A tip sent to me by Brian Douglass...
The way it works is:
- Create a new Server project with Identity activated, but no scaffolding
- Modify Startup.cs to add the AF token as a header
- Create a custom SignIn.razor
- Collects credentials in a form
- OnValidSubmit() after checking validity of credentials
- Make Http call to Login.OnGet() and get the form, with the AF token attached
- Build new request with Credentials + AF token in the Form data + AF token in the header.