Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The source code needed for this article can be downloaded here and can be compiled in Visual Studio 2005 or greater. It will create a .Net assembly (DLL) to drop in your project's bin folder.

For an example of how to do CAS proxying with classic ASP, see me other article CAS Proxying with Classic ASP

First compile the attached code into a .Net assembly and drop it into your project's bin folder. Then, In Web.config, make the following changes:

...

  1. Turn on Forms Authentication:
    Code Block
    xml
    xml
    
    <!--Authentication mode configuration -->
    <authentication mode="Forms">
        <forms name="casAuth" defaultUrl="Default.aspx" loginUrl="Login.aspx" />
    </authentication>
    
  2. Deny all unauthenticated users
    Code Block
    xml
    xml
    
    <!-- Authorization configuration -->
    <authorization>
      <deny users="?"/>
    </authorization>
    

...

  1. Include the CAS.Web.Security namespace in your pages section.
    Code Block
    xml
    xml
    
    <!-- Pages configuration, Globally Import the CAS.Web.Security namespace so it can be used throughout your CAS application -->
    <pages>
      <namespaces>
        <add namespace="CAS.Web.Security"/>
      </namespaces>
    </pages>
    

...

  1. Add the CAS host url to the appSettings section. You must name the key: CASURL
    Code Block
    xml
    xml
    
    <!-- Application settings configuration -->
      <appSettings>
        <!---change CAS Url accordingly-->
        <add key="CASURL" value="https://auth.berkeley.edu/cas"/>
      </appSettings>
    

...

  1. Add an httpModules section with the following module. It must be inside the system.web section of your web.config file.
    Code Block
    xml
    xml
    
    <httpModules>
      <add name="CASAuthenticationV2" type="CAS.Web.Security.CASAuthenticationV2, CASAuthentication"/>
    </httpModules >
    

...

  1. (Optional) If you want all CASAuthentication class related errors routed to your own error page, simply add a customErrors page section to your system.web section. Mode must be set to On for the errors to be re-directed. If mode is Off or the customErrors section is not present in web.config, all errors will be written out to the current application page.
    Code Block
    xml
    xml
    
    <customErrors mode="On" defaultRedirect="MyErrorPage.aspx">
      <error statusCode="403" redirect="NoAccess.htm"/>
      <error statusCode="404" redirect="FileNotFound.htm"/>
    </ customErrors>
    
    In this example, the page MyErrorPage.aspx can access the last error reported by calling the CASAuthentication.LastError property of the CASAuthentication class.

...

VB.Net Code Examples

The CAS proxier - (Your main default page)

Panel
borderColor#cccccc
bgColor#ffffff
titleBGColor#eeeeee
titleDefault.aspx
borderStyledashed


Span
stylebackground-color:yellow
idhl

<%

@ Page Language="VB"

Span
stylebackground-color:yellow
idhl

%>

<script runat="server">
    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs)
        If User.Identity.IsAuthenticated Then
            If Not String.IsNullOrEmpty(CASAuthentication.ProxyAppResponse) Then
                Response.Write(String.Concat("Proxied App Response: ", CASAuthentication.ProxyAppResponse))
            EndIf
        End If
    End Sub

    Protected Sub btnRunTest_Click(ByVal sender As Object,ByVal e As System.EventArgs)
            'First, let's add some proxy arguments to send to the CAS proxy
            CASAuthentication.AddProxyArgument("arg1", "hello")
            CASAuthentication.AddProxyArgument("arg2", "world")

            If Not CASAuthentication.InvokeCASProxy(ProxyAppUrl:="{url_to_your_CAS_Proxy_Application}", _
                pgtUrl:="{secure_url_to_your_CAS_Callback_Url_Application}", _
                HttpMethodPost:= False) Then
                Response.Write(CASAuthentication.LastError)
                Return
            EndIf
    End Sub
</script>

<html>
<head>
    <title>Test calling a CAS Proxy</title>
</head>
<body>
    <p><a href="LogOut.aspx">Log out of CAS</a></p>
    <p><asp:Button ID="btnRunTest"runat="server"OnClick="btnRunTest_Click"Text="Call Test Proxy" /></p>
</body>
</html>

...

Panel
borderColor#cccccc
bgColor#ffffff
titleBGColor#eeeeee
titleProxyCallback.aspx
borderStyledashed


Span
stylebackground-color:yellow
idhl

<%

@ Page Language="VB"

Span
stylebackground-color:yellow
idhl

%>

<script runat="server">
    Protected Sub Page_Load(ByVal sender As Object,ByVal e As System.EventArgs)
        Dim pgtIou As String= Request.QueryString.Get("pgtIou")
        DimpgtId As String= Request.QueryString.Get("pgtId")       
        If Not String.IsNullOrEmpty(pgtIou)And _
            Not String.IsNullOrEmpty(pgtId) Then

            'We have a pgtIou/pgtId pair sent from CAS server
            'Now call the AssignPgtIDForCallingProxy method of the CASAuthentication class
            'this will store the pgtId in an application variable with it's name the value of the pgtIou
           CASAuthentication.AssignPgtIDForCallingProxy(pgtIou, pgtId)
        Else
            Response.Write("No pgtIou/pgtId pair!")
        End If    

    End Sub
</script>

<html>
<head>
    <title>Proxy Callback Url Page</title>
</head>
<body>
</body>
</html>

...

Panel
borderColor#cccccc
bgColor#ffffff
titleBGColor#eeeeee
titleCASProxy.aspx
borderStyledashed


Span
stylebackground-color:yellow
idhl

<%

@ Page Language="VB"

Span
stylebackground-color:yellow
idhl

%>

<script runat="server">
    Protected Sub Page_Load(ByVal sender As Object,ByVal e As System.EventArgs)

        If CASAuthentication.IsAuthenticated Then
            Response.Write("Welcome " & CASAuthentication.CalNetID & ", you have been successfully authenticated with CAS!")
            Response.Write("<BR>")

            Dim proxyArgs As StringBuilder = New StringBuilder
            Dim proxyArgKey As String= String.Empty

'
'Since this is the proxy application, we will check it's arguments it was sent
'Normally we would know if the arguments were sent in the query string or Form post
'but for the purposes of this example, we will check both
'

            If Request.QueryString.Count > 0 Then
                'get arguments from querystring object
                For Each proxyArgKey In Request.QueryString
                    proxyArgs.AppendFormat("{0}={1} (query string)<br>", proxyArgKey, Request.QueryString.Get(proxyArgKey))
                Next
            Else
                'get arguments from form object
                For Each proxyArgKey In Request.Form
                    proxyArgs.AppendFormat("{0}={1} (form post)<br>", proxyArgKey, Request.Form.Get(proxyArgKey))
                Next
            EndIf

            Response.Write(proxyArgs.ToString)
            Response.Write("<BR>")

            If Not String.IsNullOrEmpty(CASAuthentication.Proxies) Then
               Response.Write(CASAuthentication.Proxies)
               Response.Write("<BR>")
            End If
        End If

    End Sub
</script>

<html>
<head>
    <title>Test CAS Proxied Application</title>
</head>
<body>
    <a href="LogOut.aspx">Log out of CAS</a>
</body>
</html>