private static Task OnMessageReceived(Microsoft.Owin.Security.Notifications.MessageReceivedNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification) { if (notification.ProtocolMessage.State != null) { string mycustomparameter; var protectedState = notification.ProtocolMessage.State.Split('=')[1]; var state = notification.Options.StateDataFormat.Unprotect(protectedState); state.Dictionary.TryGetValue("mycustomparameter", out mycustomparameter); if (UtilityFunctions.Decrypt(mycustomparameter) != "myvalue") { throw new System.IdentityModel.Tokens.SecurityTokenInvalidIssuerException(); } } return(Task.FromResult(0)); }