TekH
5b37dbf854
Introduced a new endpoint to AuthController that allows authentication using Windows username, password, and optional domain via the Win32 LogonUser API. This enables credential validation without NTLM/Negotiate middleware or IIS. The endpoint parses both "DOMAIN\user" and "user@domain" formats and returns user info and claims on success, or Unauthorized on failure. Added necessary using directives for implementation.
105 lines
3.0 KiB
C#
105 lines
3.0 KiB
C#
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using System.Security.Principal;
|
|
using FakeNTLMServer.Model;
|
|
using FakeNTLMServer.Common;
|
|
|
|
namespace FakeNTLMServer.Controllers;
|
|
|
|
[ApiController]
|
|
[Route("[controller]")]
|
|
public class AuthController : ControllerBase
|
|
{
|
|
[Authorize]
|
|
[HttpGet("me")]
|
|
public IActionResult GetMe()
|
|
{
|
|
var identity = User.Identity;
|
|
return Ok(new
|
|
{
|
|
identity?.Name,
|
|
identity?.AuthenticationType,
|
|
identity?.IsAuthenticated,
|
|
Claims = User.Claims.Select(claim => new { claim.Type, claim.Value })
|
|
});
|
|
}
|
|
|
|
/// <summary>
|
|
/// NTLM/Negotiate login endpoint.
|
|
/// Triggers the NTLM handshake and returns authenticated user info.
|
|
/// </summary>
|
|
[Authorize]
|
|
[HttpGet("login")]
|
|
public IActionResult Login()
|
|
{
|
|
var identity = User.Identity;
|
|
|
|
if (identity is null || !identity.IsAuthenticated)
|
|
return Unauthorized(new { Message = "NTLM authentication failed." });
|
|
|
|
return Ok(new
|
|
{
|
|
Message = "NTLM authentication successful.",
|
|
identity.Name,
|
|
identity.AuthenticationType,
|
|
identity.IsAuthenticated,
|
|
Claims = User.Claims.Select(claim => new { claim.Type, claim.Value })
|
|
});
|
|
}
|
|
|
|
/// <summary>
|
|
/// Validates Windows credentials (username/password) using the Win32 LogonUser API.
|
|
/// Works on local Kestrel without IIS or Negotiate middleware.
|
|
/// </summary>
|
|
[AllowAnonymous]
|
|
[HttpPost("login")]
|
|
public IActionResult LoginWithCredentials([FromBody] Login request)
|
|
{
|
|
var username = request.Username;
|
|
var domain = request.Domain ?? ".";
|
|
|
|
if (username.Contains('\\'))
|
|
{
|
|
var parts = username.Split('\\', 2);
|
|
domain = parts[0];
|
|
username = parts[1];
|
|
}
|
|
else if (username.Contains('@'))
|
|
{
|
|
var parts = username.Split('@', 2);
|
|
username = parts[0];
|
|
domain = parts[1];
|
|
}
|
|
|
|
if (!NtlmHelper.ValidateCredentials(username, domain, request.Password, out var token))
|
|
{
|
|
return Unauthorized(new { Message = "Invalid username or password." });
|
|
}
|
|
|
|
using (token)
|
|
{
|
|
var windowsIdentity = new WindowsIdentity(token.DangerousGetHandle());
|
|
var claims = windowsIdentity.Claims.Select(c => new { c.Type, c.Value }).ToList();
|
|
|
|
return Ok(new
|
|
{
|
|
Message = "Authentication successful.",
|
|
Name = windowsIdentity.Name,
|
|
AuthenticationType = windowsIdentity.AuthenticationType,
|
|
IsAuthenticated = windowsIdentity.IsAuthenticated,
|
|
Claims = claims
|
|
});
|
|
}
|
|
}
|
|
|
|
[Authorize]
|
|
[HttpGet("status")]
|
|
public IActionResult Status()
|
|
{
|
|
return Ok(new
|
|
{
|
|
User.Identity?.Name,
|
|
User.Identity?.AuthenticationType
|
|
});
|
|
}
|
|
} |