I have a .net core 2.2 mvc website with the typical authentication setup.
I later added an api endpoint (returning json) that should not be authenticated through the cookie authentication, but through a custom authentication token.
I pass my token in the Authorization header of the request as "EMF abcdfsdfgsdfgsdfg" where EMF is the Authentication Scheme.
I created an Authentication Handler and registered it with services.AddAuthentication().AddScheme<...>("EMF", null);
I put an [Authorize(AuthenticationSchemes = "EMF")] on my controller action.
Even though the AuthenticationHandler succesfully returns a result, .net core redirects me to the login page instead of the controller action.
When I remove the Authorize attribute and post the same request again, the action is invoked but the User is not authenticated.
What is going on? Why the user is not authenticated when the handler returns a successful response??