public override async Task ProcessRequestAsync(HttpContext context) { this.Context = context; //if user is already authenticated, LogonUserIdentity will be holding the current application pool identity. //to overcome this: //1. save userId to session. //2. log user off. //3. request challenge. //4. log user in. if (context.User.Identity.IsAuthenticated) { this.SaveUserIdToSession(context.User.Identity.GetUserId()); await WinLogoffAsync(context); context.RequestChallenge(); } else if (!context.Request.LogonUserIdentity.IsAuthenticated) { context.RequestChallenge(); } else { // true: user is trying to link windows login to an existing account if (this.SessionHasUserId()) { var userId = this.ReadUserIdFromSession(); this.SaveUserIdToContext(userId); await WinLinkLoginAsync(context); } else // normal login. await WinLoginAsync(context); } }