Using OWIN for Azure allowing Anonymouse Users

I have a site that can authenticate with Active Directory Federated Services for Single Sign On. Currently, the way my site works is that, by default, when a user hits my site, my code attempts to log then into SSO (I use the OWIN library for this). If the user is not on our network, it fails to authenticate, and they are redirected to my companies login page, where they can provide their company credentials.

I would like to change this behavior, though. Instead, when the user hits my page, if they authenticate, it should continue as normal and they should be redirected to my site. But, if they do not authenticate, I do not want them redirected to our login page. instead, I want them to be redirected back to my site, where my code will determine what they can and cannot do on the site. I then would want to provide a link, so that they could decide to go to the login page.

I want this behavior because the majority of users of this site will not be a part of the companies network and will not be able to authenticate. SO, they should, by default, just see our home page. But, there may be times when a company member might be working from home, so wont be on our network to auto authenticate. In this case, they would then use the link that sends them to the Azure login page.

Here is the code that I am currently using (site is, form web page (not MVC)):


 Partial Public Class Startup
Dim appSettings = ConfigurationManager.AppSettings
Private realm As String
Private aadInstance As String
Private tenant As String
Private metadata As String
Private authority As String

Public Sub ConfigureAuth(app As IAppBuilder)
            Dim appSettings = ConfigurationManager.AppSettings
            realm = ConfigurationManager.AppSettings("ida:RPIdentifier")
            aadInstance = ConfigurationManager.AppSettings("ida:AADInstance")
            tenant = ConfigurationManager.AppSettings("ida:Tenant")
           metadata = String.Format("{0}/FederationMetadata/2007-06/FederationMetadata.xml", aadInstance)
          authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant)            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType)
        app.UseCookieAuthentication(New CookieAuthenticationOptions())
        Dim authOption As WsFederationAuthenticationOptions = New WsFederationAuthenticationOptions()

         Dim fn = Function(context)
                     context.Response.Redirect("Home/Error?message=" + context.Exception.Message)
                     Return Task.FromResult(0)
                 End Function

        Dim auth_not As WsFederationAuthenticationNotifications = New WsFederationAuthenticationNotifications() With {
                .AuthenticationFailed = fn

        Dim auth_opt As WsFederationAuthenticationOptions = New WsFederationAuthenticationOptions() With {
             .Wtrealm = realm,
             .MetadataAddress = metadata,
             .Notifications = auth_not
        If (Not auth_opt.Wtrealm Is Nothing) Then

        End If

    Catch ex As Exception
        Throw ex
    End Try
End Sub

End Class

Does anyone have experience with this? Can it be done?

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?