Integrating CAS Proxying with Forms Authentication in ASP.Net 2.0
To set up CAS authentication in ASP.Net is a relatively simple process if you don't implement Forms Authentication and do NOT require your application to act as a CAS proxy.
However, when you do want to make use of ASP.Net's Forms Authentication AND CAS-enable your application for proxying, the process is a little more involved.
The good news is that it still does not require much coding at all. It just requires a little knowledge about how CAS works and how you can get ASP.Net Forms Authentication to synchronize with it.
The source code needed for this article can be viewed here and can be compiled in Visual Studio 2005 or greater. It will create a .Net assembly (DLL) to drop in your project's bin folder.
First compile the attached code into a .Net assembly and drop it into your project's bin folder. Then, In Web.config, make the following changes:
...
<!--Authentication mode configuration -->
<authentication mode="Forms">
<forms name="casAuth" defaultUrl="Default.aspx" loginUrl="Login.aspx" />
</authentication>
...
<!-- Authorization configuration -->
<authorization>
<deny users="?"/>
</authorization>
...
<!-- Pages configuration, Globally Import the CAS.Web.Security namespace so it can be used throughout your CAS application -->
<pages>
<namespaces>
<add namespace="CAS.Web.Security"/>
</namespaces>
</pages>
...
<!-- Application settings configuration -->
<appSettings>
<!---change CAS Url accordingly-->
<add key="CASURL" value="https://auth.berkeley.edu/cas"/>
</appSettings>
...
<httpModules>
<add name="CASAuthenticationV2" type="CAS.Web.Security.CASAuthenticationV2, CASAuthentication"/>
</httpModules >
...
<customErrors mode="On" defaultRedirect="MyErrorPage.aspx">
<error statusCode="403" redirect="NoAccess.htm"/>
<error statusCode="404" redirect="FileNotFound.htm"/>
</ customErrors>
...
VB.Net Code Examples |
---|
Default.aspx (The CAS proxier) - Your main default page
...
Integrating CAS Proxying with Forms Authentication in ASP.Net 2.0
To set up CAS authentication in ASP.Net is a relatively simple process if you don't implement Forms Authentication and do NOT require your application to act as a CAS proxy.
However, when you do want to make use of ASP.Net's Forms Authentication AND CAS-enable your application for proxying, the process is a little more involved.
The good news is that it still does not require much coding at all. It just requires a little knowledge about how CAS works and how you can get ASP.Net Forms Authentication to synchronize with it.
The .Net assembly (DLL) and source code needed for this article can be downloaded here. Just drop it in your project's bin folder.
For an example of how to do CAS proxying with classic ASP, see me other article CAS Proxying with Classic ASP
First drop the CASAuthentication.dll (attached) into your project's bin folder. Then, In Web.config, make the following changes:
- Turn on Forms Authentication:
Code Block xml xml <!--Authentication mode configuration --> <authentication mode="Forms"> <forms name="casAuth" defaultUrl="Default.aspx" loginUrl="Login.aspx" /> </authentication>
- Deny all unauthenticated users
Code Block xml xml <!-- Authorization configuration --> <authorization> <deny users="?"/> </authorization>
- Include the CAS.Web.Security namespace in your pages section.
Code Block xml xml <!-- Pages configuration, Globally Import the CAS.Web.Security namespace so it can be used throughout your CAS application --> <pages> <namespaces> <add namespace="CAS.Web.Security"/> </namespaces> </pages>
- Add the CAS host url to the appSettings section. You must name the key: CASURL
Code Block xml xml <!-- Application settings configuration --> <appSettings> <!---change CAS Url accordingly--> <add key="CASURL" value="https://auth.berkeley.edu/cas"/> </appSettings>
- Add an httpModules section with the following module. It must be inside the system.web section of your web.config file.
Code Block xml xml <httpModules> <add name="CASAuthenticationV2" type="CAS.Web.Security.CASAuthenticationV2, CASAuthentication"/> </httpModules >
- (Optional) If you want all CASAuthentication class related errors routed to your own error page, simply add a customErrors page section to your system.web section. Mode must be set to On for the errors to be re-directed. If mode is Off or the customErrors section is not present in web.config, all errors will be written out to the current application page.
In this example, the page MyErrorPage.aspx can access the last error reported by calling the CASAuthentication.LastError property of the CASAuthentication class.Code Block xml xml <customErrors mode="On" defaultRedirect="MyErrorPage.aspx"> <error statusCode="403" redirect="NoAccess.htm"/> <error statusCode="404" redirect="FileNotFound.htm"/> </ customErrors>
...
VB.Net Code Examples |
---|
The CAS proxier - (Your main default page)
Panel | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||
@ Page Language="VB"
Protected Sub btnRunTest_Click(ByVal sender As Object,ByVal e As System.EventArgs) If Not CASAuthentication.InvokeCASProxy(ProxyAppUrl:="{url_to_your_CAS_Proxy_Application}", _ Application}", __ False) Then Then CASAuthentication.LastError) <html> >Log out of CAS</a></p> <p><asp:ButtonCAS</a></p> runat="server" OnClick="btnRunTest_Click" Text="Call Test Proxy" /></ p>p> body> |
...
html> |
The CAS callback Url (This would be the same application page specified in the pgtUrl attribute in the call to InvokeCASProxy method shown above) - This assumes that your main application (the CAS proxier) and callback Url are part of the same application so that they can share application specific variables. If the callback Url is NOT part of the same application, then you must handle storing/retrieving the pgtIou/pgtId pair yourself. (e.g. store them in an external database).
Warninginfo | |||||
---|---|---|---|---|---|
| : |||||
Because your callback Url will be called by CAS directly, you must turn off Forms Authentication for this page. This is easily achieved by adding the following to your web.config file root configuration section: |
Code Block | ||||
---|---|---|---|---|
| ||||
<location path="ProxyCallback.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
| ||||
Code Block | ||||
html | html | <%@ PageLanguage="VB"%> <script </system.web> </location> |
Panel | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||
@ Page Language="VB"
Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs)
pgtIou As String = Request.QueryString.Get("pgtIou")
pgtId As String = Request.QueryString.Get("pgtId") If Not And _ String.IsNullOrEmpty(pgtId) ThenThen 'We have a pgtIou/pgtId pair sent from CAS serverserver call the AssignPgtIDForCallingProxy method of the CASAuthentication classclass will store the pgtId in an application variable with it's name the value of the pgtIou CASAuthenticationpgtIou pgtId) Else
pgtIou/pgtId pair \!")
If
End Sub </script> <html> <head> <title>Proxy Callback Url Page</title> </head> <body> </body> </html> |
CASProxy.aspx - The CAS Proxy (This would be the same application specified in the ProxyAppUrl attribute in the call to InvokeCASProxy method shown above)
Code Block | ||
---|---|---|
html | html |
<%@ Page Language="VB" %>
<script runat="server">
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs)
If CASAuthentication.IsAuthenticated Then
<html> |
The CAS Proxy (This would be the same application specified in the ProxyAppUrl attribute in the call to InvokeCASProxy method shown above)
Panel | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||
@ Page Language="VB"
If CASAuthentication.IsAuthenticated Then " & CASAuthentication.CalNetID & ", you have been successfully authenticated with CAS!")
Dim proxyArgs As StringBuilder = New StringBuilder ' If Request.QueryString.Count > 0 Then (query string)<br>", proxyArgKey, Request.QueryString.Get(proxyArgKey) ) Next Else 'get arguments from form object For Each proxyArgKey In Request.Form) (form post)<br>", proxyArgKey, Request.Form.Get(proxyArgKey)) Next End If
Response.Write(proxyArgs.ToString)
) If Not String.IsNullOrEmpty(CASAuthentication.Proxies) Then Response Then
<BR>") End Sub <html> >Log out of CAS</a> </body> </html>CAS</a> |