Two small UX fixes:
- AuthEndpoints.LogoutAsync now redirects browser callers to /login after
SignOutAsync instead of returning 204 NoContent. 204 was correct for the
REST contract but left browsers stuck on the page they came from (the
cookie was cleared but no navigation happened, so "Sign out" appeared
to do nothing). API callers can still opt into the status-only behavior
by sending `Accept: application/json`.
- Login.razor drops the .panel-head top strip; the sign-in card now reads
as a self-contained form with an inline title "MxAccess Gateway Admin —
sign in". Added a .login-title CSS class to site.css that matches the
panel-head's typographic weight without the bar.
Six interlocking fixes surfaced while smoke-testing the fused Host in a browser:
- Host/Program.cs: UseStaticWebAssets() opts into the RCL static-asset pipeline
in any environment (auto-only in Development), MapStaticAssets().AllowAnonymous()
exempts CSS/JS from the AddOtOpcUaAuth fallback policy, and
AddCascadingAuthenticationState() lets <AuthorizeView/> work inside interactive
components (NavSidebar's session block).
- Security/ServiceCollectionExtensions: ILdapAuthService Scoped → Singleton —
consumed by the Singleton LdapOpcUaUserAuthenticator on driver-role nodes.
Crash only surfaced in Development (ValidateOnBuild=true).
- Security/Endpoints/AuthEndpoints: /auth/login now dispatches on Content-Type —
application/json keeps the original 204/401/503 contract for tests, and
application/x-www-form-urlencoded (the browser <form>) gets a redirect dance.
DisableAntiforgery on the login endpoint (it's the entry point, no prior session)
and AllowAnonymous to override the fallback policy.
- Security/Ldap/LdapOptions + LdapAuthService: real DevStubMode property; when
true the auth service bypasses the LDAP bind and returns a FleetAdmin role so
dev/test can navigate the full Admin UI without GLAuth running.
- AdminUI/EndpointRouteBuilderExtensions: doc-comment update about static-asset
flow (the actual MapStaticAssets call lives in Host/Program.cs).
