Prevent false redirect to "Page Not Found" from UmbracoMemberAuthorize attribute handling

[elit0451]

Fixes #13946

Details

[UmbracoMemberAuthorize] attribute checks if the current member is authorized for a given request. When the member wasn't authorized we set the result to Forbidden and then we were redirected to a 404 page which wasn't the intention. This PR fixes the behaviour to return 401 Unauthorized when the member is not logged in and 403 Forbidden when the member is not of a permitted type or group.

Test

• You can follow the issue's "Steps to reproduce" or you can use the code below:

using Microsoft.AspNetCore.Mvc;
using Umbraco.Cms.Web.Common.Controllers;
using Umbraco.Cms.Web.Common.Filters;

namespace Umbraco.Cms.Web.UI;

public class TestController : UmbracoApiController
{
    [UmbracoMemberAuthorize("", "All", "")]
    // /umbraco/api/test/test
    public IActionResult Test()
    {
        return Ok("Working");
    }
}

• In the BO, create a member group called "All", as well as a few members and assign some of them to that group;
• Create 2 Partial View Macro Files from snippet - LoginStatus.cshtml and Login.cshtml;
• In the Macros folder in the Settings section, enable the 2 macros to be used in rich text editor and the grid;
• Create a doc type with a Richtext editor and create a content page where you insert the 2 macros;
• Remember to display the value of the RTE property in the template of your doc type - add @Model.Value("RTEaliasHERE");
• Open the Network dev tools and verify:
  • Login with a member of the "All" group and verify you get "Working" as a response when visiting https://localhost:44331/umbraco/api/test/test;
  • Login with a member not part of the "All" group and verify you get a Forbidden resource response for the same link ⬆️ ;
  • And finally, visiting the same link when no member is logged in returns an Unauthorized response, like:

• Set the other values of [UmbracoMemberAuthorize("", "", "")] attribute and verify that the said behaviour is still correct - there are some examples in https://docs.umbraco.com/umbraco-cms/v/10.latest-lts/reference/routing/umbraco-api-controllers/authorization#using-memberauthorizeattribute

[bergmania]

Looks good to me 💪