Adding dedicated Forbidden and Unauthorized handling for members (#14036)

src/Umbraco.Web.Common/Filters/UmbracoMemberAuthorizeFilter.cs

@@ -54,11 +54,20 @@ public class UmbracoMemberAuthorizeFilter : IAsyncAuthorizationFilter
 
         IMemberManager memberManager = context.HttpContext.RequestServices.GetRequiredService<IMemberManager>();
 
-        if (!await IsAuthorizedAsync(memberManager))
+        if (memberManager.IsLoggedIn())
+        {
+            if (!await IsAuthorizedAsync(memberManager))
+            {
+                context.HttpContext.SetReasonPhrase(
+                    "Resource restricted: the member is not of a permitted type or group.");
+                context.Result = new ForbidResult();
+            }
+        }
+        else
         {
             context.HttpContext.SetReasonPhrase(
-                "Resource restricted: either member is not logged on or is not of a permitted type or group.");
-            context.Result = new ForbidResult();
+                "Resource restricted: the member is not logged in.");
+            context.Result = new UnauthorizedResult();
         }
     }
 

src/Umbraco.Web.Common/Security/ConfigureMemberCookieOptions.cs

@@ -1,4 +1,5 @@
 using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.Extensions.Options;
 using Umbraco.Cms.Core.Routing;
@@ -44,6 +45,12 @@ public sealed class ConfigureMemberCookieOptions : IConfigureNamedOptions<Cookie
                 // When we are signed in with the cookie, assign the principal to the current HttpContext
                 ctx.HttpContext.SetPrincipalForRequest(ctx.Principal);
 
+                return Task.CompletedTask;
+            },
+            OnRedirectToAccessDenied = ctx =>
+            {
+                ctx.Response.StatusCode = StatusCodes.Status403Forbidden;
+
                 return Task.CompletedTask;
             },
         };