| Property | Type | Description | |
|---|---|---|---|
| CasAuthentication | System | ||
| ExtractSingleSignOutTicketFromSamlResponse | string | ||
| LogAndThrowConfigurationException | void | ||
| LogAndThrowOperationException | void | ||
| ProcessProxyCallbackRequest | bool | ||
| ProcessRequestAuthentication | void | ||
| ProcessSingleSignOutRequest | void | ||
| ProcessTicketValidation | void | ||
| RedirectFromFailedGatewayCallback | void | ||
| RedirectFromLoginCallback | void | ||
| SetGatewayStatusCookie | void |
| Method | Description | |
|---|---|---|
| ClearAuthCookie ( ) : void |
Sends a blank and expired FormsAuthentication cookie to the client response. This effectively removes the FormsAuthentication cookie and revokes the FormsAuthenticationTicket. It also removes the cookie from the current Request object, preventing subsequent code from being able to access it during the execution of the current request.
|
|
| CreateFormsAuthenticationTicket ( string netId, string cookiePath, string serviceTicket, System.DateTime validFromDate, System.DateTime validUntilDate ) : System.Web.Security.FormsAuthenticationTicket |
Creates a FormsAuthenticationTicket for storage on the client. The UserData field contains the CAS Service Ticket which can be used by the server-side ServiceTicketManager to retrieve additional details about the ticket (e.g. assertions)
|
|
| GatewayAuthenticate ( bool ignoreGatewayStatusCookie ) : void |
Attempt to perform a CAS gateway authentication. This causes a transparent redirection out to the CAS server and back to the requesting page with or without a CAS service ticket. If the user has already authenticated for another service against the CAS server and the CAS server supports Single Sign On, this will result in the user being automatically authenticated. Otherwise, the user will remain anonymous.
|
|
| GetAuthCookie ( System.Web.Security.FormsAuthenticationTicket ticket ) : System.Web.HttpCookie |
Creates an HttpCookie containing an encrypted FormsAuthenticationTicket, which in turn contains a CAS service ticket.
|
|
| GetFormsAuthenticationTicket ( ) : System.Web.Security.FormsAuthenticationTicket |
Looks for a FormsAuthentication cookie and attempts to parse a valid, non-expired FormsAuthenticationTicket. It ensures that the UserData field has a value (presumed to be a CAS Service Ticket).
|
|
| GetGatewayStatus ( ) : GatewayStatus |
Retrieves the GatewayStatus from the client cookie.
|
|
| GetProxyTicketIdFor ( string targetServiceUrl ) : string |
Attempts to connect to the CAS server to retrieve a proxy ticket for the target URL specified. Problems retrieving proxy tickets are generally caused by SSL misconfiguration. The CAS server must be configured to trust the SSL certificate on the web application's server. The CAS server will attempt to establish an SSL connection to this web application server to confirm that the proxy ticket request is legitimate. If the server does not trust the SSL certificate or the certificate authority/chain of the SSL certificate, the request will fail. |
|
| Initialize ( ) : void |
Initializes configuration-related properties and validates configuration.
|
|
| ProxyRedirect ( string url ) : void |
Obtain a Proxy ticket and redirect to the foreign service url with that ticket included in the url. The foreign service must be configured to accept the ticket.
|
|
| ProxyRedirect ( string url, bool endResponse ) : void |
Obtain a Proxy ticket and redirect to the foreign service url with that ticket included in the url. The foreign service must be configured to accept the ticket.
|
|
| ProxyRedirect ( string url, string proxyTicketUrlParameter ) : void |
Obtain a Proxy ticket and redirect to the foreign service url with that ticket included in the url. The foreign service must be configured to accept the ticket.
|
|
| ProxyRedirect ( string url, string proxyTicketUrlParameter, bool endResponse ) : void |
|
|
| RedirectToCookiesRequiredPage ( ) : void |
Redirects the current request to the Cookies Required page
|
|
| RedirectToLoginPage ( ) : void |
Redirects the current request to the CAS Login page
|
|
| RedirectToLoginPage ( bool forceRenew ) : void |
Redirects the current request to the Login page and requires renewed CAS credentials
|
|
| RedirectToNotAuthorizedPage ( ) : void |
Redirects the current request to the Not Authorized page
|
|
| SetAuthCookie ( System.Web.Security.FormsAuthenticationTicket clientTicket ) : void |
Encrypts a FormsAuthenticationTicket in an HttpCookie (using GetAuthCookie) and includes it in the response.
|
|
| SingleSignOut ( ) : void |
Logs the user out of the application and attempts to perform a Single Sign Out against the CAS server. If the CAS server is configured to support Single Sign Out, this will prevent users from gateway authenticating to other services. The CAS server will attempt to notify any other applications to revoke the session. Each of the applications must be configured to maintain session state on the server. In the case of ASP.NET web applications using DotNetCasClient, this requires defining a serviceTicketManager. The configuration for other client types (Java, PHP) varies based on the client implementation. Consult the Jasig wiki for more details.
|
| Method | Description | |
|---|---|---|
| CasAuthentication ( ) : System |
Static constructor
|
|
| ExtractSingleSignOutTicketFromSamlResponse ( string xmlAsString ) : string |
Extracts the CAS ticket from the SAML message supplied.
|
|
| LogAndThrowConfigurationException ( string message ) : void | ||
| LogAndThrowOperationException ( string message ) : void | ||
| ProcessProxyCallbackRequest ( ) : bool |
Process a Proxy Callback request from the CAS server. Proxy Callback requests occur as a part of a proxy ticket request. When the web application requests a proxy ticket for a third party service from the CAS server, the CAS server attempts to connect back to the web application over an HTTPS connection. The success of this callback is essential for the proxy ticket request to succeed. Failures are generally caused by SSL configuration errors. See the description of the SingleSignOut method for more details. Assuming the SSL configuration is correct, this method is responsible for handling the callback from the CAS server. For more details, see the CAS protocol specification.
|
|
| ProcessRequestAuthentication ( ) : void |
Attempts to authenticate requests subsequent to the initial authentication request (handled by ProcessTicketValidation). This method looks for a FormsAuthenticationCookie containing a FormsAuthenticationTicket and attempts to confirms its validitiy. It either contains the CAS service ticket or a reference to a CasAuthenticationTicket stored in the ServiceTicketManager (if configured). If it succeeds, the context.User and Thread.CurrentPrincipal are set with a ICasPrincipal and the current request is considered authenticated. Otherwise, the current request is effectively anonymous.
|
|
| ProcessSingleSignOutRequest ( ) : void |
Process SingleSignOut requests originating from another web application by removing the ticket from the ServiceTicketManager (assuming one is configured). Without a ServiceTicketManager configured, this method will not execute and this web application cannot respect external SingleSignOut requests.
|
|
| ProcessTicketValidation ( ) : void |
Validates a ticket contained in the URL, presumably generated by the CAS server after a successful authentication. The actual ticket validation is performed by the configured TicketValidator (i.e., CAS 1.0, CAS 2.0, SAML 1.0). If the validation succeeds, the request is authenticated and a FormsAuthenticationCookie and corresponding CasAuthenticationTicket are created for the purpose of authenticating subsequent requests (see ProcessTicketValidation method). If the validation fails, the authentication status remains unchanged (generally the user is and remains anonymous).
|
|
| RedirectFromFailedGatewayCallback ( ) : void |
Redirects the current request back to the requested page without the gateway callback artifact in the URL.
|
|
| RedirectFromLoginCallback ( ) : void |
Redirects the current request back to the requested page without the CAS ticket artifact in the URL.
|
|
| SetGatewayStatusCookie ( GatewayStatus gatewayStatus ) : void |
Attempts to set the GatewayStatus client cookie. If the cookie is not present and equal to GatewayStatus.Attempting when a CAS Gateway request comes in (indicated by the presence of the 'gatewayParameterName' defined in web.config appearing in the URL), the server knows that the client is not accepting session cookies and will optionally redirect the user to the 'cookiesRequiredUrl' (also defined in web.config). If 'cookiesRequiredUrl' is not defined but 'gateway' is, every page request will result in a round-trip to the CAS server.
|
| public static CreateFormsAuthenticationTicket ( string netId, string cookiePath, string serviceTicket, System.DateTime validFromDate, System.DateTime validUntilDate ) : System.Web.Security.FormsAuthenticationTicket | ||
| netId | string | User associated with the ticket |
| cookiePath | string | Relative path on server in which cookie is valid |
| serviceTicket | string | CAS service ticket |
| validFromDate | System.DateTime | Ticket valid from date |
| validUntilDate | System.DateTime | Ticket valid too date |
| return | System.Web.Security.FormsAuthenticationTicket | |
| public static GatewayAuthenticate ( bool ignoreGatewayStatusCookie ) : void | ||
| ignoreGatewayStatusCookie | bool | /// The Gateway Status Cookie reflects whether a gateway authentication has /// already been attempted, in which case the redirection is generally /// unnecessary. This property allows you to override the behavior and /// perform a redirection regardless of whether it has already been attempted. /// |
| return | void | |
| public static GetAuthCookie ( System.Web.Security.FormsAuthenticationTicket ticket ) : System.Web.HttpCookie | ||
| ticket | System.Web.Security.FormsAuthenticationTicket | The FormsAuthenticationTicket to encode |
| return | System.Web.HttpCookie | |
| public static GetFormsAuthenticationTicket ( ) : System.Web.Security.FormsAuthenticationTicket | ||
| return | System.Web.Security.FormsAuthenticationTicket | |
| public static GetGatewayStatus ( ) : GatewayStatus | ||
| return | GatewayStatus | |
| public static GetProxyTicketIdFor ( string targetServiceUrl ) : string | ||
| targetServiceUrl | string | The target Url to obtain a proxy ticket for |
| return | string | |
| public static ProxyRedirect ( string url ) : void | ||
| url | string | The foreign service to redirect to |
| return | void | |
| public static ProxyRedirect ( string url, bool endResponse ) : void | ||
| url | string | The foreign service to redirect to |
| endResponse | bool | /// Boolean indicating whether or not to short circuit the remaining request /// pipeline events /// |
| return | void | |
| public static ProxyRedirect ( string url, string proxyTicketUrlParameter ) : void | ||
| url | string | The foreign service to redirect to |
| proxyTicketUrlParameter | string | /// The ticket parameter to include in the remote service Url. /// |
| return | void | |
| public static ProxyRedirect ( string url, string proxyTicketUrlParameter, bool endResponse ) : void | ||
| url | string | The foreign service to redirect to |
| proxyTicketUrlParameter | string | /// The ticket parameter to include in the remote service Url. /// |
| endResponse | bool | /// Boolean indicating whether or not to short circuit the remaining request /// pipeline events /// |
| return | void | |
| public static RedirectToCookiesRequiredPage ( ) : void | ||
| return | void | |
| public static RedirectToLoginPage ( bool forceRenew ) : void | ||
| forceRenew | bool | |
| return | void | |
| public static RedirectToNotAuthorizedPage ( ) : void | ||
| return | void | |
| public static SetAuthCookie ( System.Web.Security.FormsAuthenticationTicket clientTicket ) : void | ||
| clientTicket | System.Web.Security.FormsAuthenticationTicket | The FormsAuthenticationTicket to encode |
| return | void | |