Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

CAS Proxying with Classic ASP

This article demonstrates using CAS authentication with classic ASP and then calling a second application via
a CAS proxy. You should read the article on the proxy CAS walkthrough Proxy CAS Walkthrough first as it explains
how CAS proxying works.

For an example of how to do CAS proxying with ASP.Net, see me other article CAS Proxying with ASP.Net Forms Authentication

Using the code I have sited below, it is really quite simple to call another CAS-enabled application as a proxy after the
main (Proxier) CAS application has already authenticated.

The basic steps for CAS Proxying using the CAS_Authenticator class are as follows:

...

(for basic CAS Authentication, you only need to do step 1 without including the pgtUrl. It's the inclusion of the pgtUrl prior to calling ServiceValidate that enables CAS proxying.)

  1. From the main (Proxier) application, set the CASpgtUrl property to your application Url that will accept the pgtIou/pgtId pair from CAS and then call the ServiceValidate method for CAS authentication and include a pgtUrl attribute.
    Note
    titleAbout the pgtUrl

    The pgtUrl MUST be part of the same application as the CAS Proxier AND be on a secure server with a valid RSA or Verisign SSL Certificate

  2. The pgtUrl receives back from CAS the pgtIou/pgtId pair and stores them in an Application variable (e.g. Application(<value of pgtIou>) = <value of pgtId>)
    Info
    titleThe use of Application variables

    Application variables MUST be used instead of Session variables. This is because of the extra trip CAS has to make to the pgtUrl. Your application would lose it's session variables otherwise. This is NOT true in basic CAS Authentication so, you will notice through out these examples that I chose to use Application variables instead of Session variables for this reason. Also, note the use of the name of the Application variable being the value of the pgtIou. This is important because the main (Proxier) application will need to retrieve the pgtId sent to the pgtUrl and the only value it will know is the proxyGrantingTicket IOU (pgtIou).

  3. The main (Proxier) application retrieves the pgtId value from the Application variable stored by the pgtUrl and then calls the RequestProxyTicket
    method passing in the pgtId and the proxy application complete Url.
    Info
    titleThe CAS Proxied Application

    The actual proxy application can be any CAS-enabled application that can call proxyValidate on the supplied proxyTicket and it does not have to reside on the same application server like the pgtUrl and main Proxier applications do._

  4. With the "real" proxyTicket in it's grasp, the main (Proxier) application now calls AddProxyArgument as many times as it needs to add the arguments the proxied application will need. At the bare minimum, the proxyTicket itself MUST be added as an argument.
    Info
    titleThe Proxy Ticket

    The CAS-enabled proxied application MUST have a proxyTicket in order to send it to CAS in the proxyValidate method. The AddProxyArgument method is used in this case by the main application to add the proxyTicket. Then when you call MakeWebRequest , you specify an http method of GET or POST which would determine whether the proxyTicket was sent in the query string or the form post.

  5. Finally, call the MakeWebRequest method passing in the Url to the CAS-enabled application to be proxied along with the http method (e.g. GET or POST).
    Tip
    titleMaking an Http Request in ASP

    The MakeWebRequest method is sort of an ASP version of the System.Net.WebClient class in ASP.Net. You can call this method in any ASP page to make an http GET or POST request and receive an html or xml response depending on the request. This method works very well for CAS proxying because we are just going to Response.Write the returned html of the proxied application to the browser.

    The examples I've outlined rely on two classes (source code at the end of this article) that must be included in an include file in order for them to work.
    The first is a simple string class since ASP doesn't have the very useful StringBuilder that is always available in ASP.Net,
    I created a vbscript mocked up version called clsString (see below). The second class is the CAS_Authenticator and does all the dirty work,
    not just for basic CAS authentication with ASP but also supports CAS proxying which is what my examples will demonstrate.

    VBScript Code

    Panel
    dashed
    borderColor#cccccc
    bgColor#ffffff
    titleBGColor#eeeeee
    borderStyledashed
    titleCASProxier.aspborderStyle


    Span
    stylebackground-color:yellow
    idhl
    <%

    @ Language=VBScript

    Span
    stylebackground-color:yellow
    idhl
    %>


    Span
    stylebackground-color:yellow
    idhl
    <%

    Option Explicit

    Span
    stylebackground-color:yellow
    idhl
    %>


    <!-- #Include File = "../Includes/Public.asp" -->

    <HTML>
    <HEAD>
    <title>Test CAS Proxy Application</title>
    </HEAD>
                <body>

    Span
    stylebackground-color:yellow
    idhl
    <%


    Dim objCAS, serviceUrl
    Dim pgtId
    Dim proxyTicket
    Dim proxyAppUrl

    'Initialize CAS Authenticator Class
    Set objCAS = New CAS_Authenticator

    'Set the CAS URL
    objCAS.CASURL = "https://auth-test.berkeley.edu/cas"

    'Set the current request page Url as the CAS service name
    serviceUrl = GetRequestUrl()

    If Request.ServerVariables.Item("REQUEST_METHOD") = "POST" Then
        'Get the pgtId, the proxy callback would have stored this as an application variable
        'with the key name as the pgtIou
        pgtId = Application(objCAS.ProxyGrantingTicketIOU)
       
        If IsEmpty(pgtId) Then
            Response.Write "No pgtId found, please make sure your pgtUrl is correct!"
            Response.Write "<BR>"
            Response.End
        End If
      
        'Send off the pgtId as well as the full Url to the CAS-enabled app to be proxied to the
        'RequestProxyTicket method. It will return the "real" proxy ticket to call the proxy with
        proxyAppUrl = "https://orimaging.berkeley.edu/ASP/Proxy/CASProxy.asp"
        proxyTicket = objCAS.RequestProxyTicket(pgtId, proxyAppUrl)
       
        If IsEmpty(proxyTicket) Then
            Response.Write "The proxyTicket is Empty! " & objCAS.LastError
            Response.Write "<BR>"
            Response.End
        End If
      
        'Add arguments to send to proxy, proxyTicket is required as an argument!
        objCAS.AddProxyArgument "proxyTicket", proxyTicket
       
        'Make a request to the proxy and output the response
        Response.Write "Proxy Response:"
        Response.Write "<BR>"
        Response.Write objCAS.MakeWebRequest(proxyAppUrl, "POST")
    Else
        If IsEmpty(Application("UID")) Then
            'Since this application will proxy other CAS-enabled apps, we will request
            'a pgtIou/pgtId pair from CAS by supplying a secure Url to our CAS Callback
            objCAS.CASpgtUrl = "https://orimaging.berkeley.edu/ASP/Proxy/ProxyCallback.asp"

            'Validate the URL of this application which will get assigned a ticket
            'unless it fails, in which case exit and explain why it failed
            If Not objCAS.ServiceValidate(serviceUrl) Then
                Response.Write objCAS.LastError
                Response.Write "<BR>"
                Response.Write "Service: " & serviceUrl
                Response.End
            End If

            'Set Application variables
            Application.Lock
            Application("UID") = objCAS.netID
            Application.UnLock
        End If
               

    Span
    stylebackground-color:yellow
    idhl
    %>


                            <FORM action="Default.asp" method=post>
                            <TABLE align=center width="75%">
                            <TR>
                            <td valign=top align=left>
                                         <Ahref="../Logout.asp?url=

    Span
    stylebackground-color:yellow
    idhl
    <%
    =serviceUrl%>

    =serviceUrl

    Span
    stylebackground-color:yellow
    idhl
    %>

    ">Log out of CAS</A>
                            </td>
                            </TR>
                            <TR>
                            <td valign=top align=left>
                                         The current time is:

    Span
    stylebackground-color:yellow
    idhl
    <%

    =now()

    Span
    stylebackground-color:yellow
    idhl
    %>


                            </td>
                            </TR>
                            <TR>
                                         <TD> </TD>
                            </TR>
                            <TR>
                            <td valign=top align=left>
                            <span style="FONT-SIZE: 14px; COLOR: teal; FONT-FAMILY: tahoma">
                                         Welcome <B><%>

    Span
    stylebackground-color:yellow
    idhl
    <%

    =Application("UID")%><

    Span
    stylebackground-color:yellow
    idhl
    %>

    </B>, you have successfully authenticated with CAS
                            <CAS                       </span>
                                                   </td>
                            </TR>
                            <TR>
                            <td valign=top align=left>
                            <INPUT type="submit" value="Test Call Proxy" id="btnCallProxy" name="btnCallProxy">
                            </td>
                            </TR>
                            </TABLE>
                            </FORM>
               

    Span
    stylebackground-color:yellow
    idhl
    <%


    End If
    Set objCAS = Nothing

    Span
    stylebackground-color:yellow
    idhl
    %>


          
                </body>
    </HTML>

    Panel
    borderColor#cccccc
    bgColor#ffffff
    titleBGColor#eeeeee
    borderStyle#eeeeeedashed
    titlepgtUrlborderStyledashed


    Span
    stylebackground-color:yellow
    idhl
    <%

    @ Language=VBScript

    Span
    stylebackground-color:yellow
    idhl
    %>


    Span
    stylebackground-color:yellow
    idhl
    <%

    Option Explicit

    Span
    stylebackground-color:yellow
    idhl
    %>


    <!-- #Include File = "../Includes/Public.asp" -->

    <HTML>
    <HEAD>
    <title>CAS Proxy Callback App</title>
    </HEAD>
                <body>           >
                <body>           

    Span
    stylebackground-color:yellow
    idhl
    <%


    Dim pgtIou, pgtId

    'Get pgtIou in Query String sent from CAS
    pgtIou = Request.QueryString.Item("pgtIou")

    'Get pgtId in Query String sent from CAS
    pgtId = Request.QueryString.Item("pgtId")

    'Check to see if they exist
    If Len(pgtIou) = 0 OR Len(pgtId) = 0 Then
        Response.Write "No pgtIou/pgtId pair supplied!"
        Response.End
    End If

    'Store pgtId in application variable accessable from any page within this application
    Application.Lock
    Application(pgtIou) = pgtId
    Application.UnLock

    Span
    stylebackground-color:yellow
    idhl
    %>


                </BODY>
    </HTML>

    <%@ Language=VBScript %>
    <%Option Explicit
    Panel
    borderColor#cccccc
    bgColor#ffffff
    titleBGColor#eeeeee
    titleCAS Proxied Application
    borderStyledashed
    #cccccc
    bgColor#ffffff
    titleBGColor#eeeeee
    borderStyledashed
    titleCAS Proxied Application

    Span
    stylebackground-color:yellow
    idhl
    <%

    @ Language=VBScript

    Span
    stylebackground-color:yellow
    idhl
    %>


    Span
    stylebackground-color:yellow
    idhl
    <%

    Option Explicit

    Span
    stylebackground-color:yellow
    idhl
    %>


    <!-- #Include File = "../Includes/Public.asp" -->

    <HTML>
    <HEAD>
    <title>Test CAS Proxy</title>
    </HEAD>
                <body>

    Span
    stylebackground-color:yellow
    idhl
    <%


    Dim proxyArgKey
    Dim proxyTicket
    Dim objCAS

    'Initialize CAS Authenticator Class
    Set objCAS = New CAS_Authenticator

    'Set the CAS URL, change accordingly
    objCAS.CASURL = "https://auth-test.berkeley.edu/cas"
    'proxy ticket should be in either the query string or the form post
    proxyTicket = Request.Item("proxyTicket")

    If Not IsEmpty(proxyTicket) Then
        ' validate the proxy application with CAS
        If NOT objCAS.ValidateProxy proxyTicket
       
        If NOT IsEmpty(objCAS.LastError(proxyTicket) Then
            Response.Write objCAS.LastError
            Response.Write "<BR>"
            Response.End
        End If
       
                If

    Span
    stylebackground-color:yellow
    idhl
    %>


                <P>     
                <span style="font-size: 14px;font-family: tahoma;color:teal">
                            Welcome <B><%=objCAS.netID%></B>, you have successfully authenticated with CAS
                </span>
                </P>

               

    Span
    stylebackground-color:yellow
    idhl
    <%


        '
        'Since this is the proxy application, we will check its arguments it was sent
        'Normally we would know if the arguments were sent in the query string or Form post
        'but for the purposes of this example, we will check both
        '
        If Request.QueryString.Count > 0 Then
            'get arguments from querystring object
            For Each proxyArgKey In Request.QueryString
                Response.Write proxyArgKey & "=" & Request.QueryString.Item(proxyArgKey) & "(query string)"
                Response.Write "<BR>"
            Next
        Else
            'get arguments from form object
            For Each proxyArgKey In Request.Form
                Response.Write proxyArgKey & "=" & Request.Form.Item(proxyArgKey) & "(form post)"
                Response.Write "<BR>"
            Next
        End If

        If Not IsEmpty(objCAS.Proxies) Then
            Response.Write "<BR>"
            Response.Write "CAS Proxies:"
            Response.Write "<BR>"
            Response.Write objCAS.Proxies
            Response.Write "<BR>"
        End If
    Else
        Response.Write "No proxyTicket found in either the query string or the form post!"
        Response.Write "<BR>"
    End If
    Set objCAS = Nothing

    Span
    stylebackground-color:yellow
    idhl
    %>


                </BODY>
    </HTML>

    Panel
    borderColor#cccccc
    bgColor#ffffff
    titleBGColor#eeeeee
    borderStyledashed
    titleclsString
    borderStyledashed

    '*****************************************************************
    ' clsString : A String Class helper to aid in string concatenation
    '*****************************************************************
    Class clsString

        Private m_intLength
        Private m_intCounter
        Private m_arrString()

        Private Sub Class_Initialize()
            'Dim an array and set position counter
             m_intCounter = 1
             m_intLength = 100
             Redim m_arrString(m_intLength)
        End Sub

        Public Sub Reset
            'Erase current array and recreate
             Erase m_arrString
             Call Class_Initialize()
        End Sub

        Public Property Get Value
             'Use Join function to create final string
             Value = Join(m_arrString,"")
        End Property

        Public Property Get Delim(ByVal delimeter)
             'Use Join function to create final string
             Redim Preserve m_arrString(Limit)
             Delim = Join(m_arrString,delimeter)
        End Property

        Public Property Get Element(ByVal n j)
             'Use Join function to create final string
             Element = m_arrString(nj)
        End Property

        Public Property Get Limit
             'Use Join function to create final string
             Limit = m_intCounter - 1
        End Property

        Public Sub Add(byval strValue)
            Dim intArrLen
            'Add value to string array
            intArrLen = Ubound(m_arrString)
            If m_intCounter >intArrLen Then _
                Redim Preserve m_arrString(intArrLen + m_intLength)
                m_arrString(m_intCounter) = Cstr(strValue)
                'Increment position counter
                m_intCounter = m_intCounter + 1position counter
                m_intCounter = m_intCounter + 1
        End Sub

        Public Sub RemoveLast(byval intLastIndex)
            'Remove the last intLastIndex elements from string array
            Redim Preserve m_arrString(Limit - intLastIndex)
        End Sub
    End Class

    'Start Public Functions
    'This function is basically an ASP version of the ASP.Net - Request.Url.GetLeftPart(UriPartial.Path)
    Public Function GetRequestUrl()
        Dim Port
        Dim Local_Addr
        Dim Path_Info  Info
        Dim Server_Name
        Dim Protocol
       
        Protocol = Request.ServerVariables("SERVER_PORT_SECURE")
        Server_Name = Request.ServerVariables("SERVER_NAME")
        Port = Request.ServerVariables("SERVER_PORT")
        Path_Info = Request.ServerVariables("PATH_INFO")
           
        If Port = 80 ORPort = 443 Then
                    Port = ""
        Else
                    Port = ":" & Port
        End If

        Local_Addr = Request.ServerVariables("LOCAL_ADDR")
           
        If Protocol = ""OR Protocol = "0"Then
                    If Local_Addr = "127.0.0.1"Then
                            Protocol = "http://"
                    Else
                            Protocol = "https://"
                    End If
        Else
                    Protocol = "https://"
        End If
       
        GetRequestUrl = Protocol & Server_Name & Port & Path_Info
    End Function
    ' End Public Functions:

    Panel
    borderStyle
    borderColor#cccccc
    bgColor#ffffff
    titleBGColor#eeeeee
    borderStyledashed
    titleCAS Authenticatordashed

    '***************************************************************************
    ' CAS_Authenticator : A Class wrapper that encapsulates authentication via CAS
    '***************************************************************************
    Class CAS_Authenticator
        '*********************************************************
        'Private Global variables
        '*********************************************************
        Private m_ErrorText
        Private m_CASURL
        Private m_netID
        Private objXML
        Private srvXmlHttp
        Private proxyArgHash
       
        Private m_pgtUrl
        Private m_pgtId
        Private m_Proxies
        Private queryCollection    queryCollection
       
        Private Sub Class_Initialize()
                    Set proxyArgHash = Server.CreateObject("Scripting.Dictionary")

            Set objXML = Server.CreateObject("Microsoft.XMLDOM")
           
            'set async for XML Dom
            objXML.async = False      
           
            Set srvXmlHttp = Server.CreateObject("Msxml2.ServerXMLHTTP")
            Set queryCollection = Server.CreateObject("Scripting.Dictionary")
        End Sub

        Private Sub Class_Terminate()
            Set objXML = Nothing
            Set srvXMLHttp = Nothing
            Set proxyArgHash = Nothing
            Set queryCollection = Nothing
        End Sub
       
        Public Sub AddProxyArgument(ByVal name, ByVal value)
                    If Not proxyArgHash.Exists(name) Then
                proxyArgHash            proxyArgHash.Add name,value
                    End If
        End Sub  
       
        Public Property Get ProxyGrantingTicketIOU
            ProxyGrantingTicketIOU        ProxyGrantingTicketIOU = Application("pgtIou")
        End Property

        Public Property Get Proxies
                    Proxies = m_Proxies
        End Property  
       
        Public Property Get netID
                    netID = m_netID
        End Property

        Public Property Get LastError
                    LastError = m_ErrorText
        End Property        
       
        Public Property Let CASpgtUrl(ByVal vNewValue)
                    m_pgtUrl = vNewValue
        End Property

        Public Property Let CASURL(ByValvNewValue)
            m_CASURL = vNewValue
        End Property  
       
        Public Sub LogOut(ByVal url)
                    Session.Abandon()
                    Response.Redirect m_CASURL & "/logout?url=" & url
        End Sub        
       
        Public Function MakeWebRequest(ByVal requestUrl, ByVal httpMethod)
                    On Error Resume Next
                    Err.Clear                  
            Clear
           
            Select Case httpMethod
                            Case "GET"
                                    'request method is a GET
                   
                    'Check the proxy arguments
                                    If proxyArgHash.Count > 0 Then
                        requestUrl                    requestUrl = requestUrl & "?"& CollectionToQueryString(proxyArgHash)
                                    End If
                   
                   
                    srvXmlHttp.open "GET", requestUrl, false
                                    srvXmlHttp.send()                   
               
           
                Case "POST"
                                    'request method is a POST
                                    srvXmlHttp.open "POST", requestUrl, false
                                    srvXmlHttp.setRequestHeader "Content-Type","application/x-www-form-urlencoded"
                   
                    'Check the proxy arguments
                                If proxyArgHash.Count > 0 Then
                        srvXmlHttp                    srvXmlHttp.send CollectionToQueryString(proxyArgHash)
                                    Else
                        srvXmlHttp                    srvXmlHttp.send()
                   
                    End If                 
               
           
                Case Else
                                    'Return error
                                    m_ErrorText = "Expecting either 'GET' OR 'POST' http method!"
                                    MakeWebRequest = Empty
                                    Exit Function                 
           
                    End Select
           
            If Err <> 0 Then
                            m_ErrorText = Err.Description
                            MakeWebRequest = Empty
                            Exit Function
                    End If      
           
                    If srvXmlHttp.Status <> 200 Then
                           m_ErrorText = srvXmlHttp.Status & " - " & srvXmlHttp.StatusText
                           MakeWebRequest = Empty
                           Exit Function
                    End If      
           
            MakeWebRequest = srvXmlHttp.responseText
        End Function        
       
        Private Function CollectionToQueryString(ByVal srcCollection)
                    Dim srcKey
                    Dim strCollItems
                    Set strCollItems = New clsString
                    For Each srcKey in srcCollection.Keys
                strCollItems            strCollItems.Add srcKey & "="& srcCollection.Item(srcKey)
                    Next                 
           
                    CollectionToQueryString = Mid(strCollItems.Delim("&"), 2)
                    Set strCollItems = Nothing
        End Function

        Private Function CASRequest(ByVal validateurl)
                    Dim proxyNodeText
                    Dim objCASResponse
                    Dim objCASAuthenticationNode
                    Dim objCASUser
                    Dim objCASProxies
                    Dim objCASpgt
                    Dim objCASProxy
                    Dim objCASproxyTicket
                    Dim objProxyList
                    Dim htmlResponse
                    Dim i j
           
            validateUrl = validateUrl & "?" & CollectionToQueryString(queryCollection)       
           
            htmlResponse = MakeWebRequest(validateUrl, "GET")                  
           
                    If IsEmpty(htmlResponse) Then
                            CASRequest = False
                            Exit Function
                    End If      
           
                    If objXML.LoadXml(htmlResponse) Then
               
                'Get reference to cas:serviceResponse XML Node
                            Set objCASResponse = objXML.getElementsByTagName("cas:serviceResponse")
                            If objCASResponse.length = 0 then
                                    m_ErrorText = "cas:serviceResponse XML Node is Empty!"
                                    CASRequest = False
                                    Exit Function
                            End If                                    
                            
                Set objCASAuthenticationNode = objCASResponse.item(0).firstChild
                            Select Case objCASAuthenticationNode.nodeName
                                    Case "cas:authenticationSuccess"
                                            'Get CAS user nodeText
                                            Set objCASUser = objCASAuthenticationNode.getElementsByTagName("cas:user")
                                            If objCASUser.length = 0 then
                                                    m_ErrorText = "cas:user element NOT present in source CAS XML!"
                                                    CASRequest = False
                                                    Exit Function
                                            End If                                                        
                       
                           
                        m_netID = objCASUser.item(0).nodeTypedValue
                       
                        'Get CAS proxies nodeText
                                            Set objCASProxy = objCASAuthenticationNode.getElementsByTagName("cas:proxies")
                                            If objCASProxy.length > 0 then
                                                    Set objProxyList = New clsString
                                                    Set objCASProxies = objCASProxy.item(0).childNodes                                                         
                            For i childNodes
                           
                            For j = 0 To objCASProxies.length - 1
                                objProxyList                            objProxyList.Add(objCASProxies.item(ij).nodeTypedValue)
                            Next                                                        
                                                    Next
                           
                            m_Proxies = objProxyList.Delim(vbcrlf)
                                                    Set objProxyList = Nothing
                                            End If
                       
                        'Get CAS proxyGT nodeText
                                            Set objCASpgt = objCASAuthenticationNode.getElementsByTagName("cas:proxyGrantingTicket")
                                            If objCASpgt.length > 0 Then
                            Application                        Application.Lock
                            Application                        Application("pgtIou") = objCASpgt.item(0).nodeTypedValue
                            Application                        Application.UnLock
                                            End If
                   
                    Case "cas:authenticationFailure"
                                            m_ErrorText = objCASAuthenticationNode.nodeTypedValue
                                            CASRequest = False
                                            Exit Function
                   
                    Case "cas:proxySuccess"
                                            'Sample success returned from CAS
                                            '<cas:proxySuccess xmlns:cas="http://www.yale.edu/tp/cas">
                                            '  <cas:proxyTicket>
                                            '      ST-1625-6YBqesAL6ywgfCwOPQYcK72G6ikQIHc6lab-aws-p1
                                            '  </cas:proxyTicket>
                                            '</cas:proxySuccess>                                        
                       
                       
                        Set objCASproxyTicket = objCASAuthenticationNode.getElementsByTagName("cas:proxyTicket")
                                            If objCASproxyTicket.length > 0 Then
                            m                        m_pgtId = objCASproxyTicket.item(0).nodeTypedValue
                                            End If
                   
                    Case "cas:proxyFailure"
                                            'Sample error returned from CAS
                                            '<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
                                            '   <cas:proxyFailure code="INVALID_TICKET">
                                            '       ticket 'TGT-3053-jqon6B5AIUQ4A6Pb2RlgykerJ99PhUrF0ON-aws-p1' not recognized
                                            '  </cas:proxyFailure>
                                            '</cas:serviceResponse>
                        serviceResponse>

                        m_ErrorText = objCASAuthenticationNode.nodeTypedValue
                                            CASRequest = False
                                            Exit Function                            
               
                                       
                    Case Else
                                            m_ErrorText = "Undefined CAS error!"
                                            CASRequest = False
                                            Exit Function
               
                End Select
                    Else
                            m_ErrorText = "XML Failed to load<XMP>" & htmlResponse & "</XMP>"
                            CASRequest = False
                            Exit Function
                    End If
           
            'CAS is Authenticated
                    CASRequest = True
        End Function        
       
        Public Function ServiceValidate(ByVal serviceUrl)
                    Dim tkt
            Dim URLToValidate                  
                    Dim URLToValidate
           
            tkt = Request.QueryString.Item("ticket")
                    URLToValidate = m_CASURL & "/serviceValidate"
           
            If IsEmpty(tkt) Then
                            'if no ticket in URL then send user to CAS to get one
                'send the user back to CAS
                'set-up to avoid endless loop to CAS
                   
                Response.Redirect ( m_CASURL & "/login?service="& serviceUrl
                Application.Lock
                Application("ReturnUrl") = Request.QueryString.Item("ReturnUrl")
               
                Application.UnLock
                ServiceValidate = True
                            Exit Function
                    End If                                                           
           
            ' Second time (back from CAS) there is a ticket= to validate
                    queryCollection.RemoveAll
                    queryCollection.Add"ticket", tkt
                    queryCollection.Add "service", serviceUrl
           
            If NOT IsEmpty(m_pgtUrl) Then
                queryCollection            queryCollection.Add "pgtUrl", m_pgtUrl
                    End If
           
            If NOT CASRequest(URLToValidate) Then
                            ServiceValidate = False
                            Exit Function
                    End If
           
            ' If there was a problem, leave the message on the screen. Otherwise, return to original page.
                    If IsEmpty(m_netID) Then
                            m_ErrorText = "CAS returned to this application, but then refused to validate your identity."
                            ServiceValidate = False
                            Exit Function
                    End If                 
           
                    ServiceValidate = True
        End Function        
       
        Public Function RequestProxyTicket(ByVal pgtId, ByVal proxyAppUrl)
                    Dim validateurl
           
            validateurl = m_CASURL & "/proxy"
           
           
            queryCollection.RemoveAll
                    queryCollection.Add "targetService", proxyAppUrl
                    queryCollection.Add "pgt", pgtId                  
            pgtId
           
            If Not CASRequest(validateurl) Then
                            RequestProxyTicket = Empty
                            Exit Function
                    End If
           
            RequestProxyTicket = m_pgtId
        End Function  
       
        Public Sub Function ValidateProxy(ByVal proxyTicket)
            Dim validateurl
            ' Validate proxy ticket
                    validateurl = m_CASURL & "/proxyValidate"            
           
            queryCollection.RemoveAll
            queryCollection.Add "ticket", proxyTicket
            queryCollection.Add "service", GetRequestUrl()

            If Not CASRequest(validateurl) Then
                Exit Sub
           
                ValidateProxy = False
                Exit Function
            EndIf

            ' If there was a problem, leave the message on the screen. Otherwise, return to original page.
            If IsEmpty(m_netID) Then
                            m_ErrorText = "CAS returned to this application, but then refused to validate your identity."
                Exit Sub
                ValidateProxy = False
                Exit Function
            End If
            ValidateProxy = True
        End Sub   Function
       
    End Class