I have configured my Web application to use Azure Auth logon. Everything works fine and users can logon if they're not already logged on to Azure.

My issue is that when a user is already logged into Azure of Office 365 and they browse to my site, they get this error below. I understand what the error means, but I want to know if there is a way to redirect to another URL (on my site) if this issue occurs. Here is that error:

This is my startup code for configuring OpenId Auth:

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions {
    ClientId = Configuration.clientID,
        Authority = authenticationAuthority,
        PostLogoutRedirectUri = Configuration.logoutRedirectURL,
        Notifications = new OpenIdConnectAuthenticationNotifications {
            AuthenticationFailed = context => {
                context.HandleResponse();
                context.Response.Redirect("/Unauthorised.aspx?message=" + context.Exception.Message);
                return Task.FromResult(0);
            }
        }
});

There are a couple of ways around this, depending on your scenario.

If you want to authenticate them using their existing credentials, you can enable multi-tenant support in your application's registration. This will allow an external user to authenticate with your application using their own AAD credentials rather than one in your AAD tenant.

If you need to force them to reauthenticate using your credentials, you can add prompt=login to your initial Authorization URI (https://login.microsoft.com/{tenant}/oauth/authorize?...&prompt=login). This will force the user to authenticate against your application, even if they already have an active authentication cookie (in most cases "authenticate" here simply means that the user will need to select an account from a list, not re-enter id & password).