Fixed up the 401 issue with checking authentication, but now have other auth issues... but better than before :)

src/Umbraco.Web.UI.Client/src/common/resources/auth.resource.js

@@ -49,10 +49,8 @@ function authResource($q, $http, umbDataFormatter, umbRequestHelper) {
                     deferred.resolve(data);
                 }).
                 error(function (data, status, headers, config) {
-
-                    //Change this to 200 ! we're just checking auth.
-                    
-                    if (status === 401) {
+                    //204 - means the current user is not-authorized, the result was empty.
+                    if (status === 204) {
                         //if it's unauthorized it just means we are not authenticated so we'll just return null
                         deferred.resolve(null);
                     }

src/Umbraco.Web.UI/umbraco/Views/Default.cshtml

@@ -11,7 +11,6 @@
 
 <html lang="en">
 <head>
-    @*<base href="@GlobalSettings.Path.EnsureEndsWith('/')" />*@
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
 
@@ -19,32 +18,6 @@
     <link rel="stylesheet" href="assets/css/umbraco.css" />
     <link rel="stylesheet" href="../umbraco_client/tree/treeicons.css" />
 
-    @*<style type="text/css">
-        .validation-message
-        {
-            color: #FA787E;
-        }
-
-        .property-validation
-        {
-            color: #FA787E; 
-            float: right;
-        }
-
-        .validation-summary
-        {
-            padding: 5px;
-            background-color: #EEEEEE;
-            border: #FA787E solid 2px;
-            margin: 5px;
-            color: #fa787e;
-        }
-
-        .validation-summary span
-        {
-            font-style: italic;
-        }
-    </style>*@
 </head>
 <body ng-controller="MainController" id="umbracoMainPageBody">
     <div ng-cloak id="Div1" class="clearfix" ng-click="closeDialogs($event)">

src/Umbraco.Web/Editors/AuthenticationController.cs

@@ -44,7 +44,10 @@ namespace Umbraco.Web.Editors
                         UmbracoContext.Security.GetUserId(UmbracoContext.Security.UmbracoUserContextId));
                 return _userModelMapper.ToUserDetail(user);
             }            
-            throw new HttpResponseException(HttpStatusCode.Unauthorized);
+
+            //don't return not-authorized because this method is here to check if the current user is authorized.
+            // if they are not, then we just return no content.
+            throw new HttpResponseException(HttpStatusCode.NoContent);
         }
 
         public UserDetail PostLogin(string username, string password)

src/Umbraco.Web/Editors/BackOfficeController.cs

@@ -72,6 +72,7 @@ namespace Umbraco.Web.Editors
         /// Returns the JavaScript blocks for any legacy trees declared
         /// </summary>
         /// <returns></returns>
+        [UmbracoAuthorize]
         public JavaScriptResult LegacyTreeJs()
         {            
             var javascript = new StringBuilder();

src/Umbraco.Web/Mvc/UmbracoAuthorizeAttribute.cs

@@ -52,12 +52,15 @@ namespace Umbraco.Web.Mvc
 		}
 
         /// <summary>
-        /// Override to throw exception instead of returning a 401 result
+        /// Override to to ensure no redirect occurs
         /// </summary>
         /// <param name="filterContext"></param>
         protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
         {
-            throw new HttpException((int)global::System.Net.HttpStatusCode.Unauthorized, "You must login to view this resource.");
+            filterContext.Result = (ActionResult)new HttpUnauthorizedResult("You must login to view this resource.");
+            
+            //DON'T do a FormsAuth redirect... argh!! thankfully we're running .Net 4.5 :)
+            filterContext.RequestContext.HttpContext.Response.SuppressFormsAuthenticationRedirect = true;
         }
 
 	}