Hi Michelle,

Nice sleuthing! So when I go to http://test-spots.fandm.edu/ I get sent
to you test CAS Server. If you were already logged into the CAS server
it would have looked like it was only taking you to your homepage.

It's looking OK to me.

On 9/12/14 9:06 AM, Michelle Zhang wrote:
> Thank you John!  I renamed Web.config file to web.xml and opened it in
> IE, it compiled right.
> So I started to check the items in Web.config file, and found:
> 1. I need to comment this out, otherwise I get 500 Internal Error:
> <modules runAllManagedModulesForAllRequests="true"/>
> 2. I need to add this: <validation
> validateIntegratedModeConfiguration="false"/>, otherwise I get 500.22
> Error
> The problem is now when I type my website URL in the address bar in
> the browser, it goes to my webpage default page directly, it does not
> go to the CAS log in page.
> Any ideas why is that? I just pasted the web.config file in the bottom
> of the email, in case you have time to take a look for me.
> Michelle
> Web.config
> <?xml version="1.0"?>
> <configuration>
>   <configSections>
>     <!--<section name="securitySwitch"
>              type="SecuritySwitch.Configuration.Settings, SecuritySwitch"
>              requirePermission="false" />-->
>     <section name="casClientConfig"
> type="DotNetCasClient.Configuration.CasClientConfiguration,
> DotNetCasClient"/>
>   </configSections>
>   <casClientConfig
> casServerLoginUrl="https://cas-test.fandm.edu/cas/login";
>                      casServerUrlPrefix="https://cas-test.fandm.edu/cas";
>                      serverName="test-spots.fandm.edu
> <http://test-spots.fandm.edu>"
>                      notAuthorizedUrl="~/Failed.aspx"
>                      cookiesRequiredUrl=""
>                      redirectAfterValidation="true"
>                      renew="false" singleSignOut="true"
>                      ticketValidatorName="Cas20"
>                      serviceTicketManager="CacheServiceTicketManager"/>
>   <!--<securitySwitch mode="RemoteOnly">
>     <paths>
>       <add path="~/Login.aspx" />
>     </paths>
>   </securitySwitch>-->
>   <connectionStrings>
>     <add name="ApplicationServices" connectionString="data
> source=.\SQLEXPRESS;Integrated
> Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User
> Instance=true"
>       providerName="System.Data.SqlClient" /> 
>   </connectionStrings>
>   <system.web>
>     <!--<customErrors mode="Off" defaultRedirect="Error.aspx"/>-->
>     <customErrors mode="Off"/>
>     <compilation debug="true" targetFramework="4.0"/>
>     <authentication mode="Forms">
>       <forms loginUrl="https://cas-test.fandm.edu/cas/login"; timeout="30"
>              defaultUrl="Default.aspx"
>              cookieless="UseCookies"
>              slidingExpiration="true"
>              path="/" />
>     </authentication>
>     <authorization>
>       <deny users="?"/>
>     </authorization>
>     <httpModules>
>       <add name="DotNetCasClient"
> type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient"/>
>     </httpModules>
>     <sessionState timeout="2880">
>     </sessionState>
>     <membership>
>       <providers>
>         <clear/>
>         <add name="AspNetSqlMembershipProvider"
> type="System.Web.Security.SqlMembershipProvider"
> connectionStringName="ApplicationServices"
> enablePasswordRetrieval="false" enablePasswordReset="true"
> requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
> maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6"
> minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
> applicationName="/"/>
>       </providers>
>     </membership>
>     <profile>
>       <providers>
>         <clear/>
>         <add name="AspNetSqlProfileProvider"
> type="System.Web.Profile.SqlProfileProvider"
> connectionStringName="ApplicationServices" applicationName="/"/>
>       </providers>
>     </profile>
>     <roleManager enabled="false">
>       <providers>
>         <clear/>
>         <add name="AspNetSqlRoleProvider"
> type="System.Web.Security.SqlRoleProvider"
> connectionStringName="ApplicationServices" applicationName="/"/>
>         <add name="AspNetWindowsTokenRoleProvider"
> type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/"/>
>       </providers>
>     </roleManager>
>   </system.web>
>   <system.webServer>
>     <!--just added this on 9/12/14 11:46.
>     without it or set to true:
>     HTTP Error 500.22 - Internal Server Error
> An ASP.NET <http://ASP.NET> setting has been detected that does not
> apply in Integrated managed pipeline mode.
>     with it:
>     do not go to cas log in, but only go to the default page.-->
>     <validation validateIntegratedModeConfiguration="false"/>
>     <modules>
>       <remove name="DotNetCasClient"/>
>       <add name="DotNetCasClient"
> type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient"/>
>     </modules>
>     <!--<httpErrors errorMode="Custom">
>       <error statusCode="500" subStatusCode="5"
> path="https://spots.fandm.edu"; responseMode="Redirect"/>
>       <error statusCode="403" subStatusCode="4"
> path="https://spots.fandm.edu"; responseMode="Redirect"/>
>     </httpErrors>-->
>     <httpErrors errorMode="Detailed" />
>     <asp scriptErrorSentToBrowser="true"/>
>     <!--need to comment it, otherwise 500 Error-->
>     <!--<modules runAllManagedModulesForAllRequests="true"/>-->
>     <defaultDocument>
>       <files>
>         <clear/>
>         <add value="Default.aspx"/>
>       </files>
>     </defaultDocument>
>   </system.webServer>
> </configuration>
>     Hi Michelle,
>     When I get these kind of errors with IIS, the first thing I check
>     is that the web.config file is valid xml. I usually rename the
>     file to end in .xml and open it in IE to make sure it parses
>     correctly. If that checks out make sure the new elements were
>     added to the appropriate areas. I'd guess something wrong in the
>     web.config is probably the problem.
>     Next, I usually enable Failed Request Tracing. You'll need to work
>     with your sys admin to configure and enable it, but this usually
>     uncovers everything. An xml file will be created that will merge
>     to the xsl file in the output directory. Open the xml in IE and
>     that will make it a lot easier to review.
>     Give those a try and see what you find.
>     Good luck!
>     John
>>     Carl,
>>     I do not have access to the event viewer in the windows server.
>>     I'll check with the personnel who has access to it.
>>     Yes the website works very good before adding the CAS client code.
>>     I tried to test with a "Hello World" test page but got the same
>>     error. 
>>     Not sure how to set the error log...I found as soon as I logged
>>     in the Cas Log In page, I got this error message. How to find out
>>     if the error is happening before or after the request is routed?
>>     I do not have much access to the server so I cannot debug the web
>>     pages using break point on the web server....
>>     Michelle
>>         Michelle,
>>         Did you check the Windows event log to see if the error was
>>         logged elsewhere (e.g. under "Applications")?
>>         Did the web site work *prior* to adding the CAS client code?
>>         Can you serve *any* resource?  E.g. a basic "Hello World"
>>         test page?
>>         Can you emit messages to an error log from your ASP page to
>>         see if the request is reaching the page or if the error is
>>         happening before the request is routed?
>>         Without knowing much about your setup, I am afraid I am
>>         someone limited in the advice I can offer.
>>         Thanks,
>>         Carl
>>         Hi Carl,
>>         Thank you again for helping! I did check the Log files under
>>         inetpub/logs/LogFiles and I did not see any error messages at
>>         all.
>>         Michelle
>>         > Michelle,
>>         >
>>         > A 500 error doesn't tell you much.
>>         > Is it possible for you to get access the the web server
>>         logs (e.g. Windows
>>         > Event logs) to see if there is any more specific
>>         information available?
>>         >
>>         > Thanks,
>>         > Carl Waldbieser
>>         >
>>         >
>>         > Thank you Linda!
>>         >
>>         > on the webserver, the web page is not even go to CAS log in
>>         page, it turns
>>         > the 500 - Internal server error without doing anything. And
>>         there's no way
>>         > I can debug to find out what's the problem because it does
>>         go to the CAS
>>         > log in page when I run it on my local machine.
>>         >
>>         >
>>         > > We normally receive that error when the user is
>>         authenticated, but not
>>         > > authorized to use the target application.  In the case of
>>         Banner, e.g.,
>>         > > that application seeks an attribute called the UDC
>>         Identifier which is
>>         > used
>>         > > to establish role permissions for the various Banner
>>         applications.  Once
>>         > > authenticated, our LDAP returns that attribute.  A
>>         similar failure would
>>         > > occur any attribute the target application is seeking has
>>         not been
>>         > gathered
>>         > > from the authentication source.
>>         > >
>>         > > Linda
>>         > >
>>         > >
>>         > >
>>         > >
>>         > >> I'm using ASP.Net and just started to use CAS.
>>         > >>
>>         > >> On my local machine, after authenticated by the CAS log
>>         in page, I'm not
>>         > >> re-directed back to my default url but get this 500 -
>>         Internal server
>>         > error
>>         > >> message.
>>         > >>
>>         > >> On the webserver, if I type the website url on browser,
>>         I'm not
>>         > >> re-directed to the CAS log in page but just get 500 -
>>         Internal server
>>         > error
>>         > >> directly.
>>         > >>
>>         > >> Anyone knows why's that?
>>         > >>
>>         > >>
>>         > >>
>>         > >>
>>         > >>
>>         > >
>>         >
>>         >
