@@ -53,6 +53,16 @@ private async Task<RemoteAppAuthenticationResult> GetRemoteAppAuthenticationResu
5353 await processor . ProcessAsync ( _remoteAppAuthResult , Context ) ;
5454 }
5555
56+ // Different authentication schemes may challenge in different ways in the remote
57+ // app, so make a best effort to forward the effects of these challenges by forwarding
58+ // configured headers (like Location, perhaps). Additionally, the act of authentication may
59+ // reissue an authentication cookie, for example, so headers (i.e. Set-Cookie) will need
60+ // to be propagated for authenticate calls too.
61+ foreach ( var header in _remoteAppAuthResult . ResponseHeaders )
62+ {
63+ Context . Response . Headers . Append ( header . Key , header . Value ) ;
64+ }
65+
5666 if ( _remoteAppAuthResult . StatusCode == 400 )
5767 {
5868 LogInvalidApiKey ( ) ;
@@ -84,15 +94,8 @@ protected override async Task HandleChallengeAsync(AuthenticationProperties prop
8494 {
8595 var authResult = await GetRemoteAppAuthenticationResultAsync ( ) ;
8696
87- // Propagate headers and status code back to the caller
88- // Different authentication schemes may challenge in different ways in the remote
89- // app, so make a best effort to forward the effects of these challenges by forwarding
90- // configured headers (like Location, perhaps) and status code (like 302 or 401, for example).
97+ // Propagate status code back to the caller to forward the effect of the challenge as best we can.
9198 Context . Response . StatusCode = authResult . StatusCode ;
92- foreach ( var header in authResult . ResponseHeaders )
93- {
94- Context . Response . Headers . Append ( header . Key , header . Value ) ;
95- }
9699 }
97100
98101 [ LoggerMessage ( EventId = 0 , Level = LogLevel . Error , Message = "Failed to authenticate using the remote app due to invalid or missing API key" ) ]
0 commit comments