// The OpenIdConnect.<AuthenticateCoreAsync> throws OpenIdConnectProtocolException upon denial of access permissions by the user,
// this could result in an internal server error, catch this exception and continue to the controller where appropriate
// error handling is done.
private Task AuthenticationFailed(AuthenticationFailedNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
{
// For every 'Challenge' sent to the external providers, we pass the 'State'
// with the redirect uri where we intend to return after successful authentication.
// Extract this "RedirectUri" property from this "State" object for redirecting on failed authentication as well.
var authenticationProperties = GetAuthenticationPropertiesFromProtocolMessage(notification.ProtocolMessage, notification.Options);
// All authentication related exceptions will be handled.
notification.HandleResponse();
// Pass the errors as the query string to show appropriate message to the user.
var queryString = new List <KeyValuePair <string, string> >()
{
new KeyValuePair <string, string>(ErrorQueryKeys.Error, notification.ProtocolMessage.Error),
new KeyValuePair <string, string>(ErrorQueryKeys.ErrorDescription, notification.ProtocolMessage.ErrorDescription)
};
var redirectUri = UriExtensions.AppendQueryStringToRelativeUri(authenticationProperties.RedirectUri, queryString);
notification.Response.Redirect(redirectUri);
return(Task.FromResult(0));
}