public async Task <IActionResult> Index() { // If the user has not stepped up, then execute the "b2c_1a_step_up" policy. if (User.Identity.GetPolicy() != Constants.PolicyIds.StepUp) { var authenticationProperties = new AuthenticationProperties(); authenticationProperties.Items[Constants.AuthenticationPropertiesKeys.DomainHint] = User.Identity.GetIdentityProvider(); authenticationProperties.RedirectUri = Url.Action("Index", "Billing"); await HttpContext.Authentication.ChallengeAsync(Constants.PolicyIds.StepUp, authenticationProperties, ChallengeBehavior.Unauthorized); return(new EmptyResult()); } var accessToken = await GetAccessTokenAsync(); var orders = await _billingService.GetOrdersAsync(accessToken); var viewModel = new IndexViewModel { Orders = orders }; return(View(viewModel)); }