[Bug] Redirected to AccessDenied page after successful login

[JandosHk]

Which version of Microsoft Identity Web are you using?
Microsoft.Identity.Web 1.8.2

Where is the issue?

• Web app
  • Sign-in users
  • Sign-in users and call web APIs
• Web API
  • Protected web APIs (validating tokens)
  • Protected web APIs (validating scopes)
  • Protected web APIs call downstream web APIs
• Token cache serialization
  • In-memory caches
  • Session caches
  • Distributed caches
• Other (please describe)

Is this a new or an existing app?

The app is in production and I have upgraded to a new version of Microsoft Identity Web

Repro

// Startup.ConfigureServices
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
	.AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"));
services.AddAuthentication()
	.AddMicrosoftIdentityWebApi(Configuration.GetSection("AzureAd"), JwtBearerDefaults.AuthenticationScheme)
	.EnableTokenAcquisitionToCallDownstreamApi()
	.AddInMemoryTokenCaches();

services.AddRazorPages()
	.AddMicrosoftIdentityUI();

// _LoginPartial.cshtml
@if (User.Identity.IsAuthenticated)
{
<div class="navbar-nav">
    <span class="navbar-text">@User.FindFirst(ClaimTypes.Surname)?.Value</span>
    <a class="nav-item nav-link" asp-area="MicrosoftIdentity" asp-controller="Account" asp-action="SignOut">Logout</a>
</div>
}
else
{
    <div class="navbar-nav">
        <a class="nav-item nav-link" asp-area="MicrosoftIdentity" asp-controller="Account" asp-action="SignIn">Login</a>
    </div>
}

Expected behavior
After login page is displayed I waited 15 min or so, then started login by
clicking my previous account shown on the login page.
After successful login I expected that home page be shown.

Actual behavior
Login seemed to proceed fine, but then my app is redirected to /Account/AccessDenied page.
There were 2 issues:

1. /Account/AccessDenied page doesn't exist, so 404 is returned. Correct path is MicrosoftIdentity/Account/AccessDenied.
2. If I manually browse to MicrosoftIdentity/Account/AccessDenied page, then I clearly see that I'm authenticated, because instead of login button I see logout button. My app is ASP.NET Core 3.1 razor pages app, and in _LoginPartial.cshtml I check
   for authentication with User.Identity.IsAuthenticated property.

Possible solution

Additional context / logs / screenshots

[jmprieur]

@JandosHk thanks for reporting.
This is a multi-scheme case, which we'll consider part of #955

[JandosHk]

I found out the issue lies in my code. I was handling OpenID Connect remote failure event, in which I was redirecting to /Account/AccessDenied. Closing this issue.

[jennyf19]

Included in 1.11.0 release and documentation here.