No, that simply states how to authenticate a user. You'll need something like:
<authorization> <deny users="?"/> </authorization> Here's a pretty good tutorial on how to set this and other cases up, http://weblogs.asp.net/gurusarkar/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config. John On 8/12/14, 9:39 AM, Haer, Neelam wrote: > Hi John > > Thanks for your reply: > > I have the following - is this not sufficient to invoke the forms > authentication? > > <system.web> > <!-- Other system.web elements here --> > <httpModules> > <add name="DotNetCasClient" > type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" /> > <!-- Other modules here --> > </httpModules> > *<authentication mode="Forms">* > * <forms loginUrl="https://cas.stg.id.xxx/xxx-cas/login"; > <https://cas.stg.id.xxx/xxx-cas/login> timeout="30" > defaultUrl="~/default.aspx" cookieless="UseCookies" > slidingExpiration="true" path="/cas/" />* > * </authentication>* > <!-- Other system.web elements here --> > </system.web> > > My apologies if this is a newbie question - I'm not familiar with IIS > - I am an enterprise java developer. > > > Thanks > > ------------------------------------------------------------------------ > *From:* John Gasper [jgas...@unicon.net] > *Sent:* August-12-14 8:27 AM > *To:* cas-user@lists.jasig.org > *Subject:* Re: [cas-user] IIS and .NET CAS Client module - how to > register/install the module? > > Hi, > > Maybe I'm missing it, but I don't see anything in your web.config that > requires the user to be authenticated to access the app's resources. > Take a look at > http://msdn.microsoft.com/en-us/library/vstudio/wce3kxhd(v=vs.100).aspx. > You want to make sure you've got something that denies access to the > anonymous (?) user. > > John > > > On 8/11/14, 4:29 PM, Haer, Neelam wrote: >> Hi All, >> >> I was able to fix my original problem (*Description: An error >> occurred during the processing of a configuration file required to >> service this request. Please review the specific error details below >> and modify your configuration file appropriately. *) >> >> The problem was solved by moving the bin folder to the 'cas' >> application directory. But now, I have a different problem. CAS is >> not kicking in, ie, the module is not forcing authentication. Does >> anyone have any ideas about this? (see my web.config below). >> >> Thanks, >> >> *From:*Haer, Neelam [nklh...@mail.ubc.ca] >> >> *Sent:* August-11-14 4:00 PM >> *To:* cas-user@lists.jasig.org >> *Subject:* [cas-user] IIS and .NET CAS Client module - how to >> register/install the module? >> >> Hi All, >> >> I'm having an issue with the .NET CAS Client module, and hoping that >> someone here knows what they're doing when it comes to registering >> the module in *IIS 7.7/Windows Server 2008*. >> >> >> I downloaded and unzipped the .NET CAS Client Module, and have a site >> setup on IIS 7.4 named 'cas', using HTTPS >> >> >> 'cas' is setup as an 'application' in IIS. >> >> >> As per the installation/setup instructions here >> (https://wiki.jasig.org/display/casc/.net+cas+client): >> >> >> 1. I created a web.config file and placed it in the *cas >> *application root folder. >> >> 2. I copied the context of the unzipped >> dotnet-client-1.0.2-bin\Release to c:\inetpub\wwwroot\bin >> >> 3. The contents of the web.config file are at the end of this email. >> >> 4. I tried to access a page in the my 'cas' application and I get >> the following error: >> >> >> *Server Error in '/cas' Application.* >> >> * >> * >> >> *Configuration Error* >> >> * >> * >> >> *Description: An error occurred during the processing of a >> configuration file required to service this request. Please review >> the specific error details below and modify your configuration file >> appropriately. * >> >> * >> * >> >> *Parser Error Message: Could not load file or assembly >> 'DotNetCasClient' or one of its dependencies. The system cannot find >> the file specified. (C:\inetpub\wwwroot\cas\web.config line 14)* >> >> >> Source Error: >> >> >> >> Line 12: <!-- Other system.web elements here --> >> >> Line 13: <httpModules> >> >> Line 14: <add name="DotNetCasClient" >> type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" /> >> >> Line 15: <!-- Other modules here --> >> >> Line 16: </httpModules> >> >> >> Source File: C:\inetpub\wwwroot\cas\web.config Line: 14 >> >> >> >> >> -- Does anyone know how the module needs to be "registered" properly >> in IIS? I thought just copying it to the bin folder as described in >> step #2 would be enough? Please advise!!! Thanks. >> >> >> *WEB.CONFIG CONTENTS* >> >> >> <?xml version="1.0" encoding="UTF-8"?> >> >> <configuration> >> >> <configSections> >> >> <section name="casClientConfig" >> type="DotNetCasClient.Configuration.CasClientConfiguration, >> DotNetCasClient" /> >> >> <!-- Other custom sections here --> >> >> </configSections> >> >> >> <casClientConfig >> casServerLoginUrl="https://cas.stg.id.xxx/xxx-cas/login"; >> casServerUrlPrefix="https://xxx"; serverName="https://xxx"; >> redirectAfterValidation="true" renew="false" singleSignOut="true" >> ticketValidatorName="Saml11" >> serviceTicketManager="CacheServiceTicketManager" /> >> >> >> >> <system.web> >> >> <!-- Other system.web elements here --> >> >> <httpModules> >> >> <add name="DotNetCasClient" >> type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" /> >> >> <!-- Other modules here --> >> >> </httpModules> >> >> <authentication mode="Forms"> >> >> <forms loginUrl="https://cas.stg.id.xxx/xxx-cas/login"; >> timeout="30" defaultUrl="~/default.aspx" cookieless="UseCookies" >> slidingExpiration="true" path="/cas/" /> >> >> </authentication> >> >> <!-- Other system.web elements here --> >> >> </system.web> >> >> >> >> <system.webServer> >> >> <!-- >> >> Disabled Integrated Mode configuration validation. >> >> This will allow a single deployment to run on IIS 5/6 and 7+ >> >> without errors >> >> --> >> >> <validation validateIntegratedModeConfiguration="false" /> >> >> <modules> >> >> <!-- >> >> Remove and Add the CasAuthenticationModule into the IIS7+ >> >> Integrated Pipeline. This has no effect on IIS5/6. >> >> --> >> >> <remove name="DotNetCasClient" /> >> >> <add name="DotNetCasClient" >> type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" /> >> >> <!-- Other modules here --> >> >> </modules> >> >> <defaultDocument> >> >> <files> >> >> <clear /> >> >> <add value="index.html" /> >> >> <add value="default.aspx" /> >> >> <add value="Default.htm" /> >> >> <add value="Default.asp" /> >> >> <add value="index.htm" /> >> >> <add value="iisstart.htm" /> >> >> </files> >> >> </defaultDocument> >> >> <handlers> >> >> <remove name="AboMapperCustom-346496207" /> >> >> </handlers> >> >> </system.webServer> >> >> >> <system.diagnostics> >> >> <trace autoflush="true" useGlobalLock="false" /> >> >> <sharedListeners> >> >> <!-- >> >> Writing trace output to a log file is recommended. >> >> IMPORTANT: >> >> The user account under which the containing application pool runs >> >> must have privileges to create and modify the trace log file. >> >> --> >> >> <add name="TraceFile" >> type="System.Diagnostics.TextWriterTraceListener" >> initializeData="C:\inetpub\logs\LogFiles\DotNetCasClient.Log" >> traceOutputOptions="DateTime" /> >> >> </sharedListeners> >> >> <sources> >> >> <!-- Provides diagnostic information on module configuration >> parameters. --> >> >> <source name="DotNetCasClient.Config" switchName="Config" >> switchType="System.Diagnostics.SourceSwitch"> >> >> <listeners> >> >> <add name="TraceFile" /> >> >> </listeners> >> >> </source> >> >> <!-- Traces IHttpModule lifecycle events and meaningful >> operations performed therein. --> >> >> <source name="DotNetCasClient.HttpModule" switchName="HttpModule" >> switchType="System.Diagnostics.SourceSwitch"> >> >> <listeners> >> >> <add name="TraceFile" /> >> >> </listeners> >> >> </source> >> >> <!-- Provides protocol message and routing information. --> >> >> <source name="DotNetCasClient.Protocol" switchName="Protocol" >> switchType="System.Diagnostics.SourceSwitch"> >> >> <listeners> >> >> <add name="TraceFile" /> >> >> </listeners> >> >> </source> >> >> <!-- Provides details on security operations and notable security >> conditions. --> >> >> <source name="DotNetCasClient.Security" switchName="Security" >> switchType="System.Diagnostics.SourceSwitch"> >> >> <listeners> >> >> <add name="TraceFile" /> >> >> </listeners> >> >> </source> >> >> </sources> >> >> <switches> >> >> <!-- >> >> Set trace switches to appropriate logging level. Recommended >> values in order of increasing verbosity: >> >> - Off >> >> - Error >> >> - Warning >> >> - Information >> >> - Verbose >> >> --> >> >> <!-- >> >> Config category displays detailed information about >> CasAuthenticationModule configuration. >> >> The output of this category is only displayed when the module >> is initialized, which happens >> >> for the first request following application/server startup. >> >> --> >> >> <add name="Config" value="Information" /> >> >> <!-- >> >> Set this category to Verbose to trace HttpModule lifecycle >> events in CasAuthenticationModule. >> >> This category produces voluminous output in Verbose mode and >> should be avoided except for >> >> limited periods of time troubleshooting vexing integration >> problems. >> >> --> >> >> <add name="HttpModule" value="Information" /> >> >> <!-- >> >> Set to Verbose to display protocol messages between the client >> and server. >> >> This category is very helpful for troubleshooting integration >> problems. >> >> --> >> >> <add name="Protocol" value="Verbose" /> >> >> <!-- >> >> Displays important security-related information. >> >> --> >> >> <add name="Security" value="Information" /> >> >> </switches> >> >> </system.diagnostics> >> >> >> </configuration> >> >> >> >> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: >> nklh...@mail.ubc.ca >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: >> nklh...@mail.ubc.ca >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: >> jgas...@unicon.net >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > *John Gasper* > IAM Consultant > Unicon, Inc. > PGP/GPG Key: 0xbafee3ef > -- > You are currently subscribed to cas-user@lists.jasig.org as: > nklh...@mail.ubc.ca > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- > You are currently subscribed to cas-user@lists.jasig.org as: > jgas...@unicon.net > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- *John Gasper* IAM Consultant Unicon, Inc. PGP/GPG Key: 0xbafee3ef -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
