Versions Compared

Old Version 7

changes.mady.by.user Jean Marie THIA

Saved on

compared with

New Version Current

changes.mady.by.user Jean Marie THIA

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Cas.net is an http module that allows any asp.net application to authenticate to a CAS server. We use this module as an authentication provider for  Windows Sharepoint Services. I think that it should work for MOSS 2007 and OWA too.

The authentication mecanism is transparent to the application witch in return have a standard .NET user object. So in the application the user login is available with User.Identity.Name property.

In this version, the call to the CAS server is done only on the first call. After Afterwards, authentication is based on .NET standand authentication cookie.So in the application the user login is available with User.Identity.Name propertymecanism.

Installation

The module is a dll that can be download here https://sourcesup.cru.fr/projects/cas.netcas4net and the installation is quite simple

...

Just drop casModule.dll in the BIN folder of the root directory of the application and add the following to the web.config file in the root directory

No Format
  <appSettings>
    <add key="loginUrl" value="https://cas.server/login" />
    <add key="validateUrl" value="https://cas.server/serviceValidate" />
    <add key="logoutUrl" value="https://cas.server/logout" />
  </appSettings>

...

an httpModules tag to declare the module.It is not even necessary

to declare an authentication tag in the config file. Last, you have to disable any default authentication in asp.net by turning the authentication mode to None in the <system.web> section

Code Block

<authentication mode="None">
    </authentication>
    <authorization>
        <allow users="*"/>
    </authorization>

As every request is intercepted by the module, only authenticated user gains access to the application. Of course you also have to deal with authorization, here every authenticated user is allowed to process the application.

For IIS 7, the configuration file is slightly different for the module part, so to better use the new IIS manager UI to have the job done. Add the module with the module config, the application setting with the application settings, disable all authentication module except anonymous.   

Windows Sharepoint Services 3

...

No Format
  <system.web>
    ...
    <httpModules>
      <clear />
      <add name="SPRequest" type="Microsoft.SharePoint.ApplicationRuntime.SPRequestModule,
          Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
      <add name="OutputCache" type="System.Web.Caching.OutputCacheModule" />
      *<add name="CasModule" type="Upmc.CasModule.CasModule, CasModule" />*
      <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />
      <add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
      <add name="WindowsAuthentication" type="System.Web.Security.WindowsAuthenticationModule" />
      <add name="RoleManager" type="System.Web.Security.RoleManagerModule" />
      <!-- <add name="Session" type="System.Web.SessionState.SessionStateModule"/> -->
    </httpModules>
    ...
  </system.web>

...

In the security file add the folliwing in the first CodeGroup tag

No Format
  <CodeGroup
     class="UnionCodeGroup"
    version="1"
    PermissionSetName="FullTrust">
    <IMembershipCondition 
      class="UrlMembershipCondition"
      version="1"
      Url="$AppDirUrl$/bin/casModule.dll"
    />
  </CodeGroup>

...

I am also planning to rapidly test this module in an IIS 7 autentication pipe line. I have no idea yet on how to handle the user id the application.

And of course other your demandfeedback.

et pour les français vous pouvez lire mon article sur techHeadBrothers.com

Jean Marie