1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
| using System;
using System.Collections.Generic;
using System.Text;
using System.Web;
using System.Web.Security;
using System.Security.Principal;
using System.IO;
using System.Xml;
using System.Net;
using System.Configuration;
namespace CasModule
{
public class CasModule : IHttpModule
{
// Return url cookie name
private const string ReturnUrl = "CASmodule.ReturnUrl";
public CasModule()
{
}
public string ModuleName
{
get { return "CASmodule"; }
}
// In the Init function, register for HttpApplication
// events by adding your handlers.
public void Init(HttpApplication application)
{
application.AuthenticateRequest +=
(new EventHandler(this.Application_AuthenticateRequest));
}
private void Application_AuthenticateRequest(Object source, EventArgs e)
{
// get a HttpApplication objects to gain access request and response properties.
HttpApplication application = (HttpApplication)source;
// retrieve the cas host urls from application configuration file
string casLogin = ConfigurationManager.AppSettings.Get("loginUrl");
string casValidate = ConfigurationManager.AppSettings.Get("validateUrl");
if (casLogin == null || casLogin.Length < 1 || casValidate == null || casValidate.Length < 1)
{
// trigger a server error if cashost is not set in the web.config
application.Response.StatusCode = 500;
return;
}
// Create a generic principal on each request based on the authentication ticket cookie
// The user's role is also extracted from this cookie and pushed into the generic principal
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = application.Request.Cookies[cookieName];
// if the cookie exist we are authenticated
if (authCookie != null)
{
FormsAuthenticationTicket authTicket = null;
try
{
authTicket = FormsAuthentication.Decrypt(authCookie.Value);
}
catch
{
// TODO: Make a 500 error or go back to authentication
return;
}
if (authTicket == null)
{
// TODO: Make a 500 error or go back to authentication
return;
}
// create an identity objet
FormsIdentity identity = new FormsIdentity(authTicket);
// create a principal
GenericPrincipal principal = new GenericPrincipal(identity, null);
// attach the principal to tue context objet that will flow throughout the request.
application.Context.User = principal;
}
else
{
// Check if we are back from CAS Authentication
// Look for the "ticket=" string after the "?" in the URL when back from CAS
string casTicket = application.Request.QueryString["ticket"];
// The CAS service name is the page URL for CAS Server call back
// so any query string is discard.
string service = application.Request.Url.GetLeftPart(UriPartial.Path);
// First pass because there is no ticket, so redirect to CAS login
if (casTicket == null || casTicket.Length == 0)
{
// memorize the initial request query string
application.Response.Cookies[ReturnUrl].Value = application.Request.RawUrl;
// redirect to cas server
string redir = casLogin + "?service=" + service;
application.Response.Redirect(redir);
return;
}
else
{
// Second pass (return from CAS server) because there is a ticket in the query string to validate
string validateurl = casValidate + "?ticket=" + casTicket + "&" + "service=" + service;
WebClient client = new WebClient();
StreamReader Reader = new StreamReader(client.OpenRead(validateurl));
// Put the validation response in a string
string resp = Reader.ReadToEnd();
// Some boilerplate to set up the parse of validation response.
NameTable nt = new NameTable();
XmlNamespaceManager nsmgr = new XmlNamespaceManager(nt);
XmlParserContext context = new XmlParserContext(null, nsmgr, null, XmlSpace.None);
XmlTextReader reader = new XmlTextReader(resp, XmlNodeType.Element, context);
string netid = null;
// A very dumb use of XML by looping in all tags.
// Just scan for the "user". If it isn't there, its an error.
while (reader.Read())
{
if (reader.IsStartElement())
{
string tag = reader.LocalName;
if (tag == "user")
{
netid = reader.ReadString();
break;
}
}
}
reader.Close();
// If there was a problem, leave the message on the screen. Otherwise, return to original page.
if (netid == null)
{
application.Response.Write("Votre identité n'a pas été validé par le serveur CAS");
}
else
{
application.Response.Write("Bienvenue " + netid);
// create the authentication ticket and store the roles in the user data
FormsAuthenticationTicket formAuthTicket = new
FormsAuthenticationTicket(
1, // version
netid, // user name
DateTime.Now, // creation
DateTime.Now.AddMinutes(480), // expiration soit 8heures
false, // persistant
""); // userData
// encrypt the ticket
string encryptedTicket = FormsAuthentication.Encrypt(formAuthTicket);
// create a cookie and use the encrypted ticket as data
authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
// add the cookie to the response cookie collection
application.Response.Cookies.Add(authCookie);
// go the initial request URL
string returnUrl;
// if the return url cookie is lost, return to the default page
if (application.Request.Cookies[ReturnUrl] == null)
returnUrl = application.Request.ApplicationPath;
else
returnUrl = application.Request.Cookies[ReturnUrl].Value;
application.Response.Redirect(returnUrl);
}
}
}
}
}
} |
Probleme avec FormsAuthentication
Répondre avec citation
Partager