I set up the authorization polices using Windows authentication and when users not authorized to access certain pages/endpoints, they are getting the message “404 not found” instead of “401 not authorized”.
Could we get it amended?
Thanks.
This is by design so that users do not realize which pages they do not have access to. We could add a configuration option to change that.