[Bug] Xamarin.Essentials WebAuthenticator server side sample redirects to missing login page

[TheCarlR]

Description

I'm trying to make sense of the WebAuthenticator documentation and sample. Especially in the server code. When using this implementation, it must be assumed that I in another Controller can use the [Authorize] attribute to require authentication. But when I do that what happens is that it tries to redirect to /Account/Login which in turn doesn't exist, giving a 404.

Steps to Reproduce

1. Download the Xamarin essentials sample
2. Add a SampleController to the Sample.Server.WebAuthenticator using the API read/write template.
3. Build the Sample.Server.WebAuthenticator, set it as the only startup project and debug it. Make sure you can access /api/sample and receive a json result.
4. Next add [Authorize] to the SampleController, and debug it. It will redirect to a missing login page.

Expected Behavior

401 I guess. But please guide me if I'm wrong.

Actual Behavior

Redirect to Login?ReturnUrl=%&2Fapi%2Fsample

Screenshots

https://i.stack.imgur.com/rYnwT.png

[TheCarlR]

Probably something like this would work.

services.AddAuthentication(o =>
                {
                    o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                })
                .AddCookie(c =>
                {
                    c.Events.OnRedirectToAccessDenied = (context) => { context.Response.StatusCode = 403; return Task.CompletedTask; };
                    c.Events.OnRedirectToLogin = (context) => { context.Response.StatusCode = 401; return Task.CompletedTask; };
                });

[TheCarlR]

Then again, I think it needs something more to be able to use the token received when finally being logged in. Maybe it should have been Jwt, because that would have given 401 by default? I'm very confused by the sample.

[brugner]

Me too, same issue and confusion. How to get the Authorize attribute working after a successful login with a social provider?