Fix for https://github.com/AzureAD/microsoft-identity-web/issues/398

src/Microsoft.Identity.Web/AuthorizeForScopesAttribute.cs

@@ -49,10 +49,7 @@ public override void OnException(ExceptionContext context)
         {
             if (context != null)
             {
-                MsalUiRequiredException? msalUiRequiredException =
-                    (context.Exception as MsalUiRequiredException)
-                    ?? (context.Exception?.InnerException as MsalUiRequiredException);
-
+                MsalUiRequiredException? msalUiRequiredException = FindMsalUiRequiredExceptionIfAny(context.Exception);
                 if (msalUiRequiredException != null &&
                     IncrementalConsentAndConditionalAccessHelper.CanBeSolvedByReSignInOfUser(msalUiRequiredException))
                 {
@@ -107,5 +104,27 @@ public override void OnException(ExceptionContext context)
 
             base.OnException(context);
         }
+
+        /// <summary>
+        /// Finds an MsalUiRequiredException in one of the inner exceptions.
+        /// </summary>
+        /// <param name="exception">Exception from which we look for an MsalUiRequiredException.</param>
+        /// <returns>The MsalUiRequiredException if there is one, null, otherwise.</returns>
+        internal /* for testing */ static MsalUiRequiredException? FindMsalUiRequiredExceptionIfAny(Exception exception)
+        {
+            MsalUiRequiredException? msalUiRequiredException = exception as MsalUiRequiredException;
+            if (msalUiRequiredException != null)
+            {
+                return msalUiRequiredException;
+            }
+            else if (exception.InnerException != null)
+            {
+                return FindMsalUiRequiredExceptionIfAny(exception.InnerException);
+            }
+            else
+            {
+                return null;
+            }
+        }
     }
 }

tests/Microsoft.Identity.Web.Test/ExcecptionHandlingTest.cs

@@ -0,0 +1,32 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System;
+using System.Linq;
+using System.Security.Claims;
+using Microsoft.Identity.Client;
+using NSubstitute;
+using Xunit;
+
+namespace Microsoft.Identity.Web.Test
+{
+    public class ExcecptionHandlingTest
+    {
+        [Fact]
+        public void AuthorizeForScopesAttribute_FindMsalUiRequiredExceptionIfAny_Tests()
+        {
+            MsalUiRequiredException msalUiRequiredException = new MsalUiRequiredException("code", "message");
+
+            MsalUiRequiredException result = AuthorizeForScopesAttribute.FindMsalUiRequiredExceptionIfAny(msalUiRequiredException);
+            Assert.Equal(result, msalUiRequiredException);
+
+            Exception ex = new Exception("message", msalUiRequiredException);
+            result = AuthorizeForScopesAttribute.FindMsalUiRequiredExceptionIfAny(ex);
+            Assert.Equal(result, msalUiRequiredException);
+
+            Exception ex2 = new Exception("message", ex);
+            result = AuthorizeForScopesAttribute.FindMsalUiRequiredExceptionIfAny(ex2);
+            Assert.Equal(result, msalUiRequiredException);
+        }
+    }
+}