How would one exclude pages from cas authentication? Scenario #A I added the DotNetCasClient httpModule (line #14) in the location tag, but this module doesn't seem to be loading. Using the DotNetCasClient.dll dev version, I have the following httpModule in my web.config file. 1: <configuration> 2: <system.web> 3: <httpModules> 4: <remove name="FormsAuthentication"/> 5: <remove name="WindowsAuthentication"/> 6: <remove name="PassportAuthentication"/> 7: <!--<add name="DotNetCasClient" type="DotNetCasClient.CasAlternateAuthModule,DotNetCasClient"/>--> 8: <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> 9: </httpModules> 10 : </system.web> 11: <location path="SecureFolder"> 12: <system.web> 13: <httpModules> 14: <add name="DotNetCasClient" type="DotNetCasClient.CasAlternateAuthModule,DotNetCasClient"/> 15: </httpModules> 16: <authorization> 17: <deny users="?" /> 18: </authorization> 19: </system.web> 20: </location> 21:</configuration>
What happens? a) go to http://www.foo.com/blah.aspx, there's no CAS authentication (the expected behavior) b) go to http://www.foo.com/SecureFolder/blah2.aspx, there's no CAS authentication (expected to have authentication) Scenario #B I tried to reverse the logic and set up a "NonSecureFolder" and have the <remove> tag (see line #14). 1: <configuration> 2: <system.web> 3: <httpModules> 4: <remove name="FormsAuthentication"/> 5: <remove name="WindowsAuthentication"/> 6: <remove name="PassportAuthentication"/> 7: <add name="DotNetCasClient" type="DotNetCasClient.CasAlternateAuthModule,DotNetCasClient"/> 8: <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> 9: </httpModules> 10 : </system.web> 11: <location path="NonSecureFolder"> 12: <system.web> 13: <httpModules> 14: <remove name="DotNetCasClient"/> 15: </httpModules> 16: <authorization> 17: <allow users="*" /> 18: </authorization> 19: </system.web> 20: </location> 21:</configuration> What happens? a) go to http://www.foo.com/blah.aspx, there's CAS authentication (the expected behavior) b) go to http://www.foo.com/NonSecureFolder/blah2.aspx, there's CAS authentication (expected to have no authentication) Scenario #C I also tried to set up a virtual directory for a specific folder <root>/Secure and added a second web.config file so I could load the DotNetCasClient, but I was not able to exclude pages from cas authentication. Would you happen to have other ideas on how to exclude pages from cas authentication? Thank you in advance for your help! -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
