Hi John, Thanks - that actually helped. Not on its own though. I had, at the site-level, disabled the anonymous authentication. I changed that to enabled and added the following to web.config in the <system.web> section:
<authorization><deny users="?"/> </authorization> I restarted the server and now it works. I am still testing but at least this is progress! I'm not getting the attributes in my printing of header variables though - any ideas why this would be? Once again, I'm unfamiliar with C#/.NET - I come from the world of Java, so my apologies. Maybe I'm missing something, but shouldn't my user attributes be returned in the header upon accessing this page? Here is my .aspx page code: <%@ Page Language="C#" %> <html> <head> <title>CAS Echo Page</title> </head> <body> You are logged in using CAS! <hr /> <table> <% foreach( string key in Request.Headers ) { %> <tr> <td> <%= key %> </td> <td> <%= Request.Headers[ key ] %> </td> </tr> <% } %> </table> <hr /> </body> </html> But it only prints out the following: You are logged in using CAS! Connection keep-alive Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Encoding gzip,deflate,sdch Accept-Language en-US,en;q=0.8 Cookie CAS=8D59393D82EA4F4933FD12E20D588D64D8E78B192ED2B5C41A55DE6F87F5013CA3EFE06405CD7DE3C856DDC36EBCD25CB8DE015EC0411C31AE0D1A4BD0C8F58DD714A230E86D00394F8E4B9A155437C99C58842DC6BE43CACA8A81D896D15B9C25D290F9FF4531C130615626B7D964F272CBCF4586287D163803A5CCF6F3668421B73D751D87763A0B010ED4F39FCC93299F1D4DAACDEF34CBB593F59A39D82E3B7BEA59D200253692D8231E533B8E6789B609A9777150140C338F6AF258FC92F670C627CD5F4CC7958F3E6CBA392BB89935D1C5DBF4DAA801956A061FB5798E2AA3233C Host 142.103.95.30 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36 From: John Gasper [jgas...@unicon.net] Sent: August-12-14 10:30 AM To: cas-user@lists.jasig.org Subject: Re: [cas-user] IIS and .NET CAS Client module - how to register/install the module? No, that simply states how to authenticate a user. You'll need something like: <authorization> <deny users="?"/> </authorization> Here's a pretty good tutorial on how to set this and other cases up, http://weblogs.asp.net/gurusarkar/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config. John On 8/12/14, 9:39 AM, Haer, Neelam wrote: Hi John Thanks for your reply: I have the following - is this not sufficient to invoke the forms authentication? <system.web> <!-- Other system.web elements here --> <httpModules> <add name="DotNetCasClient" type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" /> <!-- Other modules here --> </httpModules> <authentication mode="Forms"> <forms loginUrl="https://cas.stg.id.xxx/xxx-cas/login"<https://cas.stg.id.xxx/xxx-cas/login> timeout="30" defaultUrl="~/default.aspx" cookieless="UseCookies" slidingExpiration="true" path="/cas/" /> </authentication> <!-- Other system.web elements here --> </system.web> My apologies if this is a newbie question - I'm not familiar with IIS - I am an enterprise java developer. Thanks ________________________________ From: John Gasper [jgas...@unicon.net<mailto:jgas...@unicon.net>] Sent: August-12-14 8:27 AM To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> Subject: Re: [cas-user] IIS and .NET CAS Client module - how to register/install the module? Hi, Maybe I'm missing it, but I don't see anything in your web.config that requires the user to be authenticated to access the app's resources. Take a look at http://msdn.microsoft.com/en-us/library/vstudio/wce3kxhd(v=vs.100).aspx<http://msdn.microsoft.com/en-us/library/vstudio/wce3kxhd%28v=vs.100%29.aspx>. You want to make sure you've got something that denies access to the anonymous (?) user. John On 8/11/14, 4:29 PM, Haer, Neelam wrote: Hi All, I was able to fix my original problem (Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately. ) The problem was solved by moving the bin folder to the 'cas' application directory. But now, I have a different problem. CAS is not kicking in, ie, the module is not forcing authentication. Does anyone have any ideas about this? (see my web.config below). Thanks, From: Haer, Neelam [nklh...@mail.ubc.ca<mailto:nklh...@mail.ubc.ca>] Sent: August-11-14 4:00 PM To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> Subject: [cas-user] IIS and .NET CAS Client module - how to register/install the module? Hi All, I'm having an issue with the .NET CAS Client module, and hoping that someone here knows what they're doing when it comes to registering the module in IIS 7.7/Windows Server 2008. I downloaded and unzipped the .NET CAS Client Module, and have a site setup on IIS 7.4 named 'cas', using HTTPS 'cas' is setup as an 'application' in IIS. As per the installation/setup instructions here (https://wiki.jasig.org/display/casc/.net+cas+client): 1. I created a web.config file and placed it in the cas application root folder. 2. I copied the context of the unzipped dotnet-client-1.0.2-bin\Release to c:\inetpub\wwwroot\bin 3. The contents of the web.config file are at the end of this email. 4. I tried to access a page in the my 'cas' application and I get the following error: Server Error in '/cas' Application. Configuration Error Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately. Parser Error Message: Could not load file or assembly 'DotNetCasClient' or one of its dependencies. The system cannot find the file specified. (C:\inetpub\wwwroot\cas\web.config line 14) Source Error: Line 12: <!-- Other system.web elements here --> Line 13: <httpModules> Line 14: <add name="DotNetCasClient" type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" /> Line 15: <!-- Other modules here --> Line 16: </httpModules> Source File: C:\inetpub\wwwroot\cas\web.config Line: 14 -- Does anyone know how the module needs to be "registered" properly in IIS? I thought just copying it to the bin folder as described in step #2 would be enough? Please advise!!! Thanks. WEB.CONFIG CONTENTS <?xml version="1.0" encoding="UTF-8"?> <configuration> <configSections> <section name="casClientConfig" type="DotNetCasClient.Configuration.CasClientConfiguration, DotNetCasClient" /> <!-- Other custom sections here --> </configSections> <casClientConfig casServerLoginUrl="https://cas.stg.id.xxx/xxx-cas/login"<https://cas.stg.id.xxx/xxx-cas/login> casServerUrlPrefix="https://xxx"<https://xxx> serverName="https://xxx"<https://xxx> redirectAfterValidation="true" renew="false" singleSignOut="true" ticketValidatorName="Saml11" serviceTicketManager="CacheServiceTicketManager" /> <system.web> <!-- Other system.web elements here --> <httpModules> <add name="DotNetCasClient" type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" /> <!-- Other modules here --> </httpModules> <authentication mode="Forms"> <forms loginUrl="https://cas.stg.id.xxx/xxx-cas/login"<https://cas.stg.id.xxx/xxx-cas/login> timeout="30" defaultUrl="~/default.aspx" cookieless="UseCookies" slidingExpiration="true" path="/cas/" /> </authentication> <!-- Other system.web elements here --> </system.web> <system.webServer> <!-- Disabled Integrated Mode configuration validation. This will allow a single deployment to run on IIS 5/6 and 7+ without errors --> <validation validateIntegratedModeConfiguration="false" /> <modules> <!-- Remove and Add the CasAuthenticationModule into the IIS7+ Integrated Pipeline. This has no effect on IIS5/6. --> <remove name="DotNetCasClient" /> <add name="DotNetCasClient" type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" /> <!-- Other modules here --> </modules> <defaultDocument> <files> <clear /> <add value="index.html" /> <add value="default.aspx" /> <add value="Default.htm" /> <add value="Default.asp" /> <add value="index.htm" /> <add value="iisstart.htm" /> </files> </defaultDocument> <handlers> <remove name="AboMapperCustom-346496207" /> </handlers> </system.webServer> <system.diagnostics> <trace autoflush="true" useGlobalLock="false" /> <sharedListeners> <!-- Writing trace output to a log file is recommended. IMPORTANT: The user account under which the containing application pool runs must have privileges to create and modify the trace log file. --> <add name="TraceFile" type="System.Diagnostics.TextWriterTraceListener" initializeData="C:\inetpub\logs\LogFiles\DotNetCasClient.Log" traceOutputOptions="DateTime" /> </sharedListeners> <sources> <!-- Provides diagnostic information on module configuration parameters. --> <source name="DotNetCasClient.Config" switchName="Config" switchType="System.Diagnostics.SourceSwitch"> <listeners> <add name="TraceFile" /> </listeners> </source> <!-- Traces IHttpModule lifecycle events and meaningful operations performed therein. --> <source name="DotNetCasClient.HttpModule" switchName="HttpModule" switchType="System.Diagnostics.SourceSwitch"> <listeners> <add name="TraceFile" /> </listeners> </source> <!-- Provides protocol message and routing information. --> <source name="DotNetCasClient.Protocol" switchName="Protocol" switchType="System.Diagnostics.SourceSwitch"> <listeners> <add name="TraceFile" /> </listeners> </source> <!-- Provides details on security operations and notable security conditions. --> <source name="DotNetCasClient.Security" switchName="Security" switchType="System.Diagnostics.SourceSwitch"> <listeners> <add name="TraceFile" /> </listeners> </source> </sources> <switches> <!-- Set trace switches to appropriate logging level. Recommended values in order of increasing verbosity: - Off - Error - Warning - Information - Verbose --> <!-- Config category displays detailed information about CasAuthenticationModule configuration. The output of this category is only displayed when the module is initialized, which happens for the first request following application/server startup. --> <add name="Config" value="Information" /> <!-- Set this category to Verbose to trace HttpModule lifecycle events in CasAuthenticationModule. This category produces voluminous output in Verbose mode and should be avoided except for limited periods of time troubleshooting vexing integration problems. --> <add name="HttpModule" value="Information" /> <!-- Set to Verbose to display protocol messages between the client and server. This category is very helpful for troubleshooting integration problems. --> <add name="Protocol" value="Verbose" /> <!-- Displays important security-related information. --> <add name="Security" value="Information" /> </switches> </system.diagnostics> </configuration> -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: nklh...@mail.ubc.ca<mailto:nklh...@mail.ubc.ca> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: nklh...@mail.ubc.ca<mailto:nklh...@mail.ubc.ca> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: jgas...@unicon.net<mailto:jgas...@unicon.net> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- John Gasper IAM Consultant Unicon, Inc. PGP/GPG Key: 0xbafee3ef -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: nklh...@mail.ubc.ca<mailto:nklh...@mail.ubc.ca> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: jgas...@unicon.net<mailto:jgas...@unicon.net> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- John Gasper IAM Consultant Unicon, Inc. PGP/GPG Key: 0xbafee3ef -- You are currently subscribed to cas-user@lists.jasig.org as: nklh...@mail.ubc.ca To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user