diff --git a/src/Microsoft.AspNet.Identity/BuilderExtensions.cs b/src/Microsoft.AspNet.Identity/BuilderExtensions.cs
index f7931f356a..2f5159da32 100644
--- a/src/Microsoft.AspNet.Identity/BuilderExtensions.cs
+++ b/src/Microsoft.AspNet.Identity/BuilderExtensions.cs
@@ -4,6 +4,7 @@
 using System;
 
 using Microsoft.AspNet.Identity;
+using Microsoft.Framework.DependencyInjection;
 
 namespace Microsoft.AspNet.Builder
 {
@@ -23,6 +24,13 @@ namespace Microsoft.AspNet.Builder
             {
                 throw new ArgumentNullException(nameof(app));
             }
+
+            var marker = app.ApplicationServices.GetService<IdentityMarkerService>();
+            if (marker == null)
+            {
+                throw new InvalidOperationException(Resources.MustCallAddIdentity);
+            }
+
             app.UseCookieAuthentication(null, IdentityOptions.ExternalCookieAuthenticationScheme);
             app.UseCookieAuthentication(null, IdentityOptions.TwoFactorRememberMeCookieAuthenticationScheme);
             app.UseCookieAuthentication(null, IdentityOptions.TwoFactorUserIdCookieAuthenticationScheme);
diff --git a/src/Microsoft.AspNet.Identity/IdentityMarkerService.cs b/src/Microsoft.AspNet.Identity/IdentityMarkerService.cs
new file mode 100644
index 0000000000..27bc77fc93
--- /dev/null
+++ b/src/Microsoft.AspNet.Identity/IdentityMarkerService.cs
@@ -0,0 +1,10 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Identity
+{
+    /// <summary>
+    /// Used to verify AddIdentity was called on a ServiceCollection
+    /// </summary>
+    public class IdentityMarkerService { }
+}
\ No newline at end of file
diff --git a/src/Microsoft.AspNet.Identity/IdentityServiceCollectionExtensions.cs b/src/Microsoft.AspNet.Identity/IdentityServiceCollectionExtensions.cs
index c3f60840e2..303144b717 100644
--- a/src/Microsoft.AspNet.Identity/IdentityServiceCollectionExtensions.cs
+++ b/src/Microsoft.AspNet.Identity/IdentityServiceCollectionExtensions.cs
@@ -83,18 +83,19 @@ namespace Microsoft.Framework.DependencyInjection
             services.AddAuthentication();
 
             // Identity services
-            services.TryAdd(ServiceDescriptor.Scoped<IUserValidator<TUser>, UserValidator<TUser>>());
-            services.TryAdd(ServiceDescriptor.Scoped<IPasswordValidator<TUser>, PasswordValidator<TUser>>());
-            services.TryAdd(ServiceDescriptor.Scoped<IPasswordHasher<TUser>, PasswordHasher<TUser>>());
-            services.TryAdd(ServiceDescriptor.Scoped<ILookupNormalizer, UpperInvariantLookupNormalizer>());
-            services.TryAdd(ServiceDescriptor.Scoped<IRoleValidator<TRole>, RoleValidator<TRole>>());
+            services.TryAddSingleton<IdentityMarkerService>();
+            services.TryAddScoped<IUserValidator<TUser>, UserValidator<TUser>>();
+            services.TryAddScoped<IPasswordValidator<TUser>, PasswordValidator<TUser>>();
+            services.TryAddScoped<IPasswordHasher<TUser>, PasswordHasher<TUser>>();
+            services.TryAddScoped<ILookupNormalizer, UpperInvariantLookupNormalizer>();
+            services.TryAddScoped<IRoleValidator<TRole>, RoleValidator<TRole>>();
             // No interface for the error describer so we can add errors without rev'ing the interface
-            services.TryAdd(ServiceDescriptor.Scoped<IdentityErrorDescriber, IdentityErrorDescriber>());
-            services.TryAdd(ServiceDescriptor.Scoped<ISecurityStampValidator, SecurityStampValidator<TUser>>());
-            services.TryAdd(ServiceDescriptor.Scoped<IUserClaimsPrincipalFactory<TUser>, UserClaimsPrincipalFactory<TUser, TRole>>());
-            services.TryAdd(ServiceDescriptor.Scoped<UserManager<TUser>, UserManager<TUser>>());
-            services.TryAdd(ServiceDescriptor.Scoped<SignInManager<TUser>, SignInManager<TUser>>());
-            services.TryAdd(ServiceDescriptor.Scoped<RoleManager<TRole>, RoleManager<TRole>>());
+            services.TryAddScoped<IdentityErrorDescriber>();
+            services.TryAddScoped<ISecurityStampValidator, SecurityStampValidator<TUser>>();
+            services.TryAddScoped<IUserClaimsPrincipalFactory<TUser>, UserClaimsPrincipalFactory<TUser, TRole>>();
+            services.TryAddScoped<UserManager<TUser>, UserManager<TUser>>();
+            services.TryAddScoped<SignInManager<TUser>, SignInManager<TUser>>();
+            services.TryAddScoped<RoleManager<TRole>, RoleManager<TRole>>();
 
             if (setupAction != null)
             {
diff --git a/src/Microsoft.AspNet.Identity/Properties/Resources.Designer.cs b/src/Microsoft.AspNet.Identity/Properties/Resources.Designer.cs
index 85ec23501c..5319301867 100644
--- a/src/Microsoft.AspNet.Identity/Properties/Resources.Designer.cs
+++ b/src/Microsoft.AspNet.Identity/Properties/Resources.Designer.cs
@@ -218,6 +218,22 @@ namespace Microsoft.AspNet.Identity
             return GetString("LoginAlreadyAssociated");
         }
 
+        /// <summary>
+        /// AddIdentity must be called on the service collection.
+        /// </summary>
+        internal static string MustCallAddIdentity
+        {
+            get { return GetString("MustCallAddIdentity"); }
+        }
+
+        /// <summary>
+        /// AddIdentity must be called on the service collection.
+        /// </summary>
+        internal static string FormatMustCallAddIdentity()
+        {
+            return GetString("MustCallAddIdentity");
+        }
+
         /// <summary>
         /// No IUserTokenProvider named '{0}' is registered.
         /// </summary>
diff --git a/src/Microsoft.AspNet.Identity/Resources.resx b/src/Microsoft.AspNet.Identity/Resources.resx
index 558724645a..a630c32faa 100644
--- a/src/Microsoft.AspNet.Identity/Resources.resx
+++ b/src/Microsoft.AspNet.Identity/Resources.resx
@@ -169,6 +169,10 @@
     <value>A user with this login already exists.</value>
     <comment>Error when a login already linked</comment>
   </data>
+  <data name="MustCallAddIdentity" xml:space="preserve">
+    <value>AddIdentity must be called on the service collection.</value>
+    <comment>Error when AddIdentity is not called</comment>
+  </data>
   <data name="NoTokenProvider" xml:space="preserve">
     <value>No IUserTokenProvider named '{0}' is registered.</value>
     <comment>Error when there is no IUserTokenProvider</comment>
diff --git a/test/Microsoft.AspNet.Identity.InMemory.Test/FunctionalTest.cs b/test/Microsoft.AspNet.Identity.InMemory.Test/FunctionalTest.cs
index fd53910d12..58ab902a35 100644
--- a/test/Microsoft.AspNet.Identity.InMemory.Test/FunctionalTest.cs
+++ b/test/Microsoft.AspNet.Identity.InMemory.Test/FunctionalTest.cs
@@ -27,6 +27,12 @@ namespace Microsoft.AspNet.Identity.InMemory
     {
         const string TestPassword = "1qaz!QAZ";
 
+        [Fact]
+        public void UseIdentityThrowsWithoutAddIdentity()
+        {
+            Assert.Throws<InvalidOperationException>(() => TestServer.Create(app => app.UseIdentity()));
+        }
+
         [Fact]
         public async Task CanChangePasswordOptions()
         {