I used Asp.net Identity 3 within Asp.net core project (only compile against net451.)
Here is the question, when I call the WebAPI with [Authorize] tag, the system always return the login url instead of 401 for unauthorized call. I wonder how to make it return 401 ?
Your are redirected because ApplicationCookie sets AutomaticChallenge to true by default.
To prevent redirection use:
options.Cookies.ApplicationCookie.AutomaticChallenge = false;