From 3181c3f2e39fdf49a38bae6ea1dc606b884236e9 Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Thu, 29 Sep 2016 17:15:30 -0700
Subject: [PATCH] Only challenge if not already accepted.

---
 .../AuthenticationHandler.cs                             | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Server.IISIntegration/AuthenticationHandler.cs b/src/Microsoft.AspNetCore.Server.IISIntegration/AuthenticationHandler.cs
index eb6b9ad155..cdbfe921a5 100644
--- a/src/Microsoft.AspNetCore.Server.IISIntegration/AuthenticationHandler.cs
+++ b/src/Microsoft.AspNetCore.Server.IISIntegration/AuthenticationHandler.cs
@@ -56,8 +56,10 @@ namespace Microsoft.AspNetCore.Server.IISIntegration
 
         public Task ChallengeAsync(ChallengeContext context)
         {
-            bool handled = false;
-            if (ShouldHandleScheme(context.AuthenticationScheme))
+            // Some other provider may have already accepted this challenge. Having multiple providers with
+            // AutomaticChallenge = true is considered invalid, but changing the default would breaking
+            // normal Windows auth users.
+            if (!context.Accepted && ShouldHandleScheme(context.AuthenticationScheme))
             {
                 switch (context.Behavior)
                 {
@@ -77,13 +79,12 @@ namespace Microsoft.AspNetCore.Server.IISIntegration
                         break;
                     case ChallengeBehavior.Forbidden:
                         HttpContext.Response.StatusCode = 403;
-                        handled = true; // No other handlers need to consider this challenge.
                         break;
                 }
                 context.Accept();
             }
 
-            if (!handled && PriorHandler != null)
+            if (PriorHandler != null)
             {
                 return PriorHandler.ChallengeAsync(context);
             }