TekH
bcf38ee384
- Changed [HttpGet("me")] to [HttpGet(nameof(Me))] for route safety.
- Renamed method from GetMe to Me for consistency.
- Removed [Authorize] attribute to allow unauthenticated access.
108 lines
3.1 KiB
C#
108 lines
3.1 KiB
C#
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using System.Security.Principal;
|
|
using FakeNTLMServer.Model;
|
|
using FakeNTLMServer.Common;
|
|
|
|
namespace FakeNTLMServer.Controllers;
|
|
|
|
[ApiController]
|
|
[Route("[controller]")]
|
|
public class AuthController : ControllerBase
|
|
{
|
|
[Authorize]
|
|
[HttpGet(nameof(Me))]
|
|
public IActionResult Me()
|
|
{
|
|
var identity = User.Identity;
|
|
return Ok(new
|
|
{
|
|
identity?.Name,
|
|
identity?.AuthenticationType,
|
|
identity?.IsAuthenticated,
|
|
Claims = User.Claims.Select(claim => new { claim.Type, claim.Value })
|
|
});
|
|
}
|
|
|
|
/// <summary>
|
|
/// NTLM/Negotiate login endpoint.
|
|
/// Triggers the NTLM handshake and returns authenticated user info.
|
|
/// </summary>
|
|
[Authorize]
|
|
[HttpGet(nameof(Login))]
|
|
public IActionResult Login()
|
|
{
|
|
var identity = User.Identity;
|
|
|
|
if (identity is null || !identity.IsAuthenticated)
|
|
return Unauthorized(new { Message = "NTLM authentication failed." });
|
|
|
|
return Ok(new
|
|
{
|
|
Message = "NTLM authentication successful.",
|
|
identity.Name,
|
|
identity.AuthenticationType,
|
|
identity.IsAuthenticated,
|
|
Claims = User.Claims.Select(claim => new { claim.Type, claim.Value })
|
|
});
|
|
}
|
|
|
|
/// <summary>
|
|
/// Validates Windows credentials (username/password) using the Win32 LogonUser API.
|
|
/// Works on local Kestrel without IIS or Negotiate middleware.
|
|
/// </summary>
|
|
[AllowAnonymous]
|
|
[HttpPost("login")]
|
|
public IActionResult LoginWithCredentials([FromBody] Login request)
|
|
{
|
|
var username = request.Username;
|
|
var domain = request.Domain ?? ".";
|
|
|
|
if (username.Contains('\\'))
|
|
{
|
|
var parts = username.Split('\\', 2);
|
|
domain = parts[0];
|
|
username = parts[1];
|
|
}
|
|
else if (username.Contains('@'))
|
|
{
|
|
var parts = username.Split('@', 2);
|
|
username = parts[0];
|
|
domain = parts[1];
|
|
}
|
|
|
|
if (!NtlmHelper.ValidateCredentials(username, domain, request.Password, out var token))
|
|
{
|
|
return Unauthorized(new { Message = "Invalid username or password." });
|
|
}
|
|
|
|
using (token)
|
|
{
|
|
var windowsIdentity = new WindowsIdentity(token.DangerousGetHandle());
|
|
var claims = windowsIdentity.Claims.Select(c => new { c.Type, c.Value }).ToList();
|
|
|
|
return Ok(new
|
|
{
|
|
Message = "Authentication successful.",
|
|
Name = windowsIdentity.Name,
|
|
AuthenticationType = windowsIdentity.AuthenticationType,
|
|
IsAuthenticated = windowsIdentity.IsAuthenticated,
|
|
Claims = claims
|
|
});
|
|
}
|
|
}
|
|
|
|
[Authorize]
|
|
[HttpGet(nameof(Status))]
|
|
public IActionResult Status()
|
|
{
|
|
return Ok(new
|
|
{
|
|
User.Identity?.Name,
|
|
User.Identity?.AuthenticationType
|
|
});
|
|
}
|
|
|
|
[HttpGet(nameof(Test))]
|
|
public IActionResult Test() => Ok();
|
|
} |