The .NET CAS client doesn't release attributes via the header (like Shib
SP does). Check out
http://jasig.275507.n4.nabble.com/Is-there-a-NET-Client-equivalent-to-phpCAS-getAttributes-td4169188.html
On 8/12/14, 11:02 AM, Haer, Neelam wrote:
> Hi John,
>
> Thanks - that actually helped. Not on its own though. I had, at the
> site-level, disabled the anonymous authentication. I changed that to
> enabled and added the following to web.config in the <system.web> section:
>
> <authorization><deny users="?"/> </authorization>
>
> I restarted the server and now it works. I am still testing but at
> least this is progress!
>
> I'm not getting the attributes in my printing of header variables
> though - any ideas why this would be? Once again, I'm unfamiliar with
> C#/.NET - I come from the world of Java, so my apologies. Maybe I'm
> missing something, but shouldn't my user attributes be returned in the
> header upon accessing this page?
>
> Here is my .aspx page code:
>
> <%@ Page Language="C#" %>
>
> <html>
>
> <head>
>
> <title>CAS Echo Page</title>
>
> </head>
>
> <body>
>
> You are logged in using CAS!
>
> <hr />
>
> <table>
>
> <%
>
> foreach( string key in Request.Headers )
>
> {
>
> %>
>
> <tr>
>
> <td>
>
> <%= key %>
>
> </td>
>
> <td>
>
> <%= Request.Headers[ key ] %>
>
> </td>
>
> </tr>
>
> <%
>
> }
>
> %>
>
> </table>
>
> <hr />
>
> </body>
>
> </html>
>
>
> *But it only prints out the following:*
>
>
> You are logged in using CAS!
>
>
> Connection
>
> keep-alive
>
> Accept
>
> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
>
> Accept-Encoding
>
> gzip,deflate,sdch
>
> Accept-Language
>
> en-US,en;q=0.8
>
> Cookie
>
> CAS=8D59393D82EA4F4933FD12E20D588D64D8E78B192ED2B5C41A55DE6F87F5013CA3EFE06405CD7DE3C856DDC36EBCD25CB8DE015EC0411C31AE0D1A4BD0C8F58DD714A230E86D00394F8E4B9A155437C99C58842DC6BE43CACA8A81D896D15B9C25D290F9FF4531C130615626B7D964F272CBCF4586287D163803A5CCF6F3668421B73D751D87763A0B010ED4F39FCC93299F1D4DAACDEF34CBB593F59A39D82E3B7BEA59D200253692D8231E533B8E6789B609A9777150140C338F6AF258FC92F670C627CD5F4CC7958F3E6CBA392BB89935D1C5DBF4DAA801956A061FB5798E2AA3233C
>
> Host
>
> 142.103.95.30
>
> User-Agent
>
> Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36
> (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36
>
>
>
>
> *From:* John Gasper [jgas...@unicon.net]
> *Sent:* August-12-14 10:30 AM
> *To:* cas-user@lists.jasig.org
> *Subject:* Re: [cas-user] IIS and .NET CAS Client module - how to
> register/install the module?
>
> No, that simply states how to authenticate a user.
>
> You'll need something like:
> <authorization>
> <deny users="?"/>
> </authorization>
> Here's a pretty good tutorial on how to set this and other cases up,
> http://weblogs.asp.net/gurusarkar/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config.
>
> John
>
> On 8/12/14, 9:39 AM, Haer, Neelam wrote:
>> Hi John
>>
>> Thanks for your reply:
>>
>> I have the following - is this not sufficient to invoke the forms
>> authentication?
>>
>> <system.web>
>> <!-- Other system.web elements here -->
>> <httpModules>
>> <add name="DotNetCasClient"
>> type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" />
>> <!-- Other modules here -->
>> </httpModules>
>> *<authentication mode="Forms">*
>> * <forms loginUrl="https://cas.stg.id.xxx/xxx-cas/login";
>> <https://cas.stg.id.xxx/xxx-cas/login> timeout="30"
>> defaultUrl="~/default.aspx" cookieless="UseCookies"
>> slidingExpiration="true" path="/cas/" />*
>> * </authentication>*
>> <!-- Other system.web elements here -->
>> </system.web>
>>
>> My apologies if this is a newbie question - I'm not familiar with IIS
>> - I am an enterprise java developer.
>>
>>
>> Thanks
>>
>> ------------------------------------------------------------------------
>> *From:* John Gasper [jgas...@unicon.net]
>> *Sent:* August-12-14 8:27 AM
>> *To:* cas-user@lists.jasig.org
>> *Subject:* Re: [cas-user] IIS and .NET CAS Client module - how to
>> register/install the module?
>>
>> Hi,
>>
>> Maybe I'm missing it, but I don't see anything in your web.config
>> that requires the user to be authenticated to access the app's
>> resources. Take a look at
>> http://msdn.microsoft.com/en-us/library/vstudio/wce3kxhd(v=vs.100).aspx.
>> You want to make sure you've got something that denies access to the
>> anonymous (?) user.
>>
>> John
>>
>>
>> On 8/11/14, 4:29 PM, Haer, Neelam wrote:
>>> Hi All,
>>>
>>> I was able to fix my original problem (*Description: An error
>>> occurred during the processing of a configuration file required to
>>> service this request. Please review the specific error details below
>>> and modify your configuration file appropriately. *)
>>>
>>> The problem was solved by moving the bin folder to the 'cas'
>>> application directory. But now, I have a different problem. CAS is
>>> not kicking in, ie, the module is not forcing authentication. Does
>>> anyone have any ideas about this? (see my web.config below).
>>>
>>> Thanks,
>>>
>>> *From:*Haer, Neelam [nklh...@mail.ubc.ca]
>>>
>>> *Sent:* August-11-14 4:00 PM
>>> *To:* cas-user@lists.jasig.org
>>> *Subject:* [cas-user] IIS and .NET CAS Client module - how to
>>> register/install the module?
>>>
>>> Hi All,
>>>
>>> I'm having an issue with the .NET CAS Client module, and hoping that
>>> someone here knows what they're doing when it comes to registering
>>> the module in *IIS 7.7/Windows Server 2008*.
>>>
>>>
>>> I downloaded and unzipped the .NET CAS Client Module, and have a
>>> site setup on IIS 7.4 named 'cas', using HTTPS
>>>
>>>
>>> 'cas' is setup as an 'application' in IIS.
>>>
>>>
>>> As per the installation/setup instructions here
>>> (https://wiki.jasig.org/display/casc/.net+cas+client):
>>>
>>>
>>> 1. I created a web.config file and placed it in the *cas
>>> *application root folder.
>>>
>>> 2. I copied the context of the unzipped
>>> dotnet-client-1.0.2-bin\Release to c:\inetpub\wwwroot\bin
>>>
>>> 3. The contents of the web.config file are at the end of this email.
>>>
>>> 4. I tried to access a page in the my 'cas' application and I get
>>> the following error:
>>>
>>>
>>> *Server Error in '/cas' Application.*
>>>
>>> *
>>> *
>>>
>>> *Configuration Error*
>>>
>>> *
>>> *
>>>
>>> *Description: An error occurred during the processing of a
>>> configuration file required to service this request. Please review
>>> the specific error details below and modify your configuration file
>>> appropriately. *
>>>
>>> *
>>> *
>>>
>>> *Parser Error Message: Could not load file or assembly
>>> 'DotNetCasClient' or one of its dependencies. The system cannot find
>>> the file specified. (C:\inetpub\wwwroot\cas\web.config line 14)*
>>>
>>>
>>> Source Error:
>>>
>>>
>>>
>>> Line 12: <!-- Other system.web elements here -->
>>>
>>> Line 13: <httpModules>
>>>
>>> Line 14: <add name="DotNetCasClient"
>>> type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" />
>>>
>>> Line 15: <!-- Other modules here -->
>>>
>>> Line 16: </httpModules>
>>>
>>>
>>> Source File: C:\inetpub\wwwroot\cas\web.config Line: 14
>>>
>>>
>>>
>>>
>>> -- Does anyone know how the module needs to be "registered" properly
>>> in IIS? I thought just copying it to the bin folder as described in
>>> step #2 would be enough? Please advise!!! Thanks.
>>>
>>>
>>> *WEB.CONFIG CONTENTS*
>>>
>>>
>>> <?xml version="1.0" encoding="UTF-8"?>
>>>
>>> <configuration>
>>>
>>> <configSections>
>>>
>>> <section name="casClientConfig"
>>> type="DotNetCasClient.Configuration.CasClientConfiguration,
>>> DotNetCasClient" />
>>>
>>> <!-- Other custom sections here -->
>>>
>>> </configSections>
>>>
>>>
>>> <casClientConfig
>>> casServerLoginUrl="https://cas.stg.id.xxx/xxx-cas/login";
>>> casServerUrlPrefix="https://xxx"; serverName="https://xxx";
>>> redirectAfterValidation="true" renew="false" singleSignOut="true"
>>> ticketValidatorName="Saml11"
>>> serviceTicketManager="CacheServiceTicketManager" />
>>>
>>>
>>>
>>> <system.web>
>>>
>>> <!-- Other system.web elements here -->
>>>
>>> <httpModules>
>>>
>>> <add name="DotNetCasClient"
>>> type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" />
>>>
>>> <!-- Other modules here -->
>>>
>>> </httpModules>
>>>
>>> <authentication mode="Forms">
>>>
>>> <forms loginUrl="https://cas.stg.id.xxx/xxx-cas/login";
>>> timeout="30" defaultUrl="~/default.aspx" cookieless="UseCookies"
>>> slidingExpiration="true" path="/cas/" />
>>>
>>> </authentication>
>>>
>>> <!-- Other system.web elements here -->
>>>
>>> </system.web>
>>>
>>>
>>>
>>> <system.webServer>
>>>
>>> <!--
>>>
>>> Disabled Integrated Mode configuration validation.
>>>
>>> This will allow a single deployment to run on IIS 5/6 and 7+
>>>
>>> without errors
>>>
>>> -->
>>>
>>> <validation validateIntegratedModeConfiguration="false" />
>>>
>>> <modules>
>>>
>>> <!--
>>>
>>> Remove and Add the CasAuthenticationModule into the IIS7+
>>>
>>> Integrated Pipeline. This has no effect on IIS5/6.
>>>
>>> -->
>>>
>>> <remove name="DotNetCasClient" />
>>>
>>> <add name="DotNetCasClient"
>>> type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" />
>>>
>>> <!-- Other modules here -->
>>>
>>> </modules>
>>>
>>> <defaultDocument>
>>>
>>> <files>
>>>
>>> <clear />
>>>
>>> <add value="index.html" />
>>>
>>> <add value="default.aspx" />
>>>
>>> <add value="Default.htm" />
>>>
>>> <add value="Default.asp" />
>>>
>>> <add value="index.htm" />
>>>
>>> <add value="iisstart.htm" />
>>>
>>> </files>
>>>
>>> </defaultDocument>
>>>
>>> <handlers>
>>>
>>> <remove name="AboMapperCustom-346496207" />
>>>
>>> </handlers>
>>>
>>> </system.webServer>
>>>
>>>
>>> <system.diagnostics>
>>>
>>> <trace autoflush="true" useGlobalLock="false" />
>>>
>>> <sharedListeners>
>>>
>>> <!--
>>>
>>> Writing trace output to a log file is recommended.
>>>
>>> IMPORTANT:
>>>
>>> The user account under which the containing application pool runs
>>>
>>> must have privileges to create and modify the trace log file.
>>>
>>> -->
>>>
>>> <add name="TraceFile"
>>> type="System.Diagnostics.TextWriterTraceListener"
>>> initializeData="C:\inetpub\logs\LogFiles\DotNetCasClient.Log"
>>> traceOutputOptions="DateTime" />
>>>
>>> </sharedListeners>
>>>
>>> <sources>
>>>
>>> <!-- Provides diagnostic information on module configuration
>>> parameters. -->
>>>
>>> <source name="DotNetCasClient.Config" switchName="Config"
>>> switchType="System.Diagnostics.SourceSwitch">
>>>
>>> <listeners>
>>>
>>> <add name="TraceFile" />
>>>
>>> </listeners>
>>>
>>> </source>
>>>
>>> <!-- Traces IHttpModule lifecycle events and meaningful
>>> operations performed therein. -->
>>>
>>> <source name="DotNetCasClient.HttpModule"
>>> switchName="HttpModule" switchType="System.Diagnostics.SourceSwitch">
>>>
>>> <listeners>
>>>
>>> <add name="TraceFile" />
>>>
>>> </listeners>
>>>
>>> </source>
>>>
>>> <!-- Provides protocol message and routing information. -->
>>>
>>> <source name="DotNetCasClient.Protocol" switchName="Protocol"
>>> switchType="System.Diagnostics.SourceSwitch">
>>>
>>> <listeners>
>>>
>>> <add name="TraceFile" />
>>>
>>> </listeners>
>>>
>>> </source>
>>>
>>> <!-- Provides details on security operations and notable
>>> security conditions. -->
>>>
>>> <source name="DotNetCasClient.Security" switchName="Security"
>>> switchType="System.Diagnostics.SourceSwitch">
>>>
>>> <listeners>
>>>
>>> <add name="TraceFile" />
>>>
>>> </listeners>
>>>
>>> </source>
>>>
>>> </sources>
>>>
>>> <switches>
>>>
>>> <!--
>>>
>>> Set trace switches to appropriate logging level. Recommended
>>> values in order of increasing verbosity:
>>>
>>> - Off
>>>
>>> - Error
>>>
>>> - Warning
>>>
>>> - Information
>>>
>>> - Verbose
>>>
>>> -->
>>>
>>> <!--
>>>
>>> Config category displays detailed information about
>>> CasAuthenticationModule configuration.
>>>
>>> The output of this category is only displayed when the module
>>> is initialized, which happens
>>>
>>> for the first request following application/server startup.
>>>
>>> -->
>>>
>>> <add name="Config" value="Information" />
>>>
>>> <!--
>>>
>>> Set this category to Verbose to trace HttpModule lifecycle
>>> events in CasAuthenticationModule.
>>>
>>> This category produces voluminous output in Verbose mode and
>>> should be avoided except for
>>>
>>> limited periods of time troubleshooting vexing integration
>>> problems.
>>>
>>> -->
>>>
>>> <add name="HttpModule" value="Information" />
>>>
>>> <!--
>>>
>>> Set to Verbose to display protocol messages between the client
>>> and server.
>>>
>>> This category is very helpful for troubleshooting integration
>>> problems.
>>>
>>> -->
>>>
>>> <add name="Protocol" value="Verbose" />
>>>
>>> <!--
>>>
>>> Displays important security-related information.
>>>
>>> -->
>>>
>>> <add name="Security" value="Information" />
>>>
>>> </switches>
>>>
>>> </system.diagnostics>
>>>
>>>
>>> </configuration>
>>>
>>>
>>>
>>>
>>> --
>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>> nklh...@mail.ubc.ca
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>> --
>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>> nklh...@mail.ubc.ca
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>> --
>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>> jgas...@unicon.net
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>> --
>> *John Gasper*
>> IAM Consultant
>> Unicon, Inc.
>> PGP/GPG Key: 0xbafee3ef
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as:
>> nklh...@mail.ubc.ca
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as:
>> jgas...@unicon.net
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
> *John Gasper*
> IAM Consultant
> Unicon, Inc.
> PGP/GPG Key: 0xbafee3ef
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> nklh...@mail.ubc.ca
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> jgas...@unicon.net
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
--
*John Gasper*
IAM Consultant
Unicon, Inc.
PGP/GPG Key: 0xbafee3ef
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
