Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

Code Block
// Local specific CAS host
private const string CASHOST = "https://secure.its.yale.edu/cas/";

// After the page has been loaded, this routine is called.
protected void Page_Load(object sender, EventArgs e)
{
  // Look for the "ticket=" after the "?" in the URL
  string tkt = Request.QueryString[CAS:"ticket"];

  // This page is the CAS service=, but discard any query string residue
  string service = Request.Url.GetLeftPart(UriPartial.Path);

  // First time through there is no ticket=, so redirect to CAS login
  if (tkt == null || tkt.Length == 0)
  {
    string redir = CASHOST + "login?" +
      "service=" + service;
    Response.Redirect(redir);
    return;
  }

  // Second time (back from CAS) there is a ticket= to validate
  string validateurl = CASHOST + "serviceValidate?" +
    "ticket=" + tkt + "&"+
    "service=" + service;
  StreamReader Reader = new StreamReader( new WebClient().OpenRead(validateurl));
  string resp = Reader.ReadToEnd();
  // I like to have the text in memory for debugging rather than parsing the stream

  // Some boilerplate to set up the parse.
  NameTable nt = new NameTable();
  XmlNamespaceManager nsmgr = new XmlNamespaceManager(nt);
  XmlParserContext context = new XmlParserContext(null, nsmgr, null, XmlSpace.None);
  XmlTextReader reader = new XmlTextReader(resp, XmlNodeType.Element, context);

  string netid = null;

  // A very dumb use of XML. Just scan for the "user". If it isn't there, its an error.
  while (reader.Read())
  {
    if (reader.IsStartElement()) {
      string tag = reader.LocalName;
      if (tag=="user")
        netid = reader.ReadString();
    }
  }
  // if you want to parse the proxy chain, just add the logic above
  reader.Close();
  // If there was a problem, leave the message on the screen. Otherwise, return to original page.
  if (netid == null)
  {
    Label1.Text = "CAS returned to this application, but then refused to validate your identity.";
  }
  else
  {
    Label1.Text = "Welcome " + netid;
    FormsAuthentication.RedirectFromLoginPage(netid, false); // set netid in ASP.NET blocks
  }
}

Now in any page in the application, the netid is accessible as Context.User.Identity.Name.

For an alternative code sample that also implements a Role Provider see ASP.NET Forms Authentication with Role Provider.

Another alternative code sample based on this tutorial that supports Single Sign Out with sample app is available here.