Gracefully handling "Cancel" button on Windows Authentication in MVC

Question

Here is my problem:

I have an intranet application which utilizes Windows Authentication.

Users can access a public area and then there is an elevated area.

In order to provide custom authorization handling, I created this authorization attribute:

protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        base.HandleUnauthorizedRequest(filterContext);

        if (filterContext.HttpContext.User.Identity.IsAuthenticated)
        {
            filterContext.Result = new RedirectResult("Error/Unauthorized");
        }
    }

That's straight forward and works if a user inputs invalid credentials.

However, if a user clicks cancel, it instead goes to the standard 401 page.

I have tried adding in

if (!filterContext.HttpContext.User.Identity.IsAuthenticated)

However, this won't allow a user to enter any credentials and just performs the redirect.

My question is: how do I handle the clicking of the "cancel" button for the Windows Authentication gracefully?

Possible duplicate of [How do I serve up an Unauthorized page when a user is not in the Authorized Roles?](https://stackoverflow.com/q/2322366/11683) — GSerg, Aug 29 '17 at 18:13
@GSerg while that question is helpful, it only addresses the issue of Unauthorized users. I am looking how to redirect Unauthenticated users. :) — Gary.Taylor717, Aug 29 '17 at 19:11

Gracefully handling "Cancel" button on Windows Authentication in MVC

0 Answers0