ASP.NET Automatic redirect OWIN configuration

Using the quick starts it is very easy to configure my suite of applications that are built on ASP.NET MVC or API to redirect to okta to authenticate. Unfortunately, for a set of my WebForms applications, I am not able to plumb up the startup.cs to automatically challenge using oidc in the event that a user is not authenticated.

We have done this before using plain old cookie auth with a CookieAuthenticationProvider that highjacked OnApplyRedirect:

        private CookieAuthenticationProvider BuildCookieAuthenticationProvider()
        {
            //swap out the Action to hack the context while maintaining the default action
            var provider = new CookieAuthenticationProvider();
            var defaultApplyRedirect = provider.OnApplyRedirect;
            provider.OnApplyRedirect = context =>
            {
                //TODO might not want to do this here, not sure if it is better suited in authorize middleware
                if (context.OwinContext.Authentication.User.Identity.IsAuthenticated)
                {
                    context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
                    context.RedirectUri = "/Error.aspx";
                }
                else
                {
                    context.RedirectUri = _authProviderUrl
                                          + context.Options.LoginPath + new QueryString(context.Options.ReturnUrlParameter, context.Request.Uri.ToString());
                }

                defaultApplyRedirect(context);
            };

            return provider;
        }

Is a more native way to do this in ASP.NET for oidc particularly using the okta nuget packages?

I should add that the web.config protection is performed at a minimum of deny anonymous users:

    <authentication mode="None" />
    <authorization>
      <deny users="?" />   
    </authorization>

Is the above really the best way to redirect to the authentication provider in ASP.NET webforms?