It appears that whenever this code executes, it forces a redirect of the user to the login page:
request.GetOwinContext().Authentication.Challenge("OpenIdConnect");
I have tried adding this line before it based on some comments I saw in another thread, but it didn't work:
HttpContext.Current.Response.SuppressFormsAuthenticationRedirect = true;
I also tried setting this within the OpenIDConnectAuthenticationNotifications options, but it returns an error of "login_required".
notification.ProtocolMessage.SetParameter("prompt", "none");
The use case is when a user has previously logged into another application that utilized our SSO (Application A), and then navigates over to another application (Application B), App B has a landing page that doesn't require the user to login. App B's landing page though, has an icon on the top of the page showing if the user is logged in or not and presents them with the option to login or view their profile (if they're logged in). Thus, the landing page should know if the user is logged in or not by making the challenge, BUT if they are not logged in, it shouldn't redirect them to the login page after making the challenge.
Is there a way to prevent this forced redirection when utilizing the following? I feel like I'm on the right track with prompt=none, I'm just unsure how and where to handle the error. request.GetOwinContext().Authentication.Challenge("OpenIdConnect");
Thanks!
