Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

The purpose of this tutorial is to outline the steps required to set up the ExampleWebsite ASP.NET web application

Intro

The purpose of this tutorial is to outline the steps required to set up the ExampleWebsite ASP.NET web application, located at https://source.jasig.org/cas-clients/dotnet-client/trunk/

System Environment

  1. Microsoft Visual Studio 2010 Professional Edition
  2. Windows 7 Professional with Internet Information Services 6 [Full Pack]
  3. AnkhSVN - Subversion Support for Visual Studio

Setup the CAS Server

Follow the instructions at this link to setup an instance of the CAS server. Additional software may be required.

Setup ExampleWebsite in Visual Studio

  • Launch Microsoft Visual Studio with admin privileges. You can do so by right clicking on Visual Studio and selecting Run as Administrator. This is required for you to publish application artifacts to the local instance of IIS.
  • From the File menu, select Open -> Subversion Project. Enter the following link into the address bar: https://source.jasig.org/cas-clients/dotnet-client/trunk/

Open the “DotNetCasClient.vs2010.sln” solution file. Visual Studio will download the artifacts to the project folder.

  • Right click on the ExampleWebsite app and selecting Select as Startup Project.
  • Right click on the DotNetCasClient app and select Build.
  • Add a Web.config file to the ExampleWebsite. Copy the contents of web.config.sample file into Web.config and modify the following sections:
Web.config
<casClientConfig
  casServerLoginUrl="https://<your-full-machine-name>:8443/cas/login"
  casServerUrlPrefix="https://<your-full-machine-name>:8443/cas/"
  serverName="https://<your-full-machine-name>"
  notAuthorizedUrl="~/NotAuthorized.aspx"
  cookiesRequiredUrl="~/CookiesRequired.aspx"
  redirectAfterValidation="true"
  gateway="false"
  renew="false"
  singleSignOut="true"
  ticketTimeTolerance="5000"
  ticketValidatorName="Cas20"
  proxyTicketManager="CacheProxyTicketManager"
  serviceTicketManager="CacheServiceTicketManager"
  gatewayStatusCookieName="CasGatewayStatus" 
 />

<authentication mode="Forms">
  <forms
    loginUrl="https://<your-full-machine-name>:8443/cas/login"
    timeout="90"
    defaultUrl="~/Default.aspx"
    cookieless="UseCookies"
    slidingExpiration="true"
  />
</authentication>
  • Replace the <your-full-machine-name> with your full computer name.

Full Computer Name

You can retrieve the fully qualified machine name by pressing WinKey+Pause and noting the value for "Full computer name".
  • Right click on ExampleWebsite and select Publish Website. From the dialog, click the browse button and navigate to Local IIS group. Then, select Default Website.

Create IIS .NET SSL Certificate

  • Inside the IIS Manager, open the Server Certificates module.
  • From the Actions list on the right, select Create Self-Signed Certificate. Enter dotnet for the friendly name and click OK.

  • Right click on the dotnet certificate in the list and select Export. In the new dialog, specify the export path and for the password, enter “changeit” without the quotation marks.



  • Open Internet Explorer and bring up the Options Dialog. Then, navigate to the Content tab. Click on the Certificates and select the Trusted Root Certification Authorities.
  • Click on the Import button and walkthrough the wizard. Specify the file name to be the <path-export-file> above.  Finally, make sure the certificate is placed inside the Trusted Root Certification Authorities.

Import IIS .NET SSL Certificate to JVM

  • Select the imported certificate above and click on Export.
  • Select DER (*.cer file) as the export format, provide a file name (i.e client.cer) and export the certificate.

  • Type CMD into the Start Menu, right click on CMD in the list and select Run as Administrator.
  • Navigate to the directory where you exported the certificate CER file.
  • Issue the following command to import  the certificate to the Java keystore:
keytool -import -file client.cer -keystore "%JAVA_HOME%"\jre\lib\security\cacerts -alias dotnet

When prompted, enter “yes” to trust and import the certificate to the JVM keystore.

Import JVM SSL Certificate to IIS

  • Open Internet Explorer and bring up the Options Dialog. Then, navigate to the Content tab. Click on the Certificates and select the Trusted Root Certification Authorities.
  • Click on the Import button and walkthrough the wizard. Locate the server certificate that you created for the tomcat instance (i.e tomcat.crt). Finally, make sure the certificate is placed inside the Trusted Root Certification Authorities. 

Assign SSL Certificates to Trusted Root CA

  • Open the start menu and type MMC into the Run dialog. (You should have/allow admin access to in order to launch the Windows Management Console)
  • From the File menu, select Add/Remove Snap-in and select Certificates from the Available Snap-ins list.
  • Click the Add button and select My User Account. Finally, add the Snap in to the list.
  • Click the Add button again and select Computer Account. Choose the Local Computer option and add the Snap in to the list. Finally, click OK to close the dialog.

  • Expand the node Certificates – Current User,Trusted Root Certification Authorities and then Certificates.
  • Make sure both certificates exist in the list. Also, copy all certificates and put them in Certificates – Local Computer - Trusted Root Certification Authorities.  This is required for IIS to validate and authenticate requests.

Configure Server Credentials

You should configure the CAS server credentials so they match the ExampleWebsite accounts, which are defined in App_Data\UserRoles.xml.

  1. Locate the bean entry: $CATALINA_HOME/webapps/cas/WEB-INF/deployerConfigContext.xml

  2. Locate the bean entry: <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
  3. Replace it with the following:
CAS Server Credentials
<bean class="org.jasig.cas.adaptors.generic.AcceptUsersAuthenticationHandler">
  <property name="users">
    <map>
      <entry>
        <key><value>admin</value></key>
        <value>admin</value>
      </entry>
      <entry>
        <key><value>bob</value></key>
        <value>bob</value>
       </entry>
   </map>
  </property>
</bean>

Run

First, make sure you have the CAS server up and running and you can log into CAS using the above credentials.

For the web application, you can launch the project by pressing F5 in the Visual Studio Environment.  You should be redirected to: http://localhost:3273/ExampleWebSite/Default.aspx

Use the links on the left-hand side (i.e “Administrators Role Only”) to test the authentication mechanism. You should be redirected to CAS and after authenticating successfully, you should be returned to the website and section allowed for admins only.

  • No labels