Refactored logging setup to clear providers and use NLog exclusively when not in development. This ensures development uses default logging, while production and other environments leverage NLog.
Integrate NLog for structured file-based logging by adding configuration to appsettings.json and initializing NLog in Program.cs. Wrap application startup in a try-catch block to log unhandled exceptions. No changes to core application logic.
Updated FakeNTLMServer.csproj to increment the Version, AssemblyVersion, FileVersion, and InformationalVersion properties from 1.0.0-beta to 1.0.1-beta. This reflects a new pre-release version of the project.
Updated launchSettings.json to set anonymousAuthentication to true. Modified web.config to add <anonymousAuthentication enabled="true" /> under <authentication>, allowing both anonymous and Windows authentication. Reformatted web.config for improved readability.
Added <security> section to web.config to enable Windows Authentication with NTLM and Negotiate providers under <system.webServer>. This allows the application to authenticate users using their Windows credentials.
Added versioning fields to FakeNTLMServer.csproj for assembly and informational versioning. Introduced "EnableSwagger" setting in appsettings.json to allow Swagger UI outside development environments. Reformatted authentication registration in Program.cs for clarity.
- Changed [HttpGet("me")] to [HttpGet(nameof(Me))] for route safety.
- Renamed method from GetMe to Me for consistency.
- Removed [Authorize] attribute to allow unauthenticated access.
Refactored route attributes for Login and Status actions to use nameof() for improved maintainability. Added a new Test GET endpoint that returns a simple OK response.
- Add custom OpenAPI doc with title, version, and description
- Define "Negotiate" security scheme for NTLM/Kerberos auth
- Require Negotiate authentication for all endpoints in Swagger
- Include XML comments in Swagger UI if available
- Configure Swagger UI to send credentials (withCredentials: true) for authenticated endpoint testing
Introduced a new endpoint to AuthController that allows authentication using Windows username, password, and optional domain via the Win32 LogonUser API. This enables credential validation without NTLM/Negotiate middleware or IIS. The endpoint parses both "DOMAIN\user" and "user@domain" formats and returns user info and claims on success, or Unauthorized on failure. Added necessary using directives for implementation.
Introduced the NtlmHelper static class in the FakeNTLMServer.Common namespace. This class provides a ValidateCredentials method that uses P/Invoke to call the Windows LogonUser API, allowing validation of NTLM credentials and returning a SafeAccessTokenHandle on success. Constants for logon type and provider are included, and token validity is checked.
Introduced a Login class in the FakeNTLMServer.Model namespace to represent user credentials. The model includes required Username and Password properties, supporting various username formats, and an optional Domain property that defaults to the local machine if not specified.
Refactored AuthController to improve attribute usage and code clarity. Added three endpoints: /auth/me (user info), /auth/login (NTLM/Negotiate authentication with user info or 401), and /auth/status (authenticated user status). Responses are now more structured and informative. Applied [Authorize] only to relevant endpoints. Improved code organization and documentation.
Introduced AuthController secured with [Authorize] attribute.
Provides a GET /auth/me endpoint that returns the authenticated
user's identity details and claims.
Set up FakeNTLMServer project targeting .NET 8.0 with Windows Authentication (Negotiate) and Swagger/OpenAPI support. Added project and solution files, configured authentication and authorization in Program.cs, and included launch settings and logging configuration for development and production environments.
