Raw API redirects to sign in page (returning 200) if not authenticated

Created by: felixfbecker

This is I think the third time I had a bug because of this and took more than needed to track it down because the application just sees a 200 OK and continues, so filing this as an issue to track.

It should return a 401.