public override void WriteResponse(TokenResponse tokenResponse) { //todo: need to write the WWW-Authenticate Header when authorization fails Destination.TrySkipIisCustomErrors = true; // skip iis errors Destination.AddHeader("Cache-Control", "no-store"); Destination.ContentType = tokenResponse.ContentType; Destination.StatusCode = tokenResponse.HttpStatusCode; Destination.Write(tokenResponse.Body); }