tests/NuGetGallery.Facts/Services/PackageServiceFacts.cs
+++ b/tests/NuGetGallery.Facts/Services/PackageServiceFacts.cs
@@ -12,6 +12,7 @@
 using NuGetGallery.Auditing;
 using NuGetGallery.Framework;
 using NuGetGallery.Packaging;
+using NuGetGallery.Security;
 using NuGetGallery.TestUtils;
 using Xunit;
 
@@ -22,15 +23,19 @@ public class PackageServiceFacts
         private static IPackageService CreateService(
             Mock<IEntityRepository<PackageRegistration>> packageRegistrationRepository = null,
             Mock<IEntityRepository<Package>> packageRepository = null,
+            Mock<IEntityRepository<Certificate>> certificateRepository = null,
             IPackageNamingConflictValidator packageNamingConflictValidator = null,
             IAuditingService auditingService = null,
             Mock<ITelemetryService> telemetryService = null,
+            Mock<ISecurityPolicyService> securityPolicyService = null,
             Action<Mock<PackageService>> setup = null)
         {
             packageRegistrationRepository = packageRegistrationRepository ?? new Mock<IEntityRepository<PackageRegistration>>();
             packageRepository = packageRepository ?? new Mock<IEntityRepository<Package>>();
+            certificateRepository = certificateRepository ?? new Mock<IEntityRepository<Certificate>>();
             auditingService = auditingService ?? new TestAuditingService();
             telemetryService = telemetryService ?? new Mock<ITelemetryService>();
+            securityPolicyService = securityPolicyService ?? new Mock<ISecurityPolicyService>();
 
             if (packageNamingConflictValidator == null)
             {
@@ -42,9 +47,11 @@ private static IPackageService CreateService(
             var packageService = new Mock<PackageService>(
                 packageRegistrationRepository.Object,
                 packageRepository.Object,
+                certificateRepository.Object,
                 packageNamingConflictValidator,
                 auditingService,
-                telemetryService.Object);
+                telemetryService.Object,
+                securityPolicyService.Object);
 
             packageService.CallBase = true;
 
@@ -64,15 +71,104 @@ public async Task AddsUserToPackageOwnerCollection()
                 var package = new PackageRegistration { Key = 2, Id = "pkg42" };
                 var pendingOwner = new User { Key = 100, Username = "teamawesome" };
                 var packageRepository = new Mock<IEntityRepository<Package>>();
+                var securityPolicyService = new Mock<ISecurityPolicyService>();
                 packageRepository.Setup(r => r.CommitChangesAsync())
                     .Returns(Task.CompletedTask).Verifiable();
-                var service = CreateService(packageRepository: packageRepository);
+                securityPolicyService.Setup(x => x.IsSubscribed(
+                        It.Is<User>(u => u == pendingOwner),
+                        It.Is<string>(p => p == AutomaticallyOverwriteRequiredSignerPolicy.PolicyName)))
+                    .Returns(false);
+
+                var service = CreateService(
+                    packageRepository: packageRepository,
+                    securityPolicyService: securityPolicyService);
 
                 await service.AddPackageOwnerAsync(package, pendingOwner);
 
                 Assert.Contains(pendingOwner, package.Owners);
                 packageRepository.VerifyAll();
             }
+
+            [Fact]
+            public async Task WhenNewOwnerHasAutomaticallyOverwriteRequiredSignerPolicyAndRequiredSignerIsNull_NewOwnerBecomesRequiredSigner()
+            {
+                var packageRegistration = new PackageRegistration()
+                {
+                    Key = 1,
+                    Id = "a"
+                };
+                var newOwner = new User()
+                {
+                    Key = 2,
+                    Username = "b"
+                };
+                var packageRepository = new Mock<IEntityRepository<Package>>();
+                var securityPolicyService = new Mock<ISecurityPolicyService>();
+
+                packageRepository.Setup(pr => pr.CommitChangesAsync())
+                    .Returns(Task.CompletedTask);
+                securityPolicyService.Setup(x => x.IsSubscribed(
+                        It.Is<User>(u => u == newOwner),
+                        It.Is<string>(p => p == AutomaticallyOverwriteRequiredSignerPolicy.PolicyName)))
+                    .Returns(true);
+
+                var packageService = CreateService(
+                    packageRepository: packageRepository,
+                    securityPolicyService: securityPolicyService);
+
+                await packageService.AddPackageOwnerAsync(packageRegistration, newOwner);
+
+                Assert.Equal(1, packageRegistration.RequiredSigners.Count);
+                Assert.Contains(newOwner, packageRegistration.RequiredSigners);
+
+                packageRepository.VerifyAll();
+                securityPolicyService.VerifyAll();
+            }
+
+            [Fact]
+            public async Task WhenNewOwnerHasAutomaticallyOverwriteRequiredSignerPolicyAndRequiredSignerIsNotNull_NewOwnerBecomesRequiredSigner()
+            {
+                var packageRegistration = new PackageRegistration()
+                {
+                    Key = 1,
+                    Id = "a"
+                };
+                var existingOwner = new User()
+                {
+                    Key = 2,
+                    Username = "b"
+                };
+                var newOwner = new User()
+                {
+                    Key = 3,
+                    Username = "c"
+                };
+
+                packageRegistration.Owners.Add(existingOwner);
+                packageRegistration.RequiredSigners.Add(existingOwner);
+
+                var packageRepository = new Mock<IEntityRepository<Package>>();
+                var securityPolicyService = new Mock<ISecurityPolicyService>();
+
+                packageRepository.Setup(pr => pr.CommitChangesAsync())
+                    .Returns(Task.CompletedTask);
+                securityPolicyService.Setup(x => x.IsSubscribed(
+                        It.Is<User>(u => u == newOwner),
+                        It.Is<string>(p => p == AutomaticallyOverwriteRequiredSignerPolicy.PolicyName)))
+                    .Returns(true);
+
+                var packageService = CreateService(
+                    packageRepository: packageRepository,
+                    securityPolicyService: securityPolicyService);
+
+                await packageService.AddPackageOwnerAsync(packageRegistration, newOwner);
+
+                Assert.Equal(1, packageRegistration.RequiredSigners.Count);
+                Assert.Contains(newOwner, packageRegistration.RequiredSigners);
+
+                packageRepository.VerifyAll();
+                securityPolicyService.VerifyAll();
+            }
         }
 
         public class TheCreatePackageMethod
@@ -1127,7 +1223,8 @@ public virtual void ReturnsAPackageForEachPackageRegistration(User currentUser,
             {
                 var packageRegistrationA = new PackageRegistration { Key = 0, Id = "idA", Owners = { packageOwner } };
                 var packageRegistrationB = new PackageRegistration { Key = 1, Id = "idB", Owners = { packageOwner } };
-                var packageA = new Package {
+                var packageA = new Package
+                {
                     Version = "1.0",
                     PackageRegistration = packageRegistrationA,
                     PackageRegistrationKey = 0,
@@ -1135,7 +1232,8 @@ public virtual void ReturnsAPackageForEachPackageRegistration(User currentUser,
                     IsLatestSemVer2 = true,
                     IsLatestStableSemVer2 = true
                 };
-                var packageB = new Package {
+                var packageB = new Package
+                {
                     Version = "1.0",
                     PackageRegistration = packageRegistrationB,
                     PackageRegistrationKey = 1,
@@ -1288,7 +1386,8 @@ public virtual void ReturnsVersionsWhenIncludedVersionsIsTrue_IncludeUnlistedTru
             {
                 var packageRegistration = new PackageRegistration { Key = 0, Id = "theId", Owners = { packageOwner } };
 
-                var package1 = new Package {
+                var package1 = new Package
+                {
                     Version = "1.0",
                     PackageRegistration = packageRegistration,
                     PackageRegistrationKey = 0,
@@ -1298,7 +1397,8 @@ public virtual void ReturnsVersionsWhenIncludedVersionsIsTrue_IncludeUnlistedTru
                 };
                 packageRegistration.Packages.Add(package1);
 
-                var package2 = new Package {
+                var package2 = new Package
+                {
                     Version = "2.0",
                     PackageRegistration = packageRegistration,
                     PackageRegistrationKey = 0,
@@ -2122,5 +2222,299 @@ public static IEnumerable<object[]> GetPackageUserAccountOwners_Input
                 }
             }
         }
+
+        public class TheSetRequiredSignerAsyncMethodOneParameter : TestContainer
+        {
+            private readonly User _user1;
+
+            public TheSetRequiredSignerAsyncMethodOneParameter()
+            {
+                _user1 = new User()
+                {
+                    Key = 1,
+                    Username = "a"
+                };
+            }
+
+            [Fact]
+            public async Task SetRequiredSignerAsync_WhenSignerIsNull_Throws()
+            {
+                var service = Get<PackageService>();
+                var exception = await Assert.ThrowsAsync<ArgumentNullException>(
+                    () => service.SetRequiredSignerAsync(signer: null));
+
+                Assert.Equal("signer", exception.ParamName);
+            }
+
+            [Fact]
+            public async Task SetRequiredSignerAsync_WhenNoPackageRegistrationsOwned_Succeeds()
+            {
+                var packageRegistrationRepository = GetMock<IEntityRepository<PackageRegistration>>();
+                var auditingService = GetMock<IAuditingService>();
+                var telemetryService = GetMock<ITelemetryService>();
+                var service = Get<PackageService>();
+
+                await service.SetRequiredSignerAsync(_user1);
+
+                packageRegistrationRepository.Verify(x => x.CommitChangesAsync(), Times.Never);
+                auditingService.Verify(x => x.SaveAuditRecordAsync(
+                    It.IsAny<PackageRegistrationAuditRecord>()), Times.Never);
+                telemetryService.Verify(x => x.TrackRequiredSignerSet(It.IsAny<string>()), Times.Never);
+            }
+
+            [Fact]
+            public async Task SetRequiredSignerAsync_WhenMultiplePackageRegistrationsOwned_Succeeds()
+            {
+                var packageRegistrationRepository = GetMock<IEntityRepository<PackageRegistration>>();
+                var auditingService = GetMock<IAuditingService>();
+                var telemetryService = GetMock<ITelemetryService>();
+                var entityContext = new FakeEntitiesContext();
+                var service = Get<PackageService>();
+
+                var packageRegistration1 = new PackageRegistration()
+                {
+                    Key = 2,
+                    Id = "b"
+                };
+                var packageRegistration2 = new PackageRegistration()
+                {
+                    Key = 3,
+                    Id = "c"
+                };
+                var packageRegistration3 = new PackageRegistration()
+                {
+                    Key = 4,
+                    Id = "d"
+                };
+
+                var user2 = new User()
+                {
+                    Key = 5,
+                    Username = "e"
+                };
+
+                packageRegistration1.Owners.Add(_user1);
+                packageRegistration1.Owners.Add(user2);
+                packageRegistration1.RequiredSigners.Add(user2);
+
+                packageRegistration2.Owners.Add(_user1);
+                packageRegistration2.Owners.Add(user2);
+
+                packageRegistration3.Owners.Add(user2);
+                packageRegistration3.Owners.Add(_user1);
+                packageRegistration3.RequiredSigners.Add(_user1);
+
+                var packageRegistrations = new[] { packageRegistration1, packageRegistration2, packageRegistration3 };
+
+                foreach (var packageRegistration in packageRegistrations)
+                {
+                    entityContext.PackageRegistrations.Add(packageRegistration);
+                }
+
+                packageRegistrationRepository.Setup(x => x.GetAll())
+                    .Returns(entityContext.PackageRegistrations);
+
+                await service.SetRequiredSignerAsync(_user1);
+
+                foreach (var packageRegistration in packageRegistrations)
+                {
+                    Assert.Equal(1, packageRegistration.RequiredSigners.Count);
+                    Assert.Equal(_user1, packageRegistration.RequiredSigners.Single());
+                }
+
+                packageRegistrationRepository.Verify(x => x.CommitChangesAsync(), Times.Once);
+                auditingService.Verify(x => x.SaveAuditRecordAsync(
+                    It.Is<PackageRegistrationAuditRecord>(
+                        record =>
+                            record.Action == AuditedPackageRegistrationAction.SetRequiredSigner &&
+                            record.Id == packageRegistration1.Id &&
+                            record.PreviousRequiredSigner == user2.Username &&
+                            record.NewRequiredSigner == _user1.Username)), Times.Once);
+                auditingService.Verify(x => x.SaveAuditRecordAsync(
+                    It.Is<PackageRegistrationAuditRecord>(
+                        record =>
+                            record.Action == AuditedPackageRegistrationAction.SetRequiredSigner &&
+                            record.Id == packageRegistration2.Id &&
+                            record.PreviousRequiredSigner == null &&
+                            record.NewRequiredSigner == _user1.Username)), Times.Once);
+                telemetryService.Verify(x => x.TrackRequiredSignerSet(
+                    It.Is<string>(packageId => packageId == packageRegistration1.Id)), Times.Once);
+                telemetryService.Verify(x => x.TrackRequiredSignerSet(
+                    It.Is<string>(packageId => packageId == packageRegistration2.Id)), Times.Once);
+            }
+        }
+
+        public class TheSetRequiredSignerAsyncMethodTwoParameters : TestContainer
+        {
+            private readonly PackageRegistration _packageRegistration;
+            private readonly User _user1;
+            private readonly User _user2;
+
+            public TheSetRequiredSignerAsyncMethodTwoParameters()
+            {
+                _packageRegistration = new PackageRegistration()
+                {
+                    Key = 1,
+                    Id = "a"
+                };
+
+                _user1 = new User()
+                {
+                    Key = 2,
+                    Username = "b"
+                };
+
+                _user2 = new User()
+                {
+                    Key = 3,
+                    Username = "c"
+                };
+            }
+
+            [Fact]
+            public async Task SetRequiredSignerAsync_WhenRegistrationIsNull_Throws()
+            {
+                var service = Get<PackageService>();
+                var exception = await Assert.ThrowsAsync<ArgumentNullException>(
+                    () => service.SetRequiredSignerAsync(registration: null, signer: _user1));
+
+                Assert.Equal("registration", exception.ParamName);
+            }
+
+            [Fact]
+            public async Task SetRequiredSignerAsync_WhenCurrentRequiredSignerIsNullAndNewRequiredSignerIsNull_Succeeds()
+            {
+                var packageRegistrationRepository = GetMock<IEntityRepository<PackageRegistration>>();
+                var auditingService = GetMock<IAuditingService>();
+                var telemetryService = GetMock<ITelemetryService>();
+                var service = Get<PackageService>();
+
+                await service.SetRequiredSignerAsync(_packageRegistration, signer: null);
+
+                Assert.Empty(_packageRegistration.RequiredSigners);
+
+                packageRegistrationRepository.Verify(x => x.CommitChangesAsync(), Times.Never);
+                auditingService.Verify(x => x.SaveAuditRecordAsync(
+                    It.IsAny<PackageRegistrationAuditRecord>()), Times.Never);
+                telemetryService.Verify(x => x.TrackRequiredSignerSet(It.IsAny<string>()), Times.Never);
+            }
+
+            [Fact]
+            public async Task SetRequiredSignerAsync_WhenCurrentRequiredSignerIsNullAndNewRequiredSignerIsNotNull_Succeeds()
+            {
+                var packageRegistrationRepository = GetMock<IEntityRepository<PackageRegistration>>();
+                var auditingService = GetMock<IAuditingService>();
+                var telemetryService = GetMock<ITelemetryService>();
+                var entityContext = new FakeEntitiesContext();
+                var service = Get<PackageService>();
+
+                entityContext.PackageRegistrations.Add(_packageRegistration);
+
+                packageRegistrationRepository.Setup(x => x.GetAll())
+                    .Returns(entityContext.PackageRegistrations);
+
+                await service.SetRequiredSignerAsync(_packageRegistration, _user1);
+
+                Assert.Equal(1, _packageRegistration.RequiredSigners.Count);
+                Assert.Equal(_user1, _packageRegistration.RequiredSigners.Single());
+
+                packageRegistrationRepository.Verify(x => x.CommitChangesAsync(), Times.Once);
+                auditingService.Verify(x => x.SaveAuditRecordAsync(
+                    It.Is<PackageRegistrationAuditRecord>(
+                        record =>
+                            record.Action == AuditedPackageRegistrationAction.SetRequiredSigner &&
+                            record.Id == _packageRegistration.Id &&
+                            record.PreviousRequiredSigner == null &&
+                            record.NewRequiredSigner == _user1.Username)), Times.Once);
+                telemetryService.Verify(x => x.TrackRequiredSignerSet(
+                    It.Is<string>(packageId => packageId == _packageRegistration.Id)), Times.Once);
+            }
+
+            [Fact]
+            public async Task SetRequiredSignerAsync_WhenCurrentRequiredSignerIsNotNullAndNewRequiredSignerIsNotNull_Succeeds()
+            {
+                var packageRegistrationRepository = GetMock<IEntityRepository<PackageRegistration>>();
+                var auditingService = GetMock<IAuditingService>();
+                var telemetryService = GetMock<ITelemetryService>();
+                var entityContext = new FakeEntitiesContext();
+                var service = Get<PackageService>();
+
+                _packageRegistration.RequiredSigners.Add(_user1);
+
+                entityContext.PackageRegistrations.Add(_packageRegistration);
+
+                packageRegistrationRepository.Setup(x => x.GetAll())
+                    .Returns(entityContext.PackageRegistrations);
+
+                await service.SetRequiredSignerAsync(_packageRegistration, _user2);
+
+                Assert.Equal(1, _packageRegistration.RequiredSigners.Count);
+                Assert.Equal(_user2, _packageRegistration.RequiredSigners.Single());
+
+                packageRegistrationRepository.Verify(x => x.CommitChangesAsync(), Times.Once);
+                auditingService.Verify(x => x.SaveAuditRecordAsync(
+                    It.Is<PackageRegistrationAuditRecord>(
+                        record =>
+                            record.Action == AuditedPackageRegistrationAction.SetRequiredSigner &&
+                            record.Id == _packageRegistration.Id &&
+                            record.PreviousRequiredSigner == _user1.Username &&
+                            record.NewRequiredSigner == _user2.Username)), Times.Once);
+                telemetryService.Verify(x => x.TrackRequiredSignerSet(
+                    It.Is<string>(packageId => packageId == _packageRegistration.Id)), Times.Once);
+            }
+
+            [Fact]
+            public async Task SetRequiredSignerAsync_WhenCurrentRequiredSignerIsNotNullAndNewRequiredSignerIsNull_Succeeds()
+            {
+                var packageRegistrationRepository = GetMock<IEntityRepository<PackageRegistration>>();
+                var auditingService = GetMock<IAuditingService>();
+                var telemetryService = GetMock<ITelemetryService>();
+                var entityContext = new FakeEntitiesContext();
+                var service = Get<PackageService>();
+
+                _packageRegistration.RequiredSigners.Add(_user1);
+
+                entityContext.PackageRegistrations.Add(_packageRegistration);
+
+                packageRegistrationRepository.Setup(x => x.GetAll())
+                    .Returns(entityContext.PackageRegistrations);
+
+                await service.SetRequiredSignerAsync(_packageRegistration, signer: null);
+
+                Assert.Empty(_packageRegistration.RequiredSigners);
+
+                packageRegistrationRepository.Verify(x => x.CommitChangesAsync(), Times.Once);
+                auditingService.Verify(x => x.SaveAuditRecordAsync(
+                    It.Is<PackageRegistrationAuditRecord>(
+                        record =>
+                            record.Action == AuditedPackageRegistrationAction.SetRequiredSigner &&
+                            record.Id == _packageRegistration.Id &&
+                            record.PreviousRequiredSigner == _user1.Username &&
+                            record.NewRequiredSigner == null)), Times.Once);
+                telemetryService.Verify(x => x.TrackRequiredSignerSet(
+                    It.Is<string>(packageId => packageId == _packageRegistration.Id)), Times.Once);
+            }
+
+            [Fact]
+            public async Task SetRequiredSignerAsync_WhenCurrentRequiredSignerAndNewRequiredSignerAreSame_Succeeds()
+            {
+                var packageRegistrationRepository = GetMock<IEntityRepository<PackageRegistration>>();
+                var auditingService = GetMock<IAuditingService>();
+                var telemetryService = GetMock<ITelemetryService>();
+                var service = Get<PackageService>();
+
+                _packageRegistration.RequiredSigners.Add(_user1);
+
+                await service.SetRequiredSignerAsync(_packageRegistration, _user1);
+
+                Assert.Equal(1, _packageRegistration.RequiredSigners.Count);
+                Assert.Equal(_user1, _packageRegistration.RequiredSigners.Single());
+
+                packageRegistrationRepository.Verify(x => x.CommitChangesAsync(), Times.Never);
+                auditingService.Verify(x => x.SaveAuditRecordAsync(
+                    It.IsAny<PackageRegistrationAuditRecord>()), Times.Never);
+                telemetryService.Verify(x => x.TrackRequiredSignerSet(It.IsAny<string>()), Times.Never);
+            }
+        }
     }
 }
\ No newline at end of file
diff --git a/tests/NuGetGallery.Facts/Services/ReflowPackageServiceFacts.cs b/tests/NuGetGallery.Facts/Services/ReflowPackageServiceFacts.cs
index f3ff942cc7..2f5f1354fd 100644
--- a/tests/NuGetGallery.Facts/Services/ReflowPackageServiceFacts.cs
+++ b/tests/NuGetGallery.Facts/Services/ReflowPackageServiceFacts.cs
@@ -14,6 +14,7 @@
 using NuGetGallery.Packaging;
 using Xunit;
 using NuGetGallery.TestUtils;
+using NuGetGallery.Security;
 
 namespace NuGetGallery
 {
@@ -337,18 +338,22 @@ private static Mock<PackageService> SetupPackageService(Package package)
         {
             var packageRegistrationRepository = new Mock<IEntityRepository<PackageRegistration>>();
             var packageRepository = new Mock<IEntityRepository<Package>>();
+            var certificateRepository = new Mock<IEntityRepository<Certificate>>();
             var packageNamingConflictValidator = new PackageNamingConflictValidator(
                     packageRegistrationRepository.Object,
                     packageRepository.Object);
             var auditingService = new TestAuditingService();
             var telemetryService = new Mock<ITelemetryService>();
+            var securityPolicyService = new Mock<ISecurityPolicyService>();
 
             var packageService = new Mock<PackageService>(
                 packageRegistrationRepository.Object,
                 packageRepository.Object,
+                certificateRepository.Object,
                 packageNamingConflictValidator,
                 auditingService,
-                telemetryService.Object);
+                telemetryService.Object,
+                securityPolicyService.Object);
 
             packageService.CallBase = true;
 
diff --git a/tests/NuGetGallery.Facts/Services/TelemetryServiceFacts.cs b/tests/NuGetGallery.Facts/Services/TelemetryServiceFacts.cs
index 344981e682..7ca12884fc 100644
--- a/tests/NuGetGallery.Facts/Services/TelemetryServiceFacts.cs
+++ b/tests/NuGetGallery.Facts/Services/TelemetryServiceFacts.cs
@@ -8,7 +8,6 @@
 using Moq;
 using NuGetGallery.Diagnostics;
 using NuGetGallery.Framework;
-using NuGetGallery.Security;
 using Xunit;
 
 using TrackAction = System.Action<NuGetGallery.TelemetryService>;
@@ -37,6 +36,22 @@ public static IEnumerable<object[]> TrackMetricNames_Data
                     var package = fakes.Package.Packages.First();
                     var identity = Fakes.ToIdentity(fakes.User);
 
+                    yield return new object[] { "CertificateActivated",
+                        (TrackAction)(s => s.TrackCertificateActivated("thumbprint"))
+                    };
+
+                    yield return new object[] { "CertificateAdded",
+                        (TrackAction)(s => s.TrackCertificateAdded("thumbprint"))
+                    };
+
+                    yield return new object[] { "CertificateDeactivated",
+                        (TrackAction)(s => s.TrackCertificateDeactivated("thumbprint"))
+                    };
+
+                    yield return new object[] { "PackageRegistrationRequiredSignerSet",
+                        (TrackAction)(s => s.TrackRequiredSignerSet(package.PackageRegistration.Id))
+                    };
+
                     yield return new object[] { "ODataQueryFilter",
                         (TrackAction)(s => s.TrackODataQueryFilterEvent("callContext", true, true, "queryPattern"))
                     };
@@ -89,6 +104,14 @@ public static IEnumerable<object[]> TrackMetricNames_Data
                         (TrackAction)(s => s.TrackNewUserRegistrationEvent(fakes.User, fakes.User.Credentials.First()))
                     };
 
+                    yield return new object[] { "UserMultiFactorAuthenticationEnabled",
+                        (TrackAction)(s => s.TrackUserChangedMultiFactorAuthentication(fakes.User, enabledMultiFactorAuth: true))
+                    };
+
+                    yield return new object[] { "UserMultiFactorAuthenticationDisabled",
+                        (TrackAction)(s => s.TrackUserChangedMultiFactorAuthentication(fakes.User, enabledMultiFactorAuth: false))
+                    };
+
                     yield return new object[] { "CredentialAdded",
                         (TrackAction)(s => s.TrackNewCredentialCreated(fakes.User, fakes.User.Credentials.First()))
                     };
@@ -364,6 +387,129 @@ public void TrackOrganizationAddedThrowsIfNullUser()
                 Assert.Throws<ArgumentNullException>(() =>
                     service.TrackOrganizationAdded(null));
             }
+
+            [Theory]
+            [InlineData(null)]
+            [InlineData("")]
+            public void TrackCertificateAdded_WhenThumbprintIsInvalid_Throws(string thumbprint)
+            {
+                var service = CreateService();
+                var exception = Assert.Throws<ArgumentException>(
+                    () => service.TrackCertificateAdded(thumbprint));
+
+                Assert.Equal("thumbprint", exception.ParamName);
+                Assert.StartsWith("The argument cannot be null or empty.", exception.Message);
+            }
+
+            [Fact]
+            public void TrackCertificateAdded_WhenThumbprintIsValid_Throws()
+            {
+                const string thumbprint = "a";
+
+                var service = CreateServiceForCertificateTelemetry("CertificateAdded", thumbprint);
+
+                service.TrackCertificateAdded(thumbprint);
+
+                service.TelemetryClient.VerifyAll();
+            }
+
+            [Theory]
+            [InlineData(null)]
+            [InlineData("")]
+            public void TrackCertificateActivated_WhenThumbprintIsInvalid_Throws(string thumbprint)
+            {
+                var service = CreateService();
+                var exception = Assert.Throws<ArgumentException>(
+                    () => service.TrackCertificateActivated(thumbprint));
+
+                Assert.Equal("thumbprint", exception.ParamName);
+                Assert.StartsWith("The argument cannot be null or empty.", exception.Message);
+            }
+
+            [Fact]
+            public void TrackCertificateActivated_WhenThumbprintIsValid_Throws()
+            {
+                const string thumbprint = "a";
+
+                var service = CreateServiceForCertificateTelemetry("CertificateActivated", thumbprint);
+
+                service.TrackCertificateActivated(thumbprint);
+
+                service.TelemetryClient.VerifyAll();
+            }
+
+            [Theory]
+            [InlineData(null)]
+            [InlineData("")]
+            public void TrackCertificateDeactivated_WhenThumbprintIsInvalid_Throws(string thumbprint)
+            {
+                var service = CreateService();
+                var exception = Assert.Throws<ArgumentException>(
+                    () => service.TrackCertificateDeactivated(thumbprint));
+
+                Assert.Equal("thumbprint", exception.ParamName);
+                Assert.StartsWith("The argument cannot be null or empty.", exception.Message);
+            }
+
+            [Fact]
+            public void TrackCertificateDeactivated_WhenThumbprintIsValid_Throws()
+            {
+                const string thumbprint = "a";
+
+                var service = CreateServiceForCertificateTelemetry("CertificateDeactivated", thumbprint);
+
+                service.TrackCertificateDeactivated(thumbprint);
+
+                service.TelemetryClient.VerifyAll();
+            }
+
+            [Theory]
+            [InlineData(null)]
+            [InlineData("")]
+            public void TrackRequiredSignerSet_WhenPackageRegistrationIsInvalid_Throws(string packageId)
+            {
+                var service = CreateService();
+                var exception = Assert.Throws<ArgumentException>(
+                    () => service.TrackRequiredSignerSet(packageId));
+
+                Assert.Equal("packageId", exception.ParamName);
+                Assert.StartsWith("The argument cannot be null or empty.", exception.Message);
+            }
+
+            [Fact]
+            public void TrackRequiredSignerSet_WhenPackageRegistrationIsValid_Throws()
+            {
+                const string packageId = "a";
+
+                var service = CreateService();
+
+                service.TelemetryClient.Setup(
+                   x => x.TrackMetric(
+                       It.Is<string>(name => name == "PackageRegistrationRequiredSignerSet"),
+                       It.Is<double>(value => value == 1),
+                       It.Is<IDictionary<string, string>>(
+                           properties => properties.Count == 1 &&
+                               properties["PackageId"] == packageId)));
+
+                service.TrackRequiredSignerSet(packageId);
+
+                service.TelemetryClient.VerifyAll();
+            }
+
+            private TelemetryServiceWrapper CreateServiceForCertificateTelemetry(string metricName, string thumbprint)
+            {
+                var service = CreateService();
+
+                service.TelemetryClient.Setup(
+                   x => x.TrackMetric(
+                       It.Is<string>(name => name == metricName),
+                       It.Is<double>(value => value == 1),
+                       It.Is<IDictionary<string, string>>(
+                           properties => properties.Count == 1 &&
+                               properties["Sha256Thumbprint"] == thumbprint)));
+
+                return service;
+            }
         }
 
         public class TheTraceExceptionMethod : BaseFacts
diff --git a/tests/NuGetGallery.Facts/Services/UserServiceFacts.cs b/tests/NuGetGallery.Facts/Services/UserServiceFacts.cs
index 23803f304d..4db82b7f0a 100644
--- a/tests/NuGetGallery.Facts/Services/UserServiceFacts.cs
+++ b/tests/NuGetGallery.Facts/Services/UserServiceFacts.cs
@@ -19,6 +19,95 @@ namespace NuGetGallery
 {
     public class UserServiceFacts
     {
+
+        public class TheFindByKeyMethod
+        {
+            [Theory]
+            [InlineData(false)]
+            [InlineData(true)]
+            public void ReturnsTheUserForTheKey(bool includedDeletedRecords)
+            {
+                var user1 = new User { Username = "User1", Key = 1, EmailAddress = "new1@example.org" };
+                var user2 = new User { Username = "User2", Key = 2, EmailAddress = "new2@example.org" };
+                var service = new TestableUserServiceWithDBFaking
+                {
+                    Users = new[] { user1, user2 }
+                };
+
+                var result = service.FindByKey(1, includedDeletedRecords);
+                Assert.Equal("User1", result.Username);
+            }
+
+            [Theory]
+            [InlineData(false)]
+            [InlineData(true)]
+            public void ReturnsDeletedUserIfRequired(bool includedDeletedRecords)
+            {
+                var user1 = new User { Username = "User1", Key = 1, EmailAddress = "new1@example.org", IsDeleted = true };
+                var user2 = new User { Username = "User2", Key = 2, EmailAddress = "new2@example.org" };
+
+                var service = new TestableUserServiceWithDBFaking
+                {
+                    Users = new[] { user1, user2 }
+                };
+
+                var result = service.FindByKey(1, includedDeletedRecords);
+
+                if (includedDeletedRecords)
+                {
+                    Assert.Equal("User1", result.Username);
+                }
+                else
+                {
+                    Assert.Null(result);
+                }
+            }
+        }
+
+        public class TheFindByUsernameMethod
+        {
+            [Theory]
+            [InlineData(false)]
+            [InlineData(true)]
+            public void ReturnsTheUserForTheUsername(bool includedDeletedRecords)
+            {
+                var user1 = new User { Username = "User1", Key = 1, EmailAddress = "new1@example.org" };
+                var user2 = new User { Username = "User2", Key = 2, EmailAddress = "new2@example.org" };
+                var service = new TestableUserServiceWithDBFaking
+                {
+                    Users = new[] { user1, user2 }
+                };
+
+                var result = service.FindByUsername("User1", includedDeletedRecords);
+                Assert.Equal("User1", result.Username);
+            }
+
+            [Theory]
+            [InlineData(false)]
+            [InlineData(true)]
+            public void ReturnsDeletedUserIfRequired(bool includedDeletedRecords)
+            {
+                var user1 = new User { Username = "User1", Key = 1, EmailAddress = "new1@example.org", IsDeleted = true };
+                var user2 = new User { Username = "User2", Key = 2, EmailAddress = "new2@example.org" };
+
+                var service = new TestableUserServiceWithDBFaking
+                {
+                    Users = new[] { user1, user2 }
+                };
+
+                var result = service.FindByUsername("User1", includedDeletedRecords);
+
+                if (includedDeletedRecords)
+                {
+                    Assert.Equal("User1", result.Username);
+                }
+                else
+                {
+                    Assert.Null(result);
+                }
+            }
+        }
+
         public class TheAddMembershipRequestAsyncMethod
         {
             [Theory]
@@ -389,29 +478,32 @@ public async Task WhereMemberIsOrganization_ThrowsEntityException(bool isAdmin)
             public async Task WhenMemberExists_UpdatesMember(bool isAdmin)
             {
                 // Arrange
-                var fakes = new Fakes();
-                var service = new TestableUserService();
-                service.MockUserRepository.Setup(r => r.GetAll())
+                UserService.MockUserRepository.Setup(r => r.GetAll())
                     .Returns(new[] {
-                        fakes.User,
-                        fakes.Organization
+                        Fakes.User,
+                        Fakes.Organization
                     }.AsQueryable());
 
                 var token = "token";
 
-                fakes.Organization.MemberRequests.Add(new MembershipRequest
+                Fakes.Organization.MemberRequests.Add(new MembershipRequest
                 {
-                    NewMember = fakes.OrganizationCollaborator,
+                    NewMember = Fakes.OrganizationCollaborator,
                     ConfirmationToken = token,
                     IsAdmin = isAdmin
                 });
 
                 // Act
-                var result = await service.AddMemberAsync(fakes.Organization, fakes.OrganizationCollaborator.Username, token);
+                var result = await UserService.AddMemberAsync(Fakes.Organization, Fakes.OrganizationCollaborator.Username, token);
                 Assert.Equal(isAdmin, result.IsAdmin);
-                Assert.Equal(fakes.OrganizationCollaborator, result.Member);
+                Assert.Equal(Fakes.OrganizationCollaborator, result.Member);
 
-                service.MockEntitiesContext.Verify(c => c.SaveChangesAsync(), Times.Once);
+                UserService.MockEntitiesContext.Verify(c => c.SaveChangesAsync(), Times.Once);
+                Assert.True(UserService.Auditing.WroteRecord<UserAuditRecord>(ar =>
+                    ar.Action == AuditedUserAction.UpdateOrganizationMember &&
+                    ar.Username == Fakes.Organization.Username &&
+                    ar.AffectedMemberUsername == Fakes.OrganizationCollaborator.Username &&
+                    ar.AffectedMemberIsAdmin == isAdmin));
             }
 
             [Theory]
@@ -505,6 +597,11 @@ public async Task WhenSecurityPolicyEvalutionSucceeds_CreatesMembership(bool isA
                 Assert.Equal(Fakes.User, result.Member);
 
                 UserService.MockEntitiesContext.Verify(c => c.SaveChangesAsync(), Times.Once);
+                Assert.True(UserService.Auditing.WroteRecord<UserAuditRecord>(ar =>
+                    ar.Action == AuditedUserAction.AddOrganizationMember &&
+                    ar.Username == Fakes.Organization.Username &&
+                    ar.AffectedMemberUsername == Fakes.User.Username &&
+                    ar.AffectedMemberIsAdmin == isAdmin));
             }
         }
 
@@ -583,6 +680,12 @@ public async Task WhenNotLastAdmin_DeletesMembership()
 
                 // Assert
                 service.MockEntitiesContext.Verify(c => c.SaveChangesAsync(), Times.Once);
+
+                Assert.True(service.Auditing.WroteRecord<UserAuditRecord>(ar =>
+                    ar.Action == AuditedUserAction.RemoveOrganizationMember &&
+                    ar.Username == fakes.Organization.Username &&
+                    ar.AffectedMemberUsername == fakes.OrganizationAdmin.Username &&
+                    ar.AffectedMemberIsAdmin == true));
             }
 
             [Fact]
@@ -597,6 +700,12 @@ public async Task WhenCollaborator_DeletesMembership()
 
                 // Assert
                 service.MockEntitiesContext.Verify(c => c.SaveChangesAsync(), Times.Once);
+
+                Assert.True(service.Auditing.WroteRecord<UserAuditRecord>(ar =>
+                    ar.Action == AuditedUserAction.RemoveOrganizationMember &&
+                    ar.Username == fakes.Organization.Username &&
+                    ar.AffectedMemberUsername == fakes.OrganizationCollaborator.Username &&
+                    ar.AffectedMemberIsAdmin == false));
             }
         }
 
@@ -829,7 +938,7 @@ public async Task WhenRemovingLastAdmin_ThrowsEntityException()
             }
 
             [Fact]
-            public async Task WhenNotRemovingLastAdmin_ReturnsSuccess()
+            public async Task WhenNotDemotingLastAdmin_ReturnsSuccess()
             {
                 // Arrange
                 var fakes = new Fakes();
@@ -847,6 +956,70 @@ public async Task WhenNotRemovingLastAdmin_ReturnsSuccess()
                 Assert.Equal(fakes.OrganizationAdmin, result.Member);
 
                 service.MockEntitiesContext.Verify(c => c.SaveChangesAsync(), Times.Once);
+
+                Assert.True(service.Auditing.WroteRecord<UserAuditRecord>(ar =>
+                    ar.Action == AuditedUserAction.UpdateOrganizationMember &&
+                    ar.Username == fakes.Organization.Username &&
+                    ar.AffectedMemberUsername == fakes.OrganizationAdmin.Username &&
+                    ar.AffectedMemberIsAdmin == false));
+            }
+
+            [Fact]
+            public async Task WhenPromotingCollaboratorToAdmin_ReturnsSuccess()
+            {
+                // Arrange
+                var fakes = new Fakes();
+                var service = new TestableUserService();
+
+                // Act
+                var result = await service.UpdateMemberAsync(fakes.Organization, fakes.OrganizationCollaborator.Username, true);
+
+                // Assert
+                Assert.Equal(true, result.IsAdmin);
+                Assert.Equal(fakes.OrganizationCollaborator, result.Member);
+
+                service.MockEntitiesContext.Verify(c => c.SaveChangesAsync(), Times.Once);
+
+                Assert.True(service.Auditing.WroteRecord<UserAuditRecord>(ar =>
+                    ar.Action == AuditedUserAction.UpdateOrganizationMember &&
+                    ar.Username == fakes.Organization.Username &&
+                    ar.AffectedMemberUsername == fakes.OrganizationCollaborator.Username &&
+                    ar.AffectedMemberIsAdmin == true));
+            }
+
+            public static IEnumerable<object[]> WhenMembershipMatches_DoesNotSaveChanges_Data => new object[][]
+            {
+                new object[]
+                {
+                    new Func<Fakes, User>((Fakes fakes) => fakes.OrganizationAdmin),
+                    true
+                },
+                new object[]
+                {
+                    new Func<Fakes, User>((Fakes fakes) => fakes.OrganizationCollaborator),
+                    false
+                }
+            };
+
+            [Theory]
+            [MemberData(nameof(WhenMembershipMatches_DoesNotSaveChanges_Data))]
+            public async Task WhenMembershipMatches_DoesNotSaveChanges(Func<Fakes, User> getMember, bool isAdmin)
+            {
+                // Arrange
+                var fakes = new Fakes();
+                var service = new TestableUserService();
+                var member = getMember(fakes);
+
+                // Act
+                var result = await service.UpdateMemberAsync(fakes.Organization, member.Username, isAdmin);
+
+                // Assert
+                Assert.Equal(isAdmin, result.IsAdmin);
+                Assert.Equal(member, result.Member);
+
+                service.MockEntitiesContext.Verify(c => c.SaveChangesAsync(), Times.Never);
+
+                Assert.False(service.Auditing.WroteRecord<UserAuditRecord>());
             }
         }
 
@@ -1142,6 +1315,26 @@ public async Task WritesAuditRecord()
             }
         }
 
+        public class TheChangeMultiFactorAuthenticationMethod
+        {
+            [Theory]
+            [InlineData(true)]
+            [InlineData(false)]
+            public async Task UpdatesMultiFactorSettings(bool enable2FA)
+            {
+                // Arrange
+                var user = new User();
+                var service = new TestableUserService();
+
+                // Act
+                await service.ChangeMultiFactorAuthentication(user, enable2FA);
+
+                // Assert
+                Assert.Equal(user.EnableMultiFactorAuthentication, enable2FA);
+                service.MockUserRepository.Verify(x => x.CommitChangesAsync(), Times.Once);
+                service.MockTelemetryService.Verify(x => x.TrackUserChangedMultiFactorAuthentication(user, enable2FA), Times.Once);
+            }
+        }
 
         public class TheUpdateProfileMethod
         {
@@ -1251,38 +1444,12 @@ public void WhenAccountHasMemberships_ReturnsFalse()
                 Assert.Equal(errorReason, String.Format(CultureInfo.CurrentCulture,
                     Strings.TransformAccount_AccountHasMemberships, fakes.OrganizationCollaborator.Username));
             }
-
-            [Fact]
-            public void WhenAccountDoesNotSupportOrganizations_ReturnsFalse()
-            {
-                // Arrange
-                var service = new TestableUserService();
-                var fakes = new Fakes();
-                var user = fakes.User;
-
-                var passwordConfigMock = new Mock<ILoginDiscontinuationConfiguration>();
-                passwordConfigMock
-                    .Setup(x => x.AreOrganizationsSupportedForUser(user))
-                    .Returns(false);
-
-                service.MockConfigObjectService
-                    .Setup(x => x.LoginDiscontinuationConfiguration)
-                    .Returns(passwordConfigMock.Object);
-
-                // Act
-                var result = Invoke(service, user, out var errorReason);
-
-                // Assert
-                Assert.False(result);
-                Assert.Equal(errorReason, String.Format(CultureInfo.CurrentCulture,
-                    Strings.Organizations_NotSupportedForAccount, user.Username));
-            }
         }
 
         public class TheCanTransformToOrganizationMethod : TheCanTransformToOrganizationBaseMethod
         {
             [Fact]
-            public void WhenAccountSupportsOrganizations_ReturnsTrue()
+            public void WhenAccountHasNoMemberships_ReturnsTrue()
             {
                 // Arrange
                 var service = new TestableUserService();
@@ -1290,10 +1457,6 @@ public void WhenAccountSupportsOrganizations_ReturnsTrue()
                 var user = fakes.User;
 
                 var passwordConfigMock = new Mock<ILoginDiscontinuationConfiguration>();
-                passwordConfigMock
-                    .Setup(x => x.AreOrganizationsSupportedForUser(user))
-                    .Returns(true);
-
                 service.MockConfigObjectService
                     .Setup(x => x.LoginDiscontinuationConfiguration)
                     .Returns(passwordConfigMock.Object);
@@ -1322,10 +1485,6 @@ public void WhenAdminMatchesAccountToTransform_ReturnsFalse()
                 var user = fakes.User;
 
                 var passwordConfigMock = new Mock<ILoginDiscontinuationConfiguration>();
-                passwordConfigMock
-                    .Setup(x => x.AreOrganizationsSupportedForUser(user))
-                    .Returns(true);
-
                 service.MockConfigObjectService
                     .Setup(x => x.LoginDiscontinuationConfiguration)
                     .Returns(passwordConfigMock.Object);
@@ -1350,10 +1509,6 @@ public void WhenAdminIsNotConfirmed_ReturnsFalse()
                 var user = fakes.User;
 
                 var passwordConfigMock = new Mock<ILoginDiscontinuationConfiguration>();
-                passwordConfigMock
-                    .Setup(x => x.AreOrganizationsSupportedForUser(user))
-                    .Returns(true);
-
                 service.MockConfigObjectService
                     .Setup(x => x.LoginDiscontinuationConfiguration)
                     .Returns(passwordConfigMock.Object);
@@ -1378,10 +1533,6 @@ public void WhenAdminIsOrganization_ReturnsFalse()
                 var organization = fakes.Organization;
 
                 var passwordConfigMock = new Mock<ILoginDiscontinuationConfiguration>();
-                passwordConfigMock
-                    .Setup(x => x.AreOrganizationsSupportedForUser(user))
-                    .Returns(true);
-
                 service.MockConfigObjectService
                     .Setup(x => x.LoginDiscontinuationConfiguration)
                     .Returns(passwordConfigMock.Object);
@@ -1493,10 +1644,20 @@ public class TheTransformToOrganizationAccountMethod
         {
             private TestableUserService _service = new TestableUserService();
 
+            private const string TransformedUsername = "Account";
+            private const string AdminUsername = "Admin";
+
             [Fact]
             public async Task WhenAdminHasNoTenant_TransformsAccountWithoutPolicy()
             {
-                Assert.True(await InvokeTransformUserToOrganization(3, new User("adminWithNoTenant") { Credentials = new Credential[0] }));
+                var tenantlessAdminUsername = "adminWithNoTenant";
+                Assert.True(await InvokeTransformUserToOrganization(3, new User(tenantlessAdminUsername) { Credentials = new Credential[0] }));
+
+                Assert.True(_service.Auditing.WroteRecord<UserAuditRecord>(ar =>
+                    ar.Action == AuditedUserAction.TransformOrganization &&
+                    ar.Username == TransformedUsername &&
+                    ar.AffectedMemberUsername == tenantlessAdminUsername &&
+                    ar.AffectedMemberIsAdmin == true));
             }
 
             public async Task WhenAdminHasUnsupportedTenant_TransformsAccountWithoutPolicy()
@@ -1511,6 +1672,12 @@ public async Task WhenAdminHasUnsupportedTenant_TransformsAccountWithoutPolicy()
                     .Returns(mockLoginDiscontinuationConfiguration.Object);
 
                 Assert.True(await InvokeTransformUserToOrganization(3));
+
+                Assert.True(_service.Auditing.WroteRecord<UserAuditRecord>(ar =>
+                    ar.Action == AuditedUserAction.TransformOrganization &&
+                    ar.Username == TransformedUsername &&
+                    ar.AffectedMemberUsername == AdminUsername &&
+                    ar.AffectedMemberIsAdmin == true));
             }
 
             public async Task WhenAdminHasSupportedTenant_TransformsAccountWithPolicy()
@@ -1525,6 +1692,12 @@ public async Task WhenAdminHasSupportedTenant_TransformsAccountWithPolicy()
                     .Returns(mockLoginDiscontinuationConfiguration.Object);
 
                 Assert.True(await InvokeTransformUserToOrganization(3, subscribesToPolicy: true));
+
+                Assert.True(_service.Auditing.WroteRecord<UserAuditRecord>(ar =>
+                    ar.Action == AuditedUserAction.TransformOrganization &&
+                    ar.Username == TransformedUsername &&
+                    ar.AffectedMemberUsername == AdminUsername &&
+                    ar.AffectedMemberIsAdmin == true));
             }
 
             [Theory]
@@ -1542,6 +1715,8 @@ public async Task WhenSqlResultIsZeroOrLess_ReturnsFalse(int affectedRecords)
                     .Returns(mockLoginDiscontinuationConfiguration.Object);
 
                 Assert.False(await InvokeTransformUserToOrganization(affectedRecords));
+
+                Assert.False(_service.Auditing.WroteRecord<UserAuditRecord>());
             }
 
             [Theory]
@@ -1559,13 +1734,19 @@ public async Task WhenSqlResultIsPositive_ReturnsTrue(int affectedRecords)
                     .Returns(mockLoginDiscontinuationConfiguration.Object);
 
                 Assert.True(await InvokeTransformUserToOrganization(affectedRecords));
+
+                Assert.True(_service.Auditing.WroteRecord<UserAuditRecord>(ar =>
+                    ar.Action == AuditedUserAction.TransformOrganization &&
+                    ar.Username == TransformedUsername &&
+                    ar.AffectedMemberUsername == AdminUsername &&
+                    ar.AffectedMemberIsAdmin == true));
             }
 
             private Task<bool> InvokeTransformUserToOrganization(int affectedRecords, User admin = null, bool subscribesToPolicy = false)
             {
                 // Arrange
-                var account = new User("Account");
-                admin = admin ?? new User("Admin")
+                var account = new User(TransformedUsername);
+                admin = admin ?? new User(AdminUsername)
                 {
                     Credentials = new Credential[] {
                         new CredentialBuilder().CreateExternalCredential(
@@ -1602,18 +1783,6 @@ public class TheAddOrganizationAccountMethod
 
             private TestableUserService _service = new TestableUserService();
 
-            [Fact]
-            public async Task WithUserNotSupportedForOrganizations_ThrowsEntityException()
-            {
-                SetupOrganizationsSupportedForUser(supported: false);
-                var exception = await Assert.ThrowsAsync<EntityException>(() => InvokeAddOrganization());
-                Assert.Equal(String.Format(CultureInfo.CurrentCulture, Strings.Organizations_NotSupportedForAccount, AdminName), exception.Message);
-
-                _service.MockOrganizationRepository.Verify(x => x.InsertOnCommit(It.IsAny<Organization>()), Times.Never());
-                _service.MockSecurityPolicyService.Verify(sp => sp.SubscribeAsync(It.IsAny<User>(), It.IsAny<IUserSecurityPolicySubscription>(), false), Times.Never());
-                _service.MockEntitiesContext.Verify(x => x.SaveChangesAsync(), Times.Never());
-            }
-
             [Fact]
             public async Task WithUsernameConflict_ThrowsEntityException()
             {
@@ -1623,14 +1792,13 @@ public async Task WithUsernameConflict_ThrowsEntityException()
                     .Setup(x => x.Users)
                     .Returns(new[] { new User(conflictUsername) }.MockDbSet().Object);
 
-                SetupOrganizationsSupportedForUser();
-
                 var exception = await Assert.ThrowsAsync<EntityException>(() => InvokeAddOrganization(orgName: conflictUsername));
                 Assert.Equal(String.Format(CultureInfo.CurrentCulture, Strings.UsernameNotAvailable, conflictUsername), exception.Message);
 
                 _service.MockOrganizationRepository.Verify(x => x.InsertOnCommit(It.IsAny<Organization>()), Times.Never());
                 _service.MockSecurityPolicyService.Verify(sp => sp.SubscribeAsync(It.IsAny<User>(), It.IsAny<IUserSecurityPolicySubscription>(), false), Times.Never());
                 _service.MockEntitiesContext.Verify(x => x.SaveChangesAsync(), Times.Never());
+                Assert.False(_service.Auditing.WroteRecord<UserAuditRecord>());
             }
 
             [Fact]
@@ -1642,14 +1810,13 @@ public async Task WithEmailConflict_ThrowsEntityException()
                     .Setup(x => x.Users)
                     .Returns(new[] { new User("user") { EmailAddress = conflictEmail } }.MockDbSet().Object);
 
-                SetupOrganizationsSupportedForUser();
-
                 var exception = await Assert.ThrowsAsync<EntityException>(() => InvokeAddOrganization(orgEmail: conflictEmail));
                 Assert.Equal(String.Format(CultureInfo.CurrentCulture, Strings.EmailAddressBeingUsed, conflictEmail), exception.Message);
 
                 _service.MockOrganizationRepository.Verify(x => x.InsertOnCommit(It.IsAny<Organization>()), Times.Never());
                 _service.MockSecurityPolicyService.Verify(sp => sp.SubscribeAsync(It.IsAny<User>(), It.IsAny<IUserSecurityPolicySubscription>(), false), Times.Never());
                 _service.MockEntitiesContext.Verify(x => x.SaveChangesAsync(), Times.Never());
+                Assert.False(_service.Auditing.WroteRecord<UserAuditRecord>());
             }
 
             [Fact]
@@ -1659,8 +1826,6 @@ public async Task WhenAdminHasNoTenant_ReturnsNewOrgWithoutPolicy()
                     .Setup(x => x.Users)
                     .Returns(Enumerable.Empty<User>().MockDbSet().Object);
 
-                SetupOrganizationsSupportedForUser();
-
                 var org = await InvokeAddOrganization(admin: new User(AdminName) { Credentials = new Credential[0] });
 
                 AssertNewOrganizationReturned(org, subscribedToPolicy: false);
@@ -1678,10 +1843,6 @@ public async Task WhenAdminHasUnsupportedTenant_ReturnsNewOrgWithoutPolicy()
                     .Setup(x => x.IsTenantIdPolicySupportedForOrganization(It.IsAny<string>(), It.IsAny<string>()))
                     .Returns(false);
 
-                mockLoginDiscontinuationConfiguration
-                    .Setup(x => x.AreOrganizationsSupportedForUser(It.Is<User>(u => u.Username == AdminName)))
-                    .Returns(true);
-
                 _service.MockConfigObjectService
                     .Setup(x => x.LoginDiscontinuationConfiguration)
                     .Returns(mockLoginDiscontinuationConfiguration.Object);
@@ -1703,10 +1864,6 @@ public async Task WhenSubscribingToPolicyFails_ReturnsNewOrgWithoutPolicy()
                     .Setup(x => x.IsTenantIdPolicySupportedForOrganization(It.IsAny<string>(), It.IsAny<string>()))
                     .Returns(true);
 
-                mockLoginDiscontinuationConfiguration
-                    .Setup(x => x.AreOrganizationsSupportedForUser(It.Is<User>(u => u.Username == AdminName)))
-                    .Returns(true);
-
                 _service.MockConfigObjectService
                     .Setup(x => x.LoginDiscontinuationConfiguration)
                     .Returns(mockLoginDiscontinuationConfiguration.Object);
@@ -1732,10 +1889,6 @@ public async Task WhenSubscribingToPolicySucceeds_ReturnsNewOrg()
                     .Setup(x => x.IsTenantIdPolicySupportedForOrganization(It.IsAny<string>(), It.IsAny<string>()))
                     .Returns(true);
 
-                mockLoginDiscontinuationConfiguration
-                    .Setup(x => x.AreOrganizationsSupportedForUser(It.Is<User>(u => u.Username == AdminName)))
-                    .Returns(true);
-
                 _service.MockConfigObjectService
                     .Setup(x => x.LoginDiscontinuationConfiguration)
                     .Returns(mockLoginDiscontinuationConfiguration.Object);
@@ -1790,20 +1943,13 @@ private void AssertNewOrganizationReturned(Organization org, bool subscribedToPo
                 _service.MockSecurityPolicyService.Verify(
                     sp => sp.SubscribeAsync(It.IsAny<User>(), It.IsAny<IUserSecurityPolicySubscription>(), false), 
                     subscribedToPolicy ? Times.Once() : Times.Never());
+                Assert.True(_service.Auditing.WroteRecord<UserAuditRecord>(ar =>
+                    ar.Action == AuditedUserAction.AddOrganization &&
+                    ar.Username == org.Username &&
+                    ar.AffectedMemberUsername == AdminName &&
+                    ar.AffectedMemberIsAdmin == true));
                 _service.MockEntitiesContext.Verify(x => x.SaveChangesAsync(), Times.Once());
             }
-
-            private void SetupOrganizationsSupportedForUser(string adminUsername = null, bool supported = true)
-            {
-                adminUsername = adminUsername ?? AdminName;
-
-                var mockLoginDiscontinuationConfiguration = new Mock<ILoginDiscontinuationConfiguration>();
-                mockLoginDiscontinuationConfiguration
-                    .Setup(x => x.AreOrganizationsSupportedForUser(It.Is<User>(u => u.Username == adminUsername)))
-                    .Returns(supported);
-
-                _service.MockConfigObjectService.Setup(x => x.LoginDiscontinuationConfiguration).Returns(mockLoginDiscontinuationConfiguration.Object);
-            }
         }
         public class TheRejectTransformUserToOrganizationRequestMethod
         {
diff --git a/tests/NuGetGallery.Facts/TestData/certificate.cer b/tests/NuGetGallery.Facts/TestData/certificate.cer
new file mode 100644
index 0000000000..30f2658958
Binary files /dev/null and b/tests/NuGetGallery.Facts/TestData/certificate.cer differ
diff --git a/tests/NuGetGallery.Facts/TestUtils/FakeEntitiesContext.cs b/tests/NuGetGallery.Facts/TestUtils/FakeEntitiesContext.cs
index 2ef775280a..b8e0fb14fc 100644
--- a/tests/NuGetGallery.Facts/TestUtils/FakeEntitiesContext.cs
+++ b/tests/NuGetGallery.Facts/TestUtils/FakeEntitiesContext.cs
@@ -134,6 +134,30 @@ public IDbSet<ReservedNamespace> ReservedNamespaces
             }
         }
 
+        public IDbSet<Certificate> Certificates
+        {
+            get
+            {
+                return Set<Certificate>();
+            }
+            set
+            {
+                throw new NotSupportedException();
+            }
+        }
+
+        public IDbSet<UserCertificate> UserCertificates
+        {
+            get
+            {
+                return Set<UserCertificate>();
+            }
+            set
+            {
+                throw new NotSupportedException();
+            }
+        }
+
         public Task<int> SaveChangesAsync()
         {
             _areChangesSaved = true;
diff --git a/tests/NuGetGallery.Facts/TestUtils/StubHttpPostedFile.cs b/tests/NuGetGallery.Facts/TestUtils/StubHttpPostedFile.cs
new file mode 100644
index 0000000000..28aacec3cd
--- /dev/null
+++ b/tests/NuGetGallery.Facts/TestUtils/StubHttpPostedFile.cs
@@ -0,0 +1,23 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.IO;
+using System.Web;
+
+namespace NuGetGallery
+{
+    internal sealed class StubHttpPostedFile : HttpPostedFileBase
+    {
+        public override int ContentLength { get; }
+        public override string ContentType { get; }
+        public override string FileName { get; }
+        public override Stream InputStream { get; }
+
+        internal StubHttpPostedFile(int contentLength, string fileName, Stream inputStream)
+        {
+            ContentLength = contentLength;
+            FileName = fileName;
+            InputStream = inputStream;
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/NuGetGallery.Facts/TestUtils/TestServiceUtility.cs b/tests/NuGetGallery.Facts/TestUtils/TestServiceUtility.cs
index d98bae66f5..959c985376 100644
--- a/tests/NuGetGallery.Facts/TestUtils/TestServiceUtility.cs
+++ b/tests/NuGetGallery.Facts/TestUtils/TestServiceUtility.cs
@@ -142,6 +142,7 @@ public class TestableUserService : UserService
         public Mock<IDatabase> MockDatabase { get; protected set; }
         public Mock<IContentObjectService> MockConfigObjectService { get; protected set; }
         public Mock<IDateTimeProvider> MockDateTimeProvider { get; protected set; }
+        public Mock<ITelemetryService> MockTelemetryService { get; protected set; }
 
         public TestableUserService()
         {
@@ -154,6 +155,7 @@ public TestableUserService()
             ContentObjectService = (MockConfigObjectService = new Mock<IContentObjectService>()).Object;
             DateTimeProvider = (MockDateTimeProvider = new Mock<IDateTimeProvider>()).Object;
             Auditing = new TestAuditingService();
+            TelemetryService = (MockTelemetryService = new Mock<ITelemetryService>()).Object;
 
             // Set ConfirmEmailAddress to a default of true
             MockConfig.Setup(c => c.ConfirmEmailAddresses).Returns(true);
@@ -183,6 +185,7 @@ public TestableUserServiceWithDBFaking(FakeEntitiesContext context = null)
             Config = (MockConfig = new Mock<IAppConfiguration>()).Object;
             UserRepository = new EntityRepository<User>(FakeEntitiesContext);
             Auditing = new TestAuditingService();
+            TelemetryService = new TelemetryService();
         }
     }
 
@@ -286,6 +289,7 @@ private Mock<PackageService> SetupPackageService()
                 .Verifiable();
 
             var packageRepository = new Mock<IEntityRepository<Package>>();
+            var certificateRepository = new Mock<IEntityRepository<Certificate>>();
             var packageNamingConflictValidator = new PackageNamingConflictValidator(
                     packageRegistrationRepository.Object,
                     packageRepository.Object);
@@ -293,12 +297,16 @@ private Mock<PackageService> SetupPackageService()
 
             var telemetryService = new Mock<ITelemetryService>();
 
+            var securityPolicyService = new Mock<ISecurityPolicyService>();
+
             var packageService = new Mock<PackageService>(
-                packageRegistrationRepository.Object,
-                packageRepository.Object,
-                packageNamingConflictValidator,
-                auditingService,
-                telemetryService.Object);
+                 packageRegistrationRepository.Object,
+                 packageRepository.Object,
+                 certificateRepository.Object,
+                 packageNamingConflictValidator,
+                 auditingService,
+                 telemetryService.Object,
+                 securityPolicyService.Object);
 
             packageService.CallBase = true;
 
diff --git a/tests/NuGetGallery.Facts/UrlExtensionsFacts.cs b/tests/NuGetGallery.Facts/UrlExtensionsFacts.cs
index becaecf11f..00c5df3bcf 100644
--- a/tests/NuGetGallery.Facts/UrlExtensionsFacts.cs
+++ b/tests/NuGetGallery.Facts/UrlExtensionsFacts.cs
@@ -289,5 +289,58 @@ public void GeneratesTheCorrectActionLink(string siteRoot, string actionName, st
                 Assert.Equal(expectedActionLink, result);
             }
         }
+
+        public class TheDeleteUserCertificateTemplateMethod : TestContainer
+        {
+            [Fact]
+            public void ResolvePathIsCorrect()
+            {
+                var urlHelper = TestUtility.MockUrlHelper();
+
+                var result = urlHelper.DeleteUserCertificateTemplate().Resolve("thumbprint");
+
+                Assert.Equal("/account/certificates/thumbprint", result);
+            }
+        }
+
+        public class TheDeleteOrganizationCertificateTemplateMethod : TestContainer
+        {
+            [Fact]
+            public void ResolvePathIsCorrect()
+            {
+                var urlHelper = TestUtility.MockUrlHelper();
+
+                var result = urlHelper.DeleteOrganizationCertificateTemplate("accountName").Resolve("thumbprint");
+
+                Assert.Equal("/organization/accountName/certificates/thumbprint", result);
+            }
+        }
+
+        public class TheSetRequiredSignerTemplateMethod : TestContainer
+        {
+            [Fact]
+            public void ResolvePathIsCorrect()
+            {
+                var urlHelper = TestUtility.MockUrlHelper();
+                var model = new StubPackageVersionModel();
+
+                var result = urlHelper.SetRequiredSignerTemplate().Resolve(model);
+
+                Assert.Equal("/packages/packageId/required-signer/{username}", result);
+            }
+
+            private sealed class StubPackageVersionModel : IPackageVersionModel
+            {
+                public string Id => "packageId";
+
+                public string Version
+                {
+                    get => throw new NotImplementedException();
+                    set => throw new NotImplementedException();
+                }
+
+                public string Title => throw new NotImplementedException();
+            }
+        }
     }
 }
diff --git a/tests/NuGetGallery.Facts/ViewModels/DeleteAccountViewModelFacts.cs b/tests/NuGetGallery.Facts/ViewModels/DeleteAccountViewModelFacts.cs
deleted file mode 100644
index edca5ac8a5..0000000000
--- a/tests/NuGetGallery.Facts/ViewModels/DeleteAccountViewModelFacts.cs
+++ /dev/null
@@ -1,113 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System.Collections.Generic;
-using System.Linq;
-using NuGetGallery.Framework;
-using Xunit;
-
-namespace NuGetGallery.ViewModels
-{
-    public class DeleteAccountViewModelFacts
-    {
-        public class TheHasOrphanPackagesProperty
-        {
-            [Fact]
-            public void WhenPackagesNotSet_ReturnsFalse()
-            {
-                var viewModel = new DeleteAccountViewModel();
-
-                Assert.False(viewModel.HasOrphanPackages);
-            }
-
-            [Fact]
-            public void WhenPackageHasMultipleUserOwners_ReturnsFalse()
-            {
-                var user = new User("theUser") { Key = 1 };
-                var user2 = new User("theOtherUser") { Key = 2 };
-                var viewModel = CreateViewModel(user, user2);
-
-                Assert.Equal(2, viewModel.Packages.First().Owners.Count);
-                Assert.False(viewModel.HasOrphanPackages);
-            }
-
-            [Fact]
-            public void WhenPackageHasSingleOrgOwnerWithMultipleMembers_ReturnsFalse()
-            {
-                var organization = new Organization();
-                for (int i = 0; i < 2; i++)
-                {
-                    var user = new User($"theuser{i}") { Key = i };
-                    var membership = new Membership()
-                    {
-                        Organization = organization,
-                        Member = user,
-                        IsAdmin = false
-                    };
-                    organization.Members.Add(membership);
-                    user.Organizations.Add(membership);
-                }
-                
-                var viewModel = CreateViewModel(organization);
-
-                Assert.Equal(2, organization.Members.Count);
-                Assert.Equal(1, viewModel.Packages.First().Owners.Count);
-                Assert.False(viewModel.HasOrphanPackages);
-            }
-
-            [Fact]
-            public void WhenPackageHasSingleUserOwner_ReturnsTrue()
-            {
-                var user = new User("theUser");
-                var viewModel = CreateViewModel(user);
-                
-                Assert.Equal(1, viewModel.Packages.First().Owners.Count);
-                Assert.True(viewModel.HasOrphanPackages);
-            }
-
-            [Fact]
-            public void WhenPackageHasSingleOrgOwnerWithSingleMember_ReturnsTrue()
-            {
-                var organization = new Organization();
-                var user = new User();
-                var membership = new Membership()
-                {
-                    Organization = organization,
-                    Member = user,
-                    IsAdmin = false
-                };
-                organization.Members.Add(membership);
-                user.Organizations.Add(membership);
-                
-                var viewModel = CreateViewModel(organization);
-
-                Assert.Equal(1, organization.Members.Count);
-                Assert.Equal(1, viewModel.Packages.First().Owners.Count);
-                Assert.True(viewModel.HasOrphanPackages);
-            }
-
-            private DeleteAccountViewModel CreateViewModel(params User[] owners)
-            {
-                var package = new Package()
-                {
-                    Version = "1.0.0"
-                };
-                var packageRegistration = new PackageRegistration()
-                {
-                    Id = "thePackage",
-                    Packages = new[] { package },
-                    Owners = owners
-                };
-                package.PackageRegistration = packageRegistration;
-
-                return new DeleteAccountViewModel()
-                {
-                    Packages = new List<ListPackageItemViewModel>()
-                    {
-                        new ListPackageItemViewModel(package, currentUser: null)
-                    }
-                };
-            }
-        }
-    }
-}
diff --git a/tests/NuGetGallery.Facts/ViewModels/ListCertificateItemViewModelFacts.cs b/tests/NuGetGallery.Facts/ViewModels/ListCertificateItemViewModelFacts.cs
new file mode 100644
index 0000000000..5318c4478b
--- /dev/null
+++ b/tests/NuGetGallery.Facts/ViewModels/ListCertificateItemViewModelFacts.cs
@@ -0,0 +1,34 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using Xunit;
+
+namespace NuGetGallery.ViewModels
+{
+    public class ListCertificateItemViewModelFacts
+    {
+        [Fact]
+        public void Constructor_WhenCertificateIsNull_Throws()
+        {
+            var exception = Assert.Throws<ArgumentNullException>(
+                () => new ListCertificateItemViewModel(certificate: null, deleteUrl: "a"));
+
+            Assert.Equal("certificate", exception.ParamName);
+        }
+
+        [Theory]
+        [InlineData("a", "b")]
+        [InlineData("c", null)]
+        [InlineData("d", "")]
+        public void Constructor_InitializesProperties(string sha1Thumbprint, string deleteUrl)
+        {
+            var certificate = new Certificate() { Sha1Thumbprint = sha1Thumbprint };
+            var viewModel = new ListCertificateItemViewModel(certificate, deleteUrl);
+
+            Assert.Equal(sha1Thumbprint, viewModel.Sha1Thumbprint);
+            Assert.Equal(deleteUrl, viewModel.DeleteUrl);
+            Assert.Equal(!string.IsNullOrEmpty(deleteUrl), viewModel.CanDelete);
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/NuGetGallery.Facts/ViewModels/ListPackageItemRequiredSignerViewModelFacts.cs b/tests/NuGetGallery.Facts/ViewModels/ListPackageItemRequiredSignerViewModelFacts.cs
new file mode 100644
index 0000000000..822f72dad8
--- /dev/null
+++ b/tests/NuGetGallery.Facts/ViewModels/ListPackageItemRequiredSignerViewModelFacts.cs
@@ -0,0 +1,673 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using Moq;
+using NuGetGallery.Security;
+using Xunit;
+
+namespace NuGetGallery.ViewModels
+{
+    public class ListPackageItemRequiredSignerViewModelFacts
+    {
+        private readonly User _currentUser;
+        private readonly User _otherUser;
+        private readonly Mock<ISecurityPolicyService> _securityPolicyService;
+
+        public ListPackageItemRequiredSignerViewModelFacts()
+        {
+            _currentUser = new User()
+            {
+                Key = 1,
+                Username = "a"
+            };
+
+            _otherUser = new User()
+            {
+                Key = 2,
+                Username = "b"
+            };
+
+            _securityPolicyService = new Mock<ISecurityPolicyService>(MockBehavior.Strict);
+        }
+
+        [Fact]
+        public void Constructor_WhenPackageIsNull_Throws()
+        {
+            var exception = Assert.Throws<ArgumentNullException>(
+                () => new ListPackageItemRequiredSignerViewModel(
+                    package: null,
+                    currentUser: _currentUser,
+                    securityPolicyService: _securityPolicyService.Object,
+                    wasMultiFactorAuthenticated: true));
+
+            Assert.Equal("package", exception.ParamName);
+        }
+
+        [Fact]
+        public void Constructor_WhenCurrentUserIsNull_Throws()
+        {
+            var package = new Package()
+            {
+                PackageRegistration = new PackageRegistration(),
+                Version = "1.0.0"
+            };
+
+            var exception = Assert.Throws<ArgumentNullException>(
+                () => new ListPackageItemRequiredSignerViewModel(
+                    package,
+                    currentUser: null,
+                    securityPolicyService: _securityPolicyService.Object,
+                    wasMultiFactorAuthenticated: true));
+
+            Assert.Equal("currentUser", exception.ParamName);
+        }
+
+        [Fact]
+        public void Constructor_WhenSecurityPolicyServiceIsNull_Throws()
+        {
+            var package = new Package()
+            {
+                PackageRegistration = new PackageRegistration(),
+                Version = "1.0.0"
+            };
+
+            var exception = Assert.Throws<ArgumentNullException>(
+                () => new ListPackageItemRequiredSignerViewModel(
+                    package,
+                    _currentUser,
+                    securityPolicyService: null,
+                    wasMultiFactorAuthenticated: true));
+
+            Assert.Equal("securityPolicyService", exception.ParamName);
+        }
+
+        [Fact]
+        public void Constructor_WhenPackageHasOneOwnerAndItIsTheCurrentUser_WhenRequiredSignerIsNull()
+        {
+            var package = new Package()
+            {
+                PackageRegistration = new PackageRegistration()
+                {
+                    Owners = new List<User>() { _currentUser }
+                },
+                Version = "1.0.0"
+            };
+
+            _securityPolicyService.Setup(x => x.IsSubscribed(
+                    It.Is<User>(user => user == _currentUser),
+                    It.Is<string>(policyName => policyName == ControlRequiredSignerPolicy.PolicyName)))
+                .Returns(false);
+
+            var viewModel = new ListPackageItemRequiredSignerViewModel(
+                package,
+                _currentUser,
+                _securityPolicyService.Object,
+                wasMultiFactorAuthenticated: true);
+
+            Assert.Equal(_currentUser.Username, viewModel.RequiredSigner.Username);
+            Assert.Equal($"{_currentUser.Username} (0 certificates)", viewModel.RequiredSigner.DisplayText);
+            Assert.Null(viewModel.RequiredSignerMessage);
+            Assert.Empty(viewModel.AllSigners);
+            Assert.True(viewModel.ShowRequiredSigner);
+            Assert.True(viewModel.ShowTextBox);
+            Assert.False(viewModel.CanEditRequiredSigner);
+
+            _securityPolicyService.VerifyAll();
+        }
+
+        [Fact]
+        public void Constructor_WhenPackageHasOneOwnerAndItIsTheCurrentUser_WhenRequiredSignerIsCurrentUser()
+        {
+            var package = new Package()
+            {
+                PackageRegistration = new PackageRegistration()
+                {
+                    Owners = new List<User>() { _currentUser },
+                    RequiredSigners = new HashSet<User>() { _currentUser }
+                },
+                Version = "1.0.0"
+            };
+
+            _securityPolicyService.Setup(x => x.IsSubscribed(
+                    It.Is<User>(user => user == _currentUser),
+                    It.Is<string>(policyName => policyName == ControlRequiredSignerPolicy.PolicyName)))
+                .Returns(false);
+
+            var viewModel = new ListPackageItemRequiredSignerViewModel(
+                package,
+                _currentUser,
+                _securityPolicyService.Object,
+                wasMultiFactorAuthenticated: true);
+
+            Assert.Equal(_currentUser.Username, viewModel.RequiredSigner.Username);
+            Assert.Equal($"{_currentUser.Username} (0 certificates)", viewModel.RequiredSigner.DisplayText);
+            Assert.Null(viewModel.RequiredSignerMessage);
+            Assert.Empty(viewModel.AllSigners);
+            Assert.True(viewModel.ShowRequiredSigner);
+            Assert.True(viewModel.ShowTextBox);
+            Assert.False(viewModel.CanEditRequiredSigner);
+
+            _securityPolicyService.VerifyAll();
+        }
+
+        [Fact]
+        public void Constructor_WhenPackageHasOneOwnerAndItIsTheCurrentUser_WhenRequiredSignerIsAnotherUser()
+        {
+            var package = new Package()
+            {
+                PackageRegistration = new PackageRegistration()
+                {
+                    Owners = new List<User>() { _currentUser },
+                    RequiredSigners = new HashSet<User>() { _otherUser }
+                },
+                Version = "1.0.0"
+            };
+
+            _securityPolicyService.Setup(x => x.IsSubscribed(
+                    It.Is<User>(user => user == _currentUser),
+                    It.Is<string>(policyName => policyName == ControlRequiredSignerPolicy.PolicyName)))
+                .Returns(false);
+
+            var viewModel = new ListPackageItemRequiredSignerViewModel(
+                package,
+                _currentUser,
+                _securityPolicyService.Object,
+                wasMultiFactorAuthenticated: true);
+
+            Assert.Equal(_otherUser.Username, viewModel.RequiredSigner.Username);
+            Assert.Equal($"{_otherUser.Username} (0 certificates)", viewModel.RequiredSigner.DisplayText);
+            Assert.Null(viewModel.RequiredSignerMessage);
+            VerifySigners(new[] { _otherUser, _currentUser }, viewModel.AllSigners, expectAnySigner: false);
+            Assert.True(viewModel.ShowRequiredSigner);
+            Assert.False(viewModel.ShowTextBox);
+            Assert.True(viewModel.CanEditRequiredSigner);
+
+            _securityPolicyService.VerifyAll();
+        }
+
+        [Fact]
+        public void Constructor_WhenPackageHasTwoOwnersAndTheCurrentUserIsAnOwner_WhenRequiredSignerIsNull()
+        {
+            var package = new Package()
+            {
+                PackageRegistration = new PackageRegistration()
+                {
+                    Owners = new List<User>() { _currentUser, _otherUser }
+                },
+                Version = "1.0.0"
+            };
+
+            _securityPolicyService.Setup(
+                x => x.IsSubscribed(
+                    It.IsNotNull<User>(),
+                    It.Is<string>(s => s == ControlRequiredSignerPolicy.PolicyName)))
+                .Returns(false);
+
+            var viewModel = new ListPackageItemRequiredSignerViewModel(
+                package,
+                _currentUser,
+                _securityPolicyService.Object,
+                wasMultiFactorAuthenticated: true);
+
+            Assert.Equal(string.Empty, viewModel.RequiredSigner.Username);
+            Assert.Equal("Any", viewModel.RequiredSigner.DisplayText);
+            Assert.Null(viewModel.RequiredSignerMessage);
+            VerifySigners(package.PackageRegistration.Owners, viewModel.AllSigners, expectAnySigner: true);
+            Assert.True(viewModel.ShowRequiredSigner);
+            Assert.False(viewModel.ShowTextBox);
+            Assert.True(viewModel.CanEditRequiredSigner);
+
+            _securityPolicyService.VerifyAll();
+        }
+
+        [Fact]
+        public void Constructor_WhenPackageHasTwoOwnersAndTheCurrentUserIsAnOwnerAndNotMultiFactorAuthenticated_WhenRequiredSignerIsNull()
+        {
+            var package = new Package()
+            {
+                PackageRegistration = new PackageRegistration()
+                {
+                    Owners = new List<User>() { _currentUser, _otherUser }
+                },
+                Version = "1.0.0"
+            };
+
+            _securityPolicyService.Setup(
+                x => x.IsSubscribed(
+                    It.IsNotNull<User>(),
+                    It.Is<string>(s => s == ControlRequiredSignerPolicy.PolicyName)))
+                .Returns(false);
+
+            var viewModel = new ListPackageItemRequiredSignerViewModel(
+                package,
+                _currentUser,
+                _securityPolicyService.Object,
+                wasMultiFactorAuthenticated: false);
+
+            Assert.Equal(string.Empty, viewModel.RequiredSigner.Username);
+            Assert.Equal("Any", viewModel.RequiredSigner.DisplayText);
+            Assert.Null(viewModel.RequiredSignerMessage);
+            VerifySigners(package.PackageRegistration.Owners, viewModel.AllSigners, expectAnySigner: true);
+            Assert.True(viewModel.ShowRequiredSigner);
+            Assert.False(viewModel.ShowTextBox);
+            Assert.False(viewModel.CanEditRequiredSigner);
+
+            _securityPolicyService.VerifyAll();
+        }
+
+        [Fact]
+        public void Constructor_WhenPackageHasOneOwnerAndTheCurrentUserIsACollaborator_WhenRequiredSignerIsNull()
+        {
+            var organization = new Organization()
+            {
+                Key = 7,
+                Username = "c"
+            };
+
+            organization.Members.Add(new Membership()
+            {
+                OrganizationKey = organization.Key,
+                Organization = organization,
+                MemberKey = _currentUser.Key,
+                Member = _currentUser,
+                IsAdmin = false
+            });
+
+            var package = new Package()
+            {
+                PackageRegistration = new PackageRegistration()
+                {
+                    Owners = new List<User>() { organization }
+                },
+                Version = "1.0.0"
+            };
+
+            _securityPolicyService.Setup(
+                x => x.IsSubscribed(
+                    It.IsNotNull<User>(),
+                    It.Is<string>(s => s == ControlRequiredSignerPolicy.PolicyName)))
+                .Returns(false);
+
+            var viewModel = new ListPackageItemRequiredSignerViewModel(
+                package,
+                _currentUser,
+                _securityPolicyService.Object,
+                wasMultiFactorAuthenticated: true);
+
+            Assert.Equal("c", viewModel.RequiredSigner.Username);
+            Assert.Equal($"{organization.Username} (0 certificates)", viewModel.RequiredSigner.DisplayText);
+            Assert.Null(viewModel.RequiredSignerMessage);
+            VerifySigners(package.PackageRegistration.Owners, viewModel.AllSigners, expectAnySigner: false);
+            Assert.True(viewModel.ShowRequiredSigner);
+            Assert.False(viewModel.ShowTextBox);
+            Assert.False(viewModel.CanEditRequiredSigner);
+
+            _securityPolicyService.VerifyAll();
+        }
+
+        [Fact]
+        public void Constructor_WhenPackageHasTwoOwnersAndTheCurrentUserIsAnOwner_WhenRequiredSignerIsCurrentUser()
+        {
+            var package = new Package()
+            {
+                PackageRegistration = new PackageRegistration()
+                {
+                    Owners = new List<User>() { _currentUser, _otherUser },
+                    RequiredSigners = new HashSet<User>() { _currentUser }
+                },
+                Version = "1.0.0"
+            };
+
+            _securityPolicyService.Setup(
+                x => x.IsSubscribed(
+                    It.IsNotNull<User>(),
+                    It.Is<string>(s => s == ControlRequiredSignerPolicy.PolicyName)))
+                .Returns(false);
+
+            var viewModel = new ListPackageItemRequiredSignerViewModel(
+                package,
+                _currentUser,
+                _securityPolicyService.Object,
+                wasMultiFactorAuthenticated: true);
+
+            Assert.Equal(_currentUser.Username, viewModel.RequiredSigner.Username);
+            Assert.Equal($"{_currentUser.Username} (0 certificates)", viewModel.RequiredSigner.DisplayText);
+            Assert.Null(viewModel.RequiredSignerMessage);
+            VerifySigners(package.PackageRegistration.Owners, viewModel.AllSigners, expectAnySigner: true);
+            Assert.True(viewModel.ShowRequiredSigner);
+            Assert.False(viewModel.ShowTextBox);
+            Assert.True(viewModel.CanEditRequiredSigner);
+
+            _securityPolicyService.VerifyAll();
+        }
+
+        [Fact]
+        public void Constructor_WhenPackageHasTwoOwnersAndTheCurrentUserIsAnOwner_WhenRequiredSignerIsAnotherUser()
+        {
+            var package = new Package()
+            {
+                PackageRegistration = new PackageRegistration()
+                {
+                    Owners = new List<User>() { _currentUser, _otherUser },
+                    RequiredSigners = new HashSet<User>() { _otherUser }
+                },
+                Version = "1.0.0"
+            };
+
+            _securityPolicyService.Setup(
+                x => x.IsSubscribed(
+                    It.IsNotNull<User>(),
+                    It.Is<string>(s => s == ControlRequiredSignerPolicy.PolicyName)))
+                .Returns(false);
+
+            var viewModel = new ListPackageItemRequiredSignerViewModel(
+                package,
+                _currentUser,
+                _securityPolicyService.Object,
+                wasMultiFactorAuthenticated: true);
+
+            Assert.Equal(_otherUser.Username, viewModel.RequiredSigner.Username);
+            Assert.Equal($"{_otherUser.Username} (0 certificates)", viewModel.RequiredSigner.DisplayText);
+            Assert.Null(viewModel.RequiredSignerMessage);
+            VerifySigners(package.PackageRegistration.Owners, viewModel.AllSigners, expectAnySigner: true);
+            Assert.True(viewModel.ShowRequiredSigner);
+            Assert.False(viewModel.ShowTextBox);
+            Assert.True(viewModel.CanEditRequiredSigner);
+
+            _securityPolicyService.VerifyAll();
+        }
+
+        [Fact]
+        public void Constructor_WhenPackageHasMultipleOwners_WhenOwnersHaveVaryingCertificateCounts()
+        {
+            User currentUser = new User()
+            {
+                Key = 1,
+                Username = "a",
+                UserCertificates = new List<UserCertificate>()
+                {
+                    new UserCertificate() { Key = 1 }
+                }
+            };
+
+            User otherUser1 = new User()
+            {
+                Key = 2,
+                Username = "b"
+            };
+
+            User otherUser2 = new User()
+            {
+                Key = 3,
+                Username = "c",
+                UserCertificates = new List<UserCertificate>()
+                {
+                    new UserCertificate() { Key = 2 },
+                    new UserCertificate() { Key = 3 }
+                }
+            };
+
+            var package = new Package()
+            {
+                PackageRegistration = new PackageRegistration()
+                {
+                    Owners = new List<User>() { otherUser1, currentUser, otherUser2 },
+                    RequiredSigners = new HashSet<User>() { currentUser }
+                },
+                Version = "1.0.0"
+            };
+
+            _securityPolicyService.Setup(
+                x => x.IsSubscribed(
+                    It.IsNotNull<User>(),
+                    It.Is<string>(s => s == ControlRequiredSignerPolicy.PolicyName)))
+                .Returns(false);
+
+            var viewModel = new ListPackageItemRequiredSignerViewModel(
+                package,
+                currentUser,
+                _securityPolicyService.Object,
+                wasMultiFactorAuthenticated: true);
+
+            Assert.Equal(currentUser.Username, viewModel.RequiredSigner.Username);
+            Assert.Equal($"{currentUser.Username} (1 certificate)", viewModel.RequiredSigner.DisplayText);
+            Assert.Null(viewModel.RequiredSignerMessage);
+            VerifySigners(package.PackageRegistration.Owners, viewModel.AllSigners, expectAnySigner: true);
+            Assert.True(viewModel.ShowRequiredSigner);
+            Assert.False(viewModel.ShowTextBox);
+            Assert.True(viewModel.CanEditRequiredSigner);
+
+            _securityPolicyService.Verify();
+        }
+
+        [Fact]
+        public void Constructor_WhenPackageHasTwoOwnersAndTheCurrentUserIsAnOwner_WhenCurrentUserHasRequiredSignerControl()
+        {
+            var package = new Package()
+            {
+                PackageRegistration = new PackageRegistration()
+                {
+                    Owners = new List<User>() { _currentUser, _otherUser },
+                    RequiredSigners = new HashSet<User>() { _currentUser }
+                },
+                Version = "1.0.0"
+            };
+
+            _securityPolicyService.Setup(
+                x => x.IsSubscribed(
+                    It.Is<User>(u => u == _currentUser),
+                    It.Is<string>(s => s == ControlRequiredSignerPolicy.PolicyName)))
+                .Returns(true);
+
+            var viewModel = new ListPackageItemRequiredSignerViewModel(
+                package,
+                _currentUser,
+                _securityPolicyService.Object,
+                wasMultiFactorAuthenticated: true);
+
+            Assert.Equal(_currentUser.Username, viewModel.RequiredSigner.Username);
+            Assert.Equal($"{_currentUser.Username} (0 certificates)", viewModel.RequiredSigner.DisplayText);
+            Assert.Null(viewModel.RequiredSignerMessage);
+            VerifySigners(package.PackageRegistration.Owners, viewModel.AllSigners, expectAnySigner: true);
+            Assert.True(viewModel.ShowRequiredSigner);
+            Assert.False(viewModel.ShowTextBox);
+            Assert.True(viewModel.CanEditRequiredSigner);
+
+            _securityPolicyService.VerifyAll();
+        }
+
+        [Fact]
+        public void Constructor_WhenPackageHasTwoOwnersAndTheCurrentUserIsAnOwner_WhenCurrentUserDoesNotHaveRequiredSignerControl()
+        {
+            var package = new Package()
+            {
+                PackageRegistration = new PackageRegistration()
+                {
+                    Owners = new List<User>() { _currentUser, _otherUser },
+                    RequiredSigners = new HashSet<User>() { _otherUser }
+                },
+                Version = "1.0.0"
+            };
+
+            _securityPolicyService.Setup(
+                x => x.IsSubscribed(
+                    It.Is<User>(u => u == _currentUser),
+                    It.Is<string>(s => s == ControlRequiredSignerPolicy.PolicyName)))
+                .Returns(false);
+            _securityPolicyService.Setup(
+                x => x.IsSubscribed(
+                    It.Is<User>(u => u == _otherUser),
+                    It.Is<string>(s => s == ControlRequiredSignerPolicy.PolicyName)))
+                .Returns(true);
+
+            var viewModel = new ListPackageItemRequiredSignerViewModel(
+                package,
+                _currentUser,
+                _securityPolicyService.Object,
+                wasMultiFactorAuthenticated: true);
+
+            Assert.Equal(_otherUser.Username, viewModel.RequiredSigner.Username);
+            Assert.Equal($"{_otherUser.Username} (0 certificates)", viewModel.RequiredSigner.DisplayText);
+            Assert.Equal($"The signing owner is managed by the '{_otherUser.Username}' account.", viewModel.RequiredSignerMessage);
+            VerifySigners(new[] { _otherUser }, viewModel.AllSigners, expectAnySigner: false);
+            Assert.True(viewModel.ShowRequiredSigner);
+            Assert.False(viewModel.ShowTextBox);
+            Assert.False(viewModel.CanEditRequiredSigner);
+
+            _securityPolicyService.VerifyAll();
+        }
+
+        [Fact]
+        public void Constructor_WhenPackageHasThreeOwnersAndTheCurrentUserIsAnOwner_WhenTwoOtherOwnersHaveRequiredSignerControl()
+        {
+            var otherUser2 = new User()
+            {
+                Key = 3,
+                Username = "c"
+            };
+
+            var package = new Package()
+            {
+                PackageRegistration = new PackageRegistration()
+                {
+                    Owners = new List<User>() { _currentUser, _otherUser, otherUser2 },
+                    RequiredSigners = new HashSet<User>() { _currentUser }
+                },
+                Version = "1.0.0"
+            };
+
+            _securityPolicyService.Setup(
+                x => x.IsSubscribed(
+                    It.Is<User>(u => u == _currentUser),
+                    It.Is<string>(s => s == ControlRequiredSignerPolicy.PolicyName)))
+                .Returns(false);
+            _securityPolicyService.Setup(
+                x => x.IsSubscribed(
+                    It.Is<User>(u => u == _otherUser),
+                    It.Is<string>(s => s == ControlRequiredSignerPolicy.PolicyName)))
+                .Returns(true);
+            _securityPolicyService.Setup(
+                x => x.IsSubscribed(
+                    It.Is<User>(u => u == otherUser2),
+                    It.Is<string>(s => s == ControlRequiredSignerPolicy.PolicyName)))
+                .Returns(true);
+
+            var viewModel = new ListPackageItemRequiredSignerViewModel(
+                package,
+                _currentUser,
+                _securityPolicyService.Object,
+                wasMultiFactorAuthenticated: true);
+
+            Assert.Equal(_currentUser.Username, viewModel.RequiredSigner.Username);
+            Assert.Equal($"{_currentUser.Username} (0 certificates)", viewModel.RequiredSigner.DisplayText);
+            Assert.Equal($"The signing owner is managed by the '{_otherUser.Username}' and '{otherUser2.Username}' accounts.", viewModel.RequiredSignerMessage);
+            VerifySigners(new[] { _currentUser }, viewModel.AllSigners, expectAnySigner: false);
+            Assert.True(viewModel.ShowRequiredSigner);
+            Assert.False(viewModel.ShowTextBox);
+            Assert.False(viewModel.CanEditRequiredSigner);
+
+            _securityPolicyService.VerifyAll();
+        }
+
+        [Fact]
+        public void Constructor_WhenPackageHasFourOwnersAndTheCurrentUserIsAnOwner_WhenThreeOtherOwnersHaveRequiredSignerControl()
+        {
+            var otherUser2 = new User()
+            {
+                Key = 3,
+                Username = "c"
+            };
+
+            var otherUser3 = new User()
+            {
+                Key = 4,
+                Username = "d"
+            };
+
+            var package = new Package()
+            {
+                PackageRegistration = new PackageRegistration()
+                {
+                    Owners = new List<User>() { _currentUser, _otherUser, otherUser2, otherUser3 },
+                    RequiredSigners = new HashSet<User>() { _otherUser }
+                },
+                Version = "1.0.0"
+            };
+
+            _securityPolicyService.Setup(
+                x => x.IsSubscribed(
+                    It.Is<User>(u => u == _currentUser),
+                    It.Is<string>(s => s == ControlRequiredSignerPolicy.PolicyName)))
+                .Returns(false);
+            _securityPolicyService.Setup(
+                x => x.IsSubscribed(
+                    It.Is<User>(u => u == _otherUser),
+                    It.Is<string>(s => s == ControlRequiredSignerPolicy.PolicyName)))
+                .Returns(true);
+            _securityPolicyService.Setup(
+                x => x.IsSubscribed(
+                    It.Is<User>(u => u == otherUser2),
+                    It.Is<string>(s => s == ControlRequiredSignerPolicy.PolicyName)))
+                .Returns(true);
+            _securityPolicyService.Setup(
+                x => x.IsSubscribed(
+                    It.Is<User>(u => u == otherUser3),
+                    It.Is<string>(s => s == ControlRequiredSignerPolicy.PolicyName)))
+                .Returns(true);
+
+            var viewModel = new ListPackageItemRequiredSignerViewModel(
+                package,
+                _currentUser,
+                _securityPolicyService.Object,
+                wasMultiFactorAuthenticated: true);
+
+            Assert.Equal(_otherUser.Username, viewModel.RequiredSigner.Username);
+            Assert.Equal($"{_otherUser.Username} (0 certificates)", viewModel.RequiredSigner.DisplayText);
+            Assert.Equal($"The signing owner is managed by the '{_otherUser.Username}', '{otherUser2.Username}', and '{otherUser3.Username}' accounts.", viewModel.RequiredSignerMessage);
+            VerifySigners(new[] { _otherUser }, viewModel.AllSigners, expectAnySigner: false);
+            Assert.True(viewModel.ShowRequiredSigner);
+            Assert.False(viewModel.ShowTextBox);
+            Assert.False(viewModel.CanEditRequiredSigner);
+
+            _securityPolicyService.VerifyAll();
+        }
+
+        private static void VerifySigners(
+            IEnumerable<User> expectedSigners,
+            IEnumerable<SignerViewModel> actualSigners,
+            bool expectAnySigner)
+        {
+            var expectedSignersCount = expectedSigners.Count();
+
+            if (expectAnySigner)
+            {
+                Assert.Equal(expectedSignersCount + 1, actualSigners.Count());
+
+                var firstSigner = actualSigners.First();
+
+                Assert.Equal(string.Empty, firstSigner.Username);
+                Assert.Equal("Any", firstSigner.DisplayText);
+            }
+            else
+            {
+                Assert.Equal(expectedSignersCount, actualSigners.Count());
+            }
+
+            for (var i = 0; i < expectedSignersCount; ++i)
+            {
+                var expectedSigner = expectedSigners.ElementAt(i);
+                var actualSigner = actualSigners.ElementAt(i + (expectAnySigner ? 1 : 0));
+
+                Assert.Equal(expectedSigner.Username, actualSigner.Username);
+
+                var activeCertificatesCount = expectedSigner.UserCertificates.Count();
+                var expectedDisplayText = $"{expectedSigner.Username} ({activeCertificatesCount} certificate{(activeCertificatesCount == 1 ? "" : "s")})";
+
+                Assert.Equal(expectedDisplayText, actualSigner.DisplayText);
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/NuGetGallery.Facts/ViewModels/ListPackageItemViewModelFacts.cs b/tests/NuGetGallery.Facts/ViewModels/ListPackageItemViewModelFacts.cs
index 996f966a56..0b3603c6c7 100644
--- a/tests/NuGetGallery.Facts/ViewModels/ListPackageItemViewModelFacts.cs
+++ b/tests/NuGetGallery.Facts/ViewModels/ListPackageItemViewModelFacts.cs
@@ -285,7 +285,7 @@ public void HasSingleOwner(Package package, bool expectedResult)
             var listPackageItemViewModel = new ListPackageItemViewModel(package, currentUser: null);
 
             // Act + Assert
-            Assert.Equal(expectedResult, listPackageItemViewModel.HasSingleOwner);
+            Assert.Equal(expectedResult, listPackageItemViewModel.HasSingleUserOwner);
         }
 
         public static IEnumerable<object[]> HasSingleOwner_Input
@@ -306,7 +306,7 @@ public static IEnumerable<object[]> HasSingleOwner_Input
 
                 var packageRegistration2 = CreatePackageRegistration(2);
                 packageRegistration2.Owners.Add(new User() { Username = "user2.1", Key = 1 });
-                packageRegistration2.Owners.Add(new User() { Username = "user2.2", Key = 2});
+                packageRegistration2.Owners.Add(new User() { Username = "user2.2", Key = 2 });
                 var result2 = false;
                 result.Add(new object[] { new Package() { Key = 2, Version = "1.0.0", PackageRegistration = packageRegistration2, Description = description }, result2 });
 
@@ -324,17 +324,19 @@ public static IEnumerable<object[]> HasSingleOwner_Input
                 // A single organization with one owner
                 var packageRegistration5 = CreatePackageRegistration(5);
                 var user51 = new User() { Username = "user5.1", Key = 51 };
-                packageRegistration5.Owners.Add(new Organization() {
-                                                        Username = "userOrg5",
-                                                        Key = 50,
-                                                        Members = new List<Membership>
+                packageRegistration5.Owners.Add(new Organization()
+                {
+                    Username = "userOrg5",
+                    Key = 50,
+                    Members = new List<Membership>
                                                         {
                                                             new Membership(){
                                                                 Member = user51,
                                                                 MemberKey = user51.Key,
                                                                 OrganizationKey = 50
                                                             }
-                                                        } });
+                                                        }
+                });
                 var result5 = true;
                 result.Add(new object[] { new Package() { Key = 5, Version = "1.0.0", PackageRegistration = packageRegistration5, Description = description }, result5 });
 
@@ -345,7 +347,7 @@ public static IEnumerable<object[]> HasSingleOwner_Input
                 {
                     Username = "userOrg6",
                     Key = 60,
-                    Members = new List<Membership>{new Membership(){Member = user61, MemberKey = user61.Key, OrganizationKey = 60}}
+                    Members = new List<Membership> { new Membership() { Member = user61, MemberKey = user61.Key, OrganizationKey = 60 } }
                 });
                 packageRegistration6.Owners.Add(user61);
                 var result6 = true;
@@ -372,13 +374,13 @@ public static IEnumerable<object[]> HasSingleOwner_Input
                 {
                     Username = "userOrg81",
                     Key = 801,
-                    Members = new List<Membership>{new Membership(){Member = user81, MemberKey = user81.Key, OrganizationKey = 801}}
+                    Members = new List<Membership> { new Membership() { Member = user81, MemberKey = user81.Key, OrganizationKey = 801 } }
                 });
                 packageRegistration8.Owners.Add(new Organization()
                 {
                     Username = "userOrg82",
                     Key = 802,
-                    Members = new List<Membership>{new Membership(){Member = user81, MemberKey = user81.Key, OrganizationKey = 802}}
+                    Members = new List<Membership> { new Membership() { Member = user81, MemberKey = user81.Key, OrganizationKey = 802 } }
                 });
                 var result8 = true;
                 result.Add(new object[] { new Package() { Key = 8, Version = "1.0.0", PackageRegistration = packageRegistration8, Description = description }, result8 });
@@ -390,13 +392,13 @@ public static IEnumerable<object[]> HasSingleOwner_Input
                 {
                     Username = "org9Child",
                     Key = 902,
-                    Members = new List<Membership>{new Membership(){Member = user91, MemberKey = user91.Key, OrganizationKey = 902}}
+                    Members = new List<Membership> { new Membership() { Member = user91, MemberKey = user91.Key, OrganizationKey = 902 } }
                 };
                 packageRegistration9.Owners.Add(new Organization()
                 {
                     Username = "userOrgParent",
                     Key = 901,
-                    Members = new List<Membership>{new Membership(){Member = org91, MemberKey = org91.Key, OrganizationKey = 901}}
+                    Members = new List<Membership> { new Membership() { Member = org91, MemberKey = org91.Key, OrganizationKey = 901 } }
                 });
                 var result9 = true;
                 result.Add(new object[] { new Package() { Key = 9, Version = "1.0.0", PackageRegistration = packageRegistration9, Description = description }, result9 });
@@ -408,13 +410,13 @@ public static IEnumerable<object[]> HasSingleOwner_Input
                 {
                     Username = "org101Child",
                     Key = 1002,
-                    Members = new List<Membership>{new Membership(){Member = user101, MemberKey = user101.Key, OrganizationKey = 1002}}
+                    Members = new List<Membership> { new Membership() { Member = user101, MemberKey = user101.Key, OrganizationKey = 1002 } }
                 };
                 packageRegistration10.Owners.Add(new Organization()
                 {
                     Username = "userOrgParent",
                     Key = 1001,
-                    Members = new List<Membership>{new Membership(){Member = org101, MemberKey = org101.Key, OrganizationKey = 1001}}
+                    Members = new List<Membership> { new Membership() { Member = org101, MemberKey = org101.Key, OrganizationKey = 1001 } }
                 });
                 packageRegistration10.Owners.Add(user101);
                 var result10 = true;
@@ -428,13 +430,13 @@ public static IEnumerable<object[]> HasSingleOwner_Input
                 {
                     Username = "org111Child",
                     Key = 1102,
-                    Members = new List<Membership>{new Membership(){Member = user111, MemberKey = user111.Key, OrganizationKey = 1102}}
+                    Members = new List<Membership> { new Membership() { Member = user111, MemberKey = user111.Key, OrganizationKey = 1102 } }
                 };
                 packageRegistration11.Owners.Add(new Organization()
                 {
                     Username = "userOrgParent",
                     Key = 1101,
-                    Members = new List<Membership>{new Membership(){Member = org111, MemberKey = org111.Key, OrganizationKey = 1101}}
+                    Members = new List<Membership> { new Membership() { Member = org111, MemberKey = org111.Key, OrganizationKey = 1101 } }
                 });
                 packageRegistration11.Owners.Add(user112);
                 var result11 = false;
@@ -444,9 +446,162 @@ public static IEnumerable<object[]> HasSingleOwner_Input
             }
         }
 
+
+        public class SignerInformation
+        {
+            private readonly User _user1;
+            private readonly User _user2;
+            private readonly User _user3;
+            private readonly Certificate _certificate;
+            private readonly PackageRegistration _packageRegistration;
+            private readonly Package _package;
+
+            public SignerInformation()
+            {
+                _user1 = new User()
+                {
+                    Key = 1,
+                    Username = "A"
+                };
+                _user2 = new User()
+                {
+                    Key = 2,
+                    Username = "B"
+                };
+                _user3 = new User()
+                {
+                    Key = 3,
+                    Username = "C"
+                };
+
+                _certificate = new Certificate()
+                {
+                    Key = 4,
+                    Thumbprint = "D",
+                    Sha1Thumbprint = "E"
+                };
+
+                _packageRegistration = new PackageRegistration()
+                {
+                    Key = 5,
+                    Id = "F"
+                };
+
+                _package = new Package()
+                {
+                    Key = 6,
+                    Version = "1.0.0",
+                    PackageRegistration = _packageRegistration
+                };
+
+                _packageRegistration.Packages.Add(_package);
+            }
+
+            [Fact]
+            public void WhenCannotDisplayPrivateMetadata_ReturnsNull()
+            {
+                var viewModel = new ListPackageItemViewModel(_package, _user1);
+
+                Assert.False(viewModel.CanDisplayPrivateMetadata);
+                Assert.Null(viewModel.SignatureInformation);
+            }
+
+            [Fact]
+            public void WhenPackageCertificateIsNull_ReturnsNull()
+            {
+                _packageRegistration.Owners.Add(_user1);
+
+                var viewModel = new ListPackageItemViewModel(_package, _user1);
+
+                Assert.True(viewModel.CanDisplayPrivateMetadata);
+                Assert.Null(viewModel.SignatureInformation);
+            }
+
+            [Fact]
+            public void WhenPackageCertificateIsNotNullAndNoOwners_ReturnsString()
+            {
+                SignPackage();
+
+                var viewModel = new ListPackageItemViewModel(_package, _user1);
+
+                viewModel.CanDisplayPrivateMetadata = true;
+
+                Assert.Equal("Signed with certificate (E)", viewModel.SignatureInformation);
+            }
+
+            [Fact]
+            public void WhenPackageCertificateIsNotNullAndOneSigner_ReturnsString()
+            {
+                _packageRegistration.Owners.Add(_user1);
+
+                ActivateCertificate(_user1);
+                SignPackage();
+
+                var viewModel = new ListPackageItemViewModel(_package, _user1);
+
+                Assert.True(viewModel.CanDisplayPrivateMetadata);
+                Assert.Equal("Signed with A's certificate (E)", viewModel.SignatureInformation);
+            }
+
+            [Fact]
+            public void WhenPackageCertificateIsNotNullAndTwoSigners_ReturnsString()
+            {
+                _packageRegistration.Owners.Add(_user1);
+                _packageRegistration.Owners.Add(_user2);
+
+                ActivateCertificate(_user1);
+                ActivateCertificate(_user2);
+                SignPackage();
+
+                var viewModel = new ListPackageItemViewModel(_package, _user1);
+
+                Assert.True(viewModel.CanDisplayPrivateMetadata);
+                Assert.Equal("Signed with A and B's certificate (E)", viewModel.SignatureInformation);
+            }
+
+            [Fact]
+            public void WhenPackageCertificateIsNotNullAndThreeSigners_ReturnsString()
+            {
+                _packageRegistration.Owners.Add(_user1);
+                _packageRegistration.Owners.Add(_user2);
+                _packageRegistration.Owners.Add(_user3);
+
+                ActivateCertificate(_user1);
+                ActivateCertificate(_user2);
+                ActivateCertificate(_user3);
+                SignPackage();
+
+                var viewModel = new ListPackageItemViewModel(_package, _user1);
+
+                Assert.True(viewModel.CanDisplayPrivateMetadata);
+                Assert.Equal("Signed with A, B, and C's certificate (E)", viewModel.SignatureInformation);
+            }
+
+            private void ActivateCertificate(User user)
+            {
+                var userCertificate = new UserCertificate()
+                {
+                    Key = _certificate.UserCertificates.Count() + 1,
+                    UserKey = user.Key,
+                    User = user,
+                    CertificateKey = _certificate.Key,
+                    Certificate = _certificate
+                };
+
+                _certificate.UserCertificates.Add(userCertificate);
+                user.UserCertificates.Add(userCertificate);
+            }
+
+            private void SignPackage()
+            {
+                _package.CertificateKey = _certificate.Key;
+                _package.Certificate = _certificate;
+            }
+        }
+
         static PackageRegistration CreatePackageRegistration(int key)
         {
             return new PackageRegistration() { Key = 1, Id = $"regKey{key}" };
         }
     }
-}
+}
\ No newline at end of file
diff --git a/tests/NuGetGallery.Facts/ViewModels/SignerViewModelFacts.cs b/tests/NuGetGallery.Facts/ViewModels/SignerViewModelFacts.cs
new file mode 100644
index 0000000000..e62c877915
--- /dev/null
+++ b/tests/NuGetGallery.Facts/ViewModels/SignerViewModelFacts.cs
@@ -0,0 +1,22 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Xunit;
+
+namespace NuGetGallery.ViewModels
+{
+    public class SignerViewModelFacts
+    {
+        [Theory]
+        [InlineData("a", "b", true)]
+        [InlineData(null, null, null)]
+        public void Constructor_InitializesProperties(string username, string displayText, bool? hasCertificate)
+        {
+            var viewModel = new SignerViewModel(username, displayText, hasCertificate);
+
+            Assert.Equal(username, viewModel.Username);
+            Assert.Equal(displayText, viewModel.DisplayText);
+            Assert.Equal(hasCertificate, viewModel.HasCertificate);
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/NuGetGallery.Facts/Views/Packages/ValidationIssueFacts.cs b/tests/NuGetGallery.Facts/Views/Packages/ValidationIssueFacts.cs
index cd9f8429ae..1ead263480 100644
--- a/tests/NuGetGallery.Facts/Views/Packages/ValidationIssueFacts.cs
+++ b/tests/NuGetGallery.Facts/Views/Packages/ValidationIssueFacts.cs
@@ -100,6 +100,9 @@ public static IEnumerable<ValidationIssue> KnownValidationIssues
                 yield return ValidationIssue.OnlyAuthorSignaturesSupported;
                 yield return ValidationIssue.AuthorAndRepositoryCounterSignaturesNotSupported;
                 yield return ValidationIssue.OnlySignatureFormatVersion1Supported;
+                yield return ValidationIssue.AuthorCounterSignaturesNotSupported;
+                yield return ValidationIssue.PackageIsNotSigned;
+                yield return new UnauthorizedCertificateFailure("thumbprint");
             }
         }
 
diff --git a/tests/NuGetGallery.Facts/packages.config b/tests/NuGetGallery.Facts/packages.config
index b90ceb95eb..62ed2dd277 100644
--- a/tests/NuGetGallery.Facts/packages.config
+++ b/tests/NuGetGallery.Facts/packages.config
@@ -45,11 +45,11 @@
   <package id="NuGet.Packaging" version="4.3.0-preview1-2524" targetFramework="net46" />
   <package id="NuGet.Packaging.Core" version="4.3.0-preview1-2524" targetFramework="net46" />
   <package id="NuGet.Protocol" version="4.3.0-preview1-2524" targetFramework="net46" />
-  <package id="NuGet.Services.Contracts" version="2.10.0" targetFramework="net46" />
+  <package id="NuGet.Services.Contracts" version="2.25.0-master-30191" targetFramework="net46" />
   <package id="NuGet.Services.KeyVault" version="1.0.0.0" targetFramework="net46" />
-  <package id="NuGet.Services.ServiceBus" version="2.10.0" targetFramework="net46" />
-  <package id="NuGet.Services.Validation" version="2.10.0" targetFramework="net46" />
-  <package id="NuGet.Services.Validation.Issues" version="2.10.0" targetFramework="net46" />
+  <package id="NuGet.Services.ServiceBus" version="2.25.0-master-30191" targetFramework="net46" />
+  <package id="NuGet.Services.Validation" version="2.25.0-master-30191" targetFramework="net46" />
+  <package id="NuGet.Services.Validation.Issues" version="2.25.0-master-30191" targetFramework="net46" />
   <package id="NuGet.Versioning" version="4.3.0-preview1-2524" targetFramework="net46" />
   <package id="Owin" version="1.0" targetFramework="net46" />
   <package id="PoliteCaptcha" version="0.4.0.1" targetFramework="net46" />
@@ -63,7 +63,6 @@
   <package id="System.Globalization" version="4.0.11" targetFramework="net46" />
   <package id="System.IO" version="4.1.0" targetFramework="net46" />
   <package id="System.Linq" version="4.1.0" targetFramework="net46" />
-  <package id="System.Net.Http" version="4.3.0-beta-24431-01" targetFramework="net46" />
   <package id="System.Net.Primitives" version="4.0.11" targetFramework="net46" />
   <package id="System.Reflection" version="4.1.0" targetFramework="net46" />
   <package id="System.Reflection.Extensions" version="4.0.1" targetFramework="net46" />