The easiest scenario is when both applications are hosted on the same machine and you have control over both of them. If both apps have the same machineKey, you can just modify the formsAuthentication element in web.config so that both sites see & share the same FormsAuthenticationTicket (look at the domain and path attributes). Then you don't have to worry about proxy tickets or anything like that. Regardless of whether you authenticated on MyApp1 or MyApp2, the cookie would go to the server as you moved between the two and the FormsAuthenticationModule would authenticate the ticket correctly.
If that isn't the case for you, you'll need the links from MyApp1 to MyApp2 (and/or the other way around) to contain a proxy ticket. There's a method in CasAuthentication to generate these links. Assuming the CAS module is configured correctly on both ends, the module should detect the ticket and validate it without having to do anything explicitly in code. There's sample code in the example project that sends a proxy ticket from a web app to a ClickOnce application. It's the same concept from web app to web app, but a little simpler (the ClickOnce app needed to do more work in code to validate it). The trickiest part is getting your environment configured correctly. This requires mutually trusted SSL certificates between MyApp1, MyApp2, and your CAS server. Getting it to work over HTTP as opposed to HTTPS is more trouble than it's worth and is insecure. Simplest route is to buy commercial certs where the .NET and Java keystores trust the CA already. Otherwise, you've got to get them trusted in the Java keystore and Windows Certificate Manager. On Wed, Feb 6, 2013 at 3:43 AM, Bikal Bhattarai <[email protected]>wrote: > Suppose I have 2 applications hosted on iis7 as > 1. localhost/MyApp1 > 2. localhost/MyApp2 > > I have followed the instructions on how to setup cas client on asp.netmvc > applications from > https://wiki.jasig.org/pages/viewpage.action?pageId=32210981 > > How can i enable proxy so that if I am logged in on one application (say > localhost/MyApp1) and if I browse second application(say localhost/MyApp2) > I dont have to re login to second application. > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
