I was also searching how to do it and I finally I used IdentityServer3. There is IUserService interface which defines some methods you can overload. One of these method is PostAuthenticateAsync
From IdentityServer3 documentation:
This method is called after the user has successfully authenticated
but before they are returned to the client application. It allows a
consolidated place to check for custom user workflows after all of the
other authentication methods. It’s designed for UI workflows. Passed a
PostAuthenticationContext with these properties: SignInMessage: The
contextual information passed to the authorize endpoint.
AuthenticateResult: The current AuthenticateResult. The user service
can re-assign to a non-null value to change the authentication
outcome.
The context
parameter has AuthenticateResult
property which can be set to a custom authentication result:
public override Task PostAuthenticateAsync(PostAuthenticationContext context)
{
// code that will determine target url
// redirectPath = ...
context.AuthenticateResult = AuthenticateResult(redirectPath, claims);
}
redirectPath must start with / or ~/"
Here is an example of IUSerService
implementation.