a question about this articlle:
http://www.asp.net/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on
forgive me if i didn't understood all,
you metion this:
Security Note: Never store sensitive data in your source code. The account and credentials are added to the code above to keep the sample simple. See Best practices for deploying passwords and other sensitive data to ASP.NET and Azure App Service.
(step number: 7 )
but all the app id and secret keys are stored in cs file and not webconfig file
(the link you entered is talking about webconfig)
thanks