...
So in the application the user login is available with User.Identity.Name property.
Installation
...
an httpModules tag to declare the module.
It is not even necessary to declare an authentication tag in the config file. As every request is intercepted by the module, only authenticated user gains access to the application.
Windows Sharepoint Services
...
3
As Windows Sahrepoint Services version 3 (WSS 3) is based on the .NET framework, this module can be used as an authentication provider. This should be also true for Microsoft Office Sharepoint Server 2007 (MOSS 2007), but i have not try yet.
The installation is as easy as standard asp.net application, the configuration is a little more intricate due to security configuration.
1. Copy the casModule.dll in the bin folder of sharepoint site collection. And do the following in the web.config file.
2. Add CAS server location in the appSettings tag
| No Format |
|---|
<appSettings>
<add key="loginUrl" value="https://cas.server/login" />
<add key="validateUrl" value="https://cas.server/serviceValidate" />
<add key="logoutUrl" value="https://cas.server/logout" />
</appSettings>
|
3. Declare the module
| No Format |
|---|
<system.web>
...
<httpModules>
<clear />
<add name="SPRequest" type="Microsoft.SharePoint.ApplicationRuntime.SPRequestModule,
Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="OutputCache" type="System.Web.Caching.OutputCacheModule" />
*<add name="CasModule" type="Upmc.CasModule.CasModule, CasModule" />*
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
<add name="WindowsAuthentication" type="System.Web.Security.WindowsAuthenticationModule" />
<add name="RoleManager" type="System.Web.Security.RoleManagerModule" />
<!-- <add name="Session" type="System.Web.SessionState.SessionStateModule"/> -->
</httpModules>
...
</system.web>
|
4. Modify the security policy to enable the module
The policy file to modify is based on Sharepoint trust level declare in this tag
| No Format |
|---|
<trust level="WSS_Medium" originUrl="" />
|
and the location of the policy file is declare in
| No Format |
|---|
<securityPolicy>
<trustLevel name="WSS_Medium" policyFile="C:\Program Files\Common Files\Microsoft Shared\
Web Server Extensions\12\config\wss_mediumtrust.config" />
<trustLevel name="WSS_Minimal" policyFile="C:\Program Files\Common Files\Microsoft Shared\
Web Server Extensions\12\config\wss_minimaltrust.config" />
</securityPolicy>
|
In the security file add the folliwing in the first CodeGroup tag
| No Format |
|---|
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="$AppDirUrl$/bin/casModule.dll"
/>
</CodeGroup>
|
5. Last step modify the site collection configuration to enable sso and add a membership provider through Sharepoint administration site.
To be done
Some more work and test should be done in order to :
- have a nice 500 error if the CAS server is down on validation.
- add an optional sliding time to live for authentication check
- handle CAS logout protocol
I am also planning to rapidly test this module in an IIS 7 autentication pipe line. I have no idea yet on how to handle the user id the application.
And of course other your demand.
et pour les français vous pouvez lire mon article sur techHeadBrothers.com