Hi John,
Thanks - that actually helped. Not on its own though. I had, at the
site-level, disabled the anonymous authentication. I changed that to enabled
and added the following to web.config in the <system.web> section:
<authorization><deny users="?"/> </authorization>
I restarted the server and now it works. I am still testing but at least this
is progress!
I'm not getting the attributes in my printing of header variables though - any
ideas why this would be? Once again, I'm unfamiliar with C#/.NET - I come from
the world of Java, so my apologies. Maybe I'm missing something, but shouldn't
my user attributes be returned in the header upon accessing this page?
Here is my .aspx page code:
<%@ Page Language="C#" %>
<html>
<head>
<title>CAS Echo Page</title>
</head>
<body>
You are logged in using CAS!
<hr />
<table>
<%
foreach( string key in Request.Headers )
{
%>
<tr>
<td>
<%= key %>
</td>
<td>
<%= Request.Headers[ key ] %>
</td>
</tr>
<%
}
%>
</table>
<hr />
</body>
</html>
But it only prints out the following:
You are logged in using CAS!
Connection
keep-alive
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding
gzip,deflate,sdch
Accept-Language
en-US,en;q=0.8
Cookie
CAS=8D59393D82EA4F4933FD12E20D588D64D8E78B192ED2B5C41A55DE6F87F5013CA3EFE06405CD7DE3C856DDC36EBCD25CB8DE015EC0411C31AE0D1A4BD0C8F58DD714A230E86D00394F8E4B9A155437C99C58842DC6BE43CACA8A81D896D15B9C25D290F9FF4531C130615626B7D964F272CBCF4586287D163803A5CCF6F3668421B73D751D87763A0B010ED4F39FCC93299F1D4DAACDEF34CBB593F59A39D82E3B7BEA59D200253692D8231E533B8E6789B609A9777150140C338F6AF258FC92F670C627CD5F4CC7958F3E6CBA392BB89935D1C5DBF4DAA801956A061FB5798E2AA3233C
Host
142.103.95.30
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/36.0.1985.125 Safari/537.36
From: John Gasper [jgas...@unicon.net]
Sent: August-12-14 10:30 AM
To: cas-user@lists.jasig.org
Subject: Re: [cas-user] IIS and .NET CAS Client module - how to
register/install the module?
No, that simply states how to authenticate a user.
You'll need something like:
<authorization>
<deny users="?"/>
</authorization>
Here's a pretty good tutorial on how to set this and other cases up,
http://weblogs.asp.net/gurusarkar/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config.
John
On 8/12/14, 9:39 AM, Haer, Neelam wrote:
Hi John
Thanks for your reply:
I have the following - is this not sufficient to invoke the forms
authentication?
<system.web>
<!-- Other system.web elements here -->
<httpModules>
<add name="DotNetCasClient"
type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" />
<!-- Other modules here -->
</httpModules>
<authentication mode="Forms">
<forms
loginUrl="https://cas.stg.id.xxx/xxx-cas/login";<https://cas.stg.id.xxx/xxx-cas/login>
timeout="30" defaultUrl="~/default.aspx" cookieless="UseCookies"
slidingExpiration="true" path="/cas/" />
</authentication>
<!-- Other system.web elements here -->
</system.web>
My apologies if this is a newbie question - I'm not familiar with IIS - I am an
enterprise java developer.
Thanks
________________________________
From: John Gasper [jgas...@unicon.net<mailto:jgas...@unicon.net>]
Sent: August-12-14 8:27 AM
To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>
Subject: Re: [cas-user] IIS and .NET CAS Client module - how to
register/install the module?
Hi,
Maybe I'm missing it, but I don't see anything in your web.config that requires
the user to be authenticated to access the app's resources. Take a look at
http://msdn.microsoft.com/en-us/library/vstudio/wce3kxhd(v=vs.100).aspx<http://msdn.microsoft.com/en-us/library/vstudio/wce3kxhd%28v=vs.100%29.aspx>.
You want to make sure you've got something that denies access to the anonymous
(?) user.
John
On 8/11/14, 4:29 PM, Haer, Neelam wrote:
Hi All,
I was able to fix my original problem (Description: An error occurred during
the processing of a configuration file required to service this request. Please
review the specific error details below and modify your configuration file
appropriately. )
The problem was solved by moving the bin folder to the 'cas' application
directory. But now, I have a different problem. CAS is not kicking in, ie,
the module is not forcing authentication. Does anyone have any ideas about
this? (see my web.config below).
Thanks,
From: Haer, Neelam [nklh...@mail.ubc.ca<mailto:nklh...@mail.ubc.ca>]
Sent: August-11-14 4:00 PM
To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>
Subject: [cas-user] IIS and .NET CAS Client module - how to register/install
the module?
Hi All,
I'm having an issue with the .NET CAS Client module, and hoping that someone
here knows what they're doing when it comes to registering the module in IIS
7.7/Windows Server 2008.
I downloaded and unzipped the .NET CAS Client Module, and have a site setup on
IIS 7.4 named 'cas', using HTTPS
'cas' is setup as an 'application' in IIS.
As per the installation/setup instructions here
(https://wiki.jasig.org/display/casc/.net+cas+client):
1. I created a web.config file and placed it in the cas application root
folder.
2. I copied the context of the unzipped dotnet-client-1.0.2-bin\Release to
c:\inetpub\wwwroot\bin
3. The contents of the web.config file are at the end of this email.
4. I tried to access a page in the my 'cas' application and I get the
following error:
Server Error in '/cas' Application.
Configuration Error
Description: An error occurred during the processing of a configuration file
required to service this request. Please review the specific error details
below and modify your configuration file appropriately.
Parser Error Message: Could not load file or assembly 'DotNetCasClient' or one
of its dependencies. The system cannot find the file specified.
(C:\inetpub\wwwroot\cas\web.config line 14)
Source Error:
Line 12: <!-- Other system.web elements here -->
Line 13: <httpModules>
Line 14: <add name="DotNetCasClient"
type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" />
Line 15: <!-- Other modules here -->
Line 16: </httpModules>
Source File: C:\inetpub\wwwroot\cas\web.config Line: 14
-- Does anyone know how the module needs to be "registered" properly in IIS? I
thought just copying it to the bin folder as described in step #2 would be
enough? Please advise!!! Thanks.
WEB.CONFIG CONTENTS
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<configSections>
<section name="casClientConfig"
type="DotNetCasClient.Configuration.CasClientConfiguration, DotNetCasClient" />
<!-- Other custom sections here -->
</configSections>
<casClientConfig
casServerLoginUrl="https://cas.stg.id.xxx/xxx-cas/login";<https://cas.stg.id.xxx/xxx-cas/login>
casServerUrlPrefix="https://xxx";<https://xxx>
serverName="https://xxx";<https://xxx> redirectAfterValidation="true"
renew="false" singleSignOut="true" ticketValidatorName="Saml11"
serviceTicketManager="CacheServiceTicketManager" />
<system.web>
<!-- Other system.web elements here -->
<httpModules>
<add name="DotNetCasClient"
type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" />
<!-- Other modules here -->
</httpModules>
<authentication mode="Forms">
<forms
loginUrl="https://cas.stg.id.xxx/xxx-cas/login";<https://cas.stg.id.xxx/xxx-cas/login>
timeout="30" defaultUrl="~/default.aspx" cookieless="UseCookies"
slidingExpiration="true" path="/cas/" />
</authentication>
<!-- Other system.web elements here -->
</system.web>
<system.webServer>
<!--
Disabled Integrated Mode configuration validation.
This will allow a single deployment to run on IIS 5/6 and 7+
without errors
-->
<validation validateIntegratedModeConfiguration="false" />
<modules>
<!--
Remove and Add the CasAuthenticationModule into the IIS7+
Integrated Pipeline. This has no effect on IIS5/6.
-->
<remove name="DotNetCasClient" />
<add name="DotNetCasClient"
type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" />
<!-- Other modules here -->
</modules>
<defaultDocument>
<files>
<clear />
<add value="index.html" />
<add value="default.aspx" />
<add value="Default.htm" />
<add value="Default.asp" />
<add value="index.htm" />
<add value="iisstart.htm" />
</files>
</defaultDocument>
<handlers>
<remove name="AboMapperCustom-346496207" />
</handlers>
</system.webServer>
<system.diagnostics>
<trace autoflush="true" useGlobalLock="false" />
<sharedListeners>
<!--
Writing trace output to a log file is recommended.
IMPORTANT:
The user account under which the containing application pool runs
must have privileges to create and modify the trace log file.
-->
<add name="TraceFile" type="System.Diagnostics.TextWriterTraceListener"
initializeData="C:\inetpub\logs\LogFiles\DotNetCasClient.Log"
traceOutputOptions="DateTime" />
</sharedListeners>
<sources>
<!-- Provides diagnostic information on module configuration parameters. -->
<source name="DotNetCasClient.Config" switchName="Config"
switchType="System.Diagnostics.SourceSwitch">
<listeners>
<add name="TraceFile" />
</listeners>
</source>
<!-- Traces IHttpModule lifecycle events and meaningful operations
performed therein. -->
<source name="DotNetCasClient.HttpModule" switchName="HttpModule"
switchType="System.Diagnostics.SourceSwitch">
<listeners>
<add name="TraceFile" />
</listeners>
</source>
<!-- Provides protocol message and routing information. -->
<source name="DotNetCasClient.Protocol" switchName="Protocol"
switchType="System.Diagnostics.SourceSwitch">
<listeners>
<add name="TraceFile" />
</listeners>
</source>
<!-- Provides details on security operations and notable security
conditions. -->
<source name="DotNetCasClient.Security" switchName="Security"
switchType="System.Diagnostics.SourceSwitch">
<listeners>
<add name="TraceFile" />
</listeners>
</source>
</sources>
<switches>
<!--
Set trace switches to appropriate logging level. Recommended values in
order of increasing verbosity:
- Off
- Error
- Warning
- Information
- Verbose
-->
<!--
Config category displays detailed information about
CasAuthenticationModule configuration.
The output of this category is only displayed when the module is
initialized, which happens
for the first request following application/server startup.
-->
<add name="Config" value="Information" />
<!--
Set this category to Verbose to trace HttpModule lifecycle events in
CasAuthenticationModule.
This category produces voluminous output in Verbose mode and should be
avoided except for
limited periods of time troubleshooting vexing integration problems.
-->
<add name="HttpModule" value="Information" />
<!--
Set to Verbose to display protocol messages between the client and server.
This category is very helpful for troubleshooting integration problems.
-->
<add name="Protocol" value="Verbose" />
<!--
Displays important security-related information.
-->
<add name="Security" value="Information" />
</switches>
</system.diagnostics>
</configuration>
--
You are currently subscribed to
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as:
nklh...@mail.ubc.ca<mailto:nklh...@mail.ubc.ca>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as:
nklh...@mail.ubc.ca<mailto:nklh...@mail.ubc.ca>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as:
jgas...@unicon.net<mailto:jgas...@unicon.net>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
John Gasper
IAM Consultant
Unicon, Inc.
PGP/GPG Key: 0xbafee3ef
--
You are currently subscribed to
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as:
nklh...@mail.ubc.ca<mailto:nklh...@mail.ubc.ca>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as:
jgas...@unicon.net<mailto:jgas...@unicon.net>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
John Gasper
IAM Consultant
Unicon, Inc.
PGP/GPG Key: 0xbafee3ef
--
You are currently subscribed to cas-user@lists.jasig.org as: nklh...@mail.ubc.ca
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
