avoid returning WWW-Authenticate header if challenged by an ajax request

Author: vborioni-onit

src/ZNetCS.AspNetCore.Authentication.Basic/BasicAuthenticationHandler.cs

@@ -164,8 +164,16 @@ protected override Task HandleChallengeAsync(AuthenticationProperties context)
         {
             var realmHeader = new NameValueHeaderValue("realm", $"\"{this.Options.Realm}\"");
             this.Response.StatusCode = StatusCodes.Status401Unauthorized;
-            this.Response.Headers.Append(HeaderNames.WWWAuthenticate, $"{Basic} {realmHeader}");
 
+            if (this.Request.Headers.TryGetValue("X-Requested-With", out var value))
+            {
+                if (value == "XMLHttpRequest")
+                {
+                    return Task.CompletedTask;
+                }
+            }
+
+            this.Response.Headers.Append(HeaderNames.WWWAuthenticate, $"{Basic} {realmHeader}");
             return Task.CompletedTask;
         }