Getting 404 error instead of 401, when token is expired or when token is not passed Asp.net core 2

I created Asp.net-core 2 project and added

1. api controller authorized by Bearer token.
2. mvc controllers authorized by CookieAuthenticationDefaults.AuthenticationScheme.

When i tried to call api published in iis express .it will returned 401 unauthorized .

When i tried to call api published in iis.it will returned 404 not found.

I am Getting 404 error instead of 401, when token is expired or when token is not passed

and my startup

publicvoidConfigureServices(IServiceCollection services){
        services.AddDbContext<ApiContext>();//options =>//    options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
        services.AddTransient<ApiContextSeed>();//a confirmed email.
        services.AddIdentity<ApplicationUser,IdentityRole>(config =>{
            config.SignIn.RequireConfirmedEmail=true;
            config.Password.RequireDigit=false;
            config.Password.RequireLowercase=false;
            config.Password.RequireNonAlphanumeric=false;
            config.Password.RequireUppercase=false;
            config.Password.RequiredUniqueChars=0;
            config.Password.RequiredLength=6;
            config.User.AllowedUserNameCharacters=null;}).AddEntityFrameworkStores<ApiContext>().AddDefaultTokenProviders();// Add application services.
        services.AddTransient<IEmailSender,EmailSender>();
        services.AddMvc().AddSessionStateTempDataProvider();
        services.AddResponseCaching();
        services.AddAutoMapper();
        services.AddSingleton<IEmailSender,EmailSender>();
        services.AddSingleton<IWizIQSender,WizIQSender>();
        services.AddSingleton<IWizIQClass,WizIQClass>();
        services.AddSingleton<ITimeZone,TimeZone>();
        services.AddSingleton<IPinCodeGenerator,PinCodeGenerator>();
        services.AddScoped<IUnitOfWorkAsync,UnitOfWorkAsync>();
        services.AddSingleton<IActionContextAccessor,ActionContextAccessor>();
        services.AddBootstrapPagerGenerator(options =>{// Use default pager options.
            options.ConfigureDefault();});
        services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie("UserAuth", options =>{

            options.LoginPath=string.Empty;});
        services.AddDistributedMemoryCache();#region FlashMessage

        services.AddSession();// Needed so we can access the user's session.
        services.AddSingleton<IHttpContextAccessor,HttpContextAccessor>();
        services.AddScoped(x => x.GetRequiredService<IHttpContextAccessor>().HttpContext.Session);

        services.AddScoped<IMessageProvider,SessionMessageProvider>();// Customize the message types (i.e. we are using Bootstrap v3 and need to provide a custom-value for the error message-type).
        services.AddScoped<IMessageTypes>(x =>{returnnewMessageTypes(error:"danger");});

        services.AddScoped<IMessengerOptions,MessengerOptions>();// We are using a stack to hold messages (i.e. LIFO).
        services.AddScoped<IMessenger,StackMessenger>();#endregion
        services.AddCors(cfg =>{
            cfg.AddPolicy("UserPanel", bldr =>{
                bldr.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin();});});//using JWT
        services.AddAuthentication().AddJwtBearer(cfg =>{
                  cfg.RequireHttpsMetadata=false;
                  cfg.SaveToken=true;
                  cfg.TokenValidationParameters=newTokenValidationParameters(){ValidIssuer=Configuration["Tokens:Issuer"],ValidAudience=Configuration["Tokens:Issuer"],IssuerSigningKey=newSymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Tokens:Key"]))};});


        services.AddMvc();
        services.AddSingleton<IEmailSender,EmailSender>();//services.AddUrlHelper();
        services.AddTransient<IEmailSender,EmailSender>();

        services.AddSwaggerGen(c =>{
            c.SwaggerDoc("v1",newInfo{Title="Drossey API",Version="v1"});});}publicvoidConfigure(IApplicationBuilder app,IHostingEnvironment env,ApiContextSeed seeding){if(env.IsDevelopment()){
            app.UseDeveloperExceptionPage();
            app.UseBrowserLink();
            app.UseDatabaseErrorPage();}else{
             app.UseExceptionHandler("/error");
            app.UseStatusCodePagesWithReExecute("/error");}
        app.UseStaticFiles();
        app.UseSession();
        app.UseAuthentication();
        app.UseCors("UserPanel");
        app.UseSwagger();
        app.UseSwaggerUI(c =>{
            c.SwaggerEndpoint("/swagger/v1/swagger.json","Drossey Api");});
        app.UseMvc(routes =>{
            routes.MapRoute(
            name:"areaRoute",template:"{area:exists}/{controller=Home}/{action=Index}/{id?}");

            routes.MapRoute(
              name:"default",template:"{controller=Home}/{action=Index}/{id?}");});
        seeding.EnsureSeeding().Wait();}