diff --git a/src/Microsoft.AspNet.Identity/IdentityServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Identity/IdentityServiceCollectionExtensions.cs
index 7aaceee581..bcbfbec92e 100644
--- a/src/Microsoft.AspNet.Identity/IdentityServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Identity/IdentityServiceCollectionExtensions.cs
@@ -101,8 +101,9 @@ namespace Microsoft.Framework.DependencyInjection
                     new DataProtectionTokenProviderOptions
                     {
                         Name = Resources.DefaultTokenProvider,
-                    }, 
-                    DataProtectionProvider.CreateFromDpapi().CreateProtector("ASP.NET Identity")))
+                    },
+                    // TODO: This needs to get IDataProtectionProvider from the environment 
+                    new EphemeralDataProtectionProvider().CreateProtector("ASP.NET Identity")))
                 .AddTokenProvider(new PhoneNumberTokenProvider<TUser>())
                 .AddTokenProvider(new EmailTokenProvider<TUser>());
         }
diff --git a/src/Microsoft.AspNet.Identity/project.json b/src/Microsoft.AspNet.Identity/project.json
index 41da118df4..03f3dc3034 100644
--- a/src/Microsoft.AspNet.Identity/project.json
+++ b/src/Microsoft.AspNet.Identity/project.json
@@ -3,7 +3,8 @@
   "dependencies": {
     "Microsoft.AspNet.Http" : "1.0.0-*",
     "Microsoft.AspNet.Security" : "1.0.0-*",
-    "Microsoft.AspNet.Security.Cookies" : "1.0.0-*",
+    "Microsoft.AspNet.Security.Cookies": "1.0.0-*",
+    "Microsoft.AspNet.Security.DataProtection": "1.0.0-*",
     "Microsoft.Framework.ConfigurationModel": "1.0.0-*",
     "Microsoft.Framework.DependencyInjection" : "1.0.0-*",
     "Microsoft.Framework.OptionsModel": "1.0.0-*",
diff --git a/test/Shared/UserManagerTestBase.cs b/test/Shared/UserManagerTestBase.cs
index 10a0672338..c05a09d3f5 100644
--- a/test/Shared/UserManagerTestBase.cs
+++ b/test/Shared/UserManagerTestBase.cs
@@ -552,7 +552,7 @@ namespace Microsoft.AspNet.Identity.Test
         {
             var manager = CreateManager();
             manager.RegisterTokenProvider(new DataProtectorTokenProvider<TUser>(new DataProtectionTokenProviderOptions(),
-                   DataProtectionProvider.CreateFromDpapi().CreateProtector("ASP.NET Identity")));
+                   new EphemeralDataProtectionProvider().CreateProtector("ASP.NET Identity")));
             manager.Options.EmailConfirmationTokenProvider = "DataProtection";
             var user = new TUser() { UserName = "test" };
             Assert.False(user.EmailConfirmed);