带有ApplicationId和租户ID的Azure SSO登录未返回成功的声明输出

public partial class Startup
{
    public void ConfigureAuth(IAppBuilder app) {
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
        app.UseCookieAuthentication(new CookieAuthenticationOptions() {                
            CookieDomain = ".xxx.com"
        });

        var notifications = new OpenIdConnectAuthenticationNotifications {
            AuthenticationFailed = OnAuthenticationFailed
        };
        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions {
                ClientId = SystemSettings.ClientId, //This is the client Id of the central Multi-tenant Azure AD application
                    Authority = SystemSettings.Authority,
                PostLogoutRedirectUri = SystemSettings.PostLogoutRedirectUri,
                Notifications = notifications,
                //ProtocolValidator = new OpenIdConnectProtocolValidator() { RequireNonce = false},
                UseTokenLifetime = false,
                TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters() {
                    ValidIssuers = SystemSettings.ValidIssuers                        
                }
            });
        }
    }

对于SSO登录，我们正在调用OWIN上下文：

HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = string.IsNullOrWhiteSpace(returnUrl) ? "/account/authenticated" : string.Format("/account/authenticated?companyCode={0}&returnUrl={1}", companyCode, HttpUtility.UrlEncode(returnUrl)) },
                            OpenIdConnectAuthenticationDefaults.AuthenticationType);
                    return null;

SSO成功登录后，我将重定向到以下路由详细信息：

[Route("account/authenticated")]
[AllowAnonymous]
public ActionResult Authenticated(string returnUrl, string companyCode) {
       FileLogger.Log($"System.Web.HttpContext.Current.Request.IsAuthenticated: {System.Web.HttpContext.Current.Request.IsAuthenticated}");
        var identity = (ClaimsIdentity)Thread.CurrentPrincipal.Identity;
        var claims = JsonConvert.SerializeObject(identity?.Claims?.ToList(), new JsonSerializerSettings() {
            ReferenceLoopHandling = ReferenceLoopHandling.Ignore
        });
        FileLogger.Log($"claims: {claims}");
        if (System.Web.HttpContext.Current.Request.IsAuthenticated) {
            var token = AuthorizationService.AuthorizeUser();
            FileLogger.Log($"AuthorizationService.AuthorizeUser() returns: {token}");
            if (!string.IsNullOrWhiteSpace(token)) {
                ViewBag.ClientCode = companyCode;
                ViewBag.Token = token;
                ViewBag.ReturnUrl = returnUrl;
                return View();
            }
            return null;
        }
        var currentClaimsPrincipal = ClaimsPrincipal.Current;
        if (currentClaimsPrincipal != null && currentClaimsPrincipal.Claims != null) {
            var myClaimsPrincipal = new ClaimsIdentity(currentClaimsPrincipal.Claims);
        }
        return null;
    }

但是声明输出未到，我得到了错误的身份验证，没有声明：

身份：

{System.Security.Principal.GenericIdentity}
    Actor: null
    AuthenticationType: ""
    BootstrapContext: null
    Claims: {System.Security.Claims.ClaimsIdentity.<get_Claims>d__51}
    CustomSerializationData: null
    IsAuthenticated: false
    Label: null
    Name: ""
    NameClaimType: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
    RoleClaimType: "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"