Initial commit: JDE Scoping Tool migration project

Set up repository with legacy .NET Framework 4.8 source (OLD/),
new .NET 10 Blazor solution (NEW/), OpenSpec specifications,
documentation, and project configuration.

NEW/src/JdeScoping.Client/Services/AuthService.cs

@@ -0,0 +1,89 @@
+using System.Net.Http.Json;
+using JdeScoping.Client.Auth;
+using JdeScoping.Client.Models;
+
+namespace JdeScoping.Client.Services;
+
+/// <summary>
+/// Handles authentication via API calls with cookie-based auth.
+/// </summary>
+public class AuthService : IAuthService
+{
+    private readonly HttpClient _httpClient;
+    private readonly AuthStateProvider _authStateProvider;
+
+    public AuthService(
+        HttpClient httpClient,
+        AuthStateProvider authStateProvider)
+    {
+        _httpClient = httpClient;
+        _authStateProvider = authStateProvider;
+    }
+
+    public async Task<AuthResult> LoginAsync(LoginModel model)
+    {
+        try
+        {
+            var response = await _httpClient.PostAsJsonAsync("api/auth/login", new
+            {
+                model.Username,
+                model.Password
+            });
+
+            if (response.IsSuccessStatusCode)
+            {
+                // API returns UserInfo and sets auth cookie
+                var userInfo = await response.Content.ReadFromJsonAsync<UserInfoViewModel>();
+                if (userInfo != null)
+                {
+                    // Notify auth state provider of the login
+                    await _authStateProvider.MarkUserAsAuthenticated(userInfo);
+
+                    return new AuthResult
+                    {
+                        Success = true,
+                        User = userInfo
+                    };
+                }
+
+                return new AuthResult
+                {
+                    Success = false,
+                    ErrorMessage = "Invalid response from server"
+                };
+            }
+
+            var errorContent = await response.Content.ReadAsStringAsync();
+            return new AuthResult
+            {
+                Success = false,
+                ErrorMessage = string.IsNullOrEmpty(errorContent)
+                    ? "Login failed. Please check your credentials."
+                    : errorContent
+            };
+        }
+        catch (Exception ex)
+        {
+            return new AuthResult
+            {
+                Success = false,
+                ErrorMessage = $"Login failed: {ex.Message}"
+            };
+        }
+    }
+
+    public async Task LogoutAsync()
+    {
+        try
+        {
+            // Call logout endpoint to clear server-side cookie
+            await _httpClient.PostAsync("api/auth/logout", null);
+        }
+        catch
+        {
+            // Even if logout API fails, clear local state
+        }
+
+        await _authStateProvider.LogoutAsync();
+    }
+}