Do not redirect to login page with Cookie Authentication

[ihavenonickname]

My ConfigureServices method have the following code:

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
                .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
                {
                    options.LoginPath = "/Login";
                    options.AccessDeniedPath = "/Login";
                    options.LogoutPath = "/Login";
                    options.ExpireTimeSpan = TimeSpan.FromHours(10);
                });

And my controllers have

[Authorize]

On top of them, which redirects to /Login when user is not authenticated.

This behaviour is fine for my regular mvc controllers.

The problem is for my rest-like endpoints (their responses should be json-only). When user is not logged in it automatically sends the raw html of the login page but the client is expecting a json.

(yes, the same application has both kinds of controllers)

How can I configure my application such that some controllers respond with 401 instead of redirecting to /Login?

I am using net core 2.0.

[Eilon]

This is essentially a dup of #1394

To use APIs we recommend using bearer authentication instead of cookies. The cookie auth flow is designed for interactive web apps only.

[ihavenonickname]

Thank you for your response.

I am aware JWT is the best fit for my use case... but cookie auth is what's already implemented and I would like to keep as much of the working code as possible.

Do you know some reliable workaround or should I really refactor the application in order to use JWT? I am going to follow your recomendation anyway.

[Eilon]

Using JWT is recommended. We plan on getting some documentation on these scenarios but we haven't gotten to it yet.

[ihavenonickname]

Docs on this will be really appreciated! I'm having a hard time with this because I have no experience with web applications.

Thank you for your guidance!