On Mon, Mar 30, 2009 at 1:08 PM, Marvin Addison <[email protected]> wrote: > I'm concerned about the integration with .NET forms authentication. > It looks like it would buy us a hook into a standardized > authentication and authorization framework at the expense of a good > deal more complication. Perhaps it's worth the trade off; what > arguments in favor of integrating with forms can you make?
Perhaps it's not :) I started to have the same thoughts as I was porting the mono module over to CAS support. The initial motivating factor was not to have to handle the "session" cookie maintenance, and take advantage of unknown .net forms authN magic. I'm all for making this a simple as possible and your example is definitely simpler. Is there any loss of .net integration going this route? Could I still take an app that is current using Forms authN and switch to CAS with a simple web.conf switch? I'd liked CAS to be transparent for apps that don't care about proxy. > My real > concern is that reliance on forms authentication would complicate or > preclude some use cases with IIS 7 integration, like protecting static > resources or non-.NET applications like Sharepoint. Can you comment > on that? I'm still coming up to speed on .Net, but I believe all the same modules are available in IIS 7. > > The only substantial semantic difference from the Java client is the > explicit management of authenticated state since an HTTP session may > not be available in all cases. > Right. Any thoughts on where to stash the ICasPrincipal between requests? Bill -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
