Redirect user after authentication with OpenIdConnect in ASP.Net MVC

user3731783 picture user3731783 · Sep 9, 2015 · Viewed 8.5k times · Source

I am using OpenIdConnect provider with Owin/Katana for authentication in my asp.net mvc application. OpenIdConnect Provide authenticates users against Active Directory. I wanted to do a simple authorization check once the user is authenticated and redirect the user to another view.

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions()
        {
            Authority = "url",
            Scope="scopes",
            ResponseType = "response",
            ClientId = "clientid",
            SignInAsAuthenticationType = "Cookies",
            Notifications = new OpenIdConnectAuthenticationNotifications()
            {
                SecurityTokenValidated = (context) =>
                {
                    var identity = context.AuthenticationTicket.Identity;
                    var emailClaim = identity.Claims.Where(r => r.Type == ClaimTypes.Email).FirstOrDefault();

                    var user = dbContext.Users.Where(u=>u.Email==emailClaim.Value);
                    if (user != null)
                    {
                        //add user information to claims.
                        identity.AddClaim(new Claim(CustomClaimTypes.PersonId, user.Name.ToString()));
                    }
                    else
                    {
                        //redirect to a page 
                    }

                    return Task.FromResult(0);
                }
             }
        });

How can I redirect the user if he is not in my database.

Answer

majita picture majita · Jan 18, 2016

To add to the accepted answer in case someone battles with this like I did. I found that the following options worked for me -

Option 1

//redirect to a page 
context.AuthenticationTicket.Properties.RedirectUri = "Url";

Option 2

//redirect to a page      
context.HandleResponse();
context.Response.Redirect("/Error?message=" + context.Exception.Message);

Be aware that the second option caused my HttpContext.User.Identity to be null. I suppose because HandlResponse discontinues all processing. Still useful if that is not a concern.