Map causes wrong ReturnUrl parameter for Cookies

[Tratcher]

            app.UseAuthentication();

            app.Map("/hello", map =>
            {
                map.Run(async context =>
                {
                    if (!context.User.Identities.Any(identity => identity.IsAuthenticated))
                    {
                        await context.ChallengeAsync();
                        return;
                    }

                    context.Response.ContentType = "text/plain";
                    await context.Response.WriteAsync("Hello old timer");
                });
            });

If UseAuthentication is outside of the Map, and ChallengeAsync is called inside the Map, then CookieAuth generates the wrong ReturnUrl parameter.

Security/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationHandler.cs

Line 436 in 2e3a107

redirectUri = OriginalPathBase + Request.Path + Request.QueryString;

In the example http://localhost:12345/hello/world?query, it uses the OriginalPathBase (empty) but the current request Path "/world" and redirects to "/world?query". It should use the OriginalPathBase "" and the OriginalPath "/hello/world" rather than the current Path.

[muratg]

Workaround:

                    await context.ChallengeAsync(new AuthenticationProperties()
                    {
                        // https://github.com/aspnet/Security/issues/1730
                        // Return here after authenticating
                        RedirectUri = context.Request.PathBase + context.Request.Path + context.Request.QueryString
                    });

[Eilon]

Won't Fix because there is not enough demand for this.