iucrimson / aspnet.security.cas Goto Github PK

Am I missing something ? Once the user is authenticated it doesn't look like the ticket is ever validated again to check if the ticket/cookie is still valid (user is never prompted to login again, until the session cookie is deleted from the browser or browser is closed), unless I am not seeing something.

Is the DisplayName option able to be added somehow? Previous version allowed for setting this property. I couldn't pull out the Caption property from the provider model, or its not available, just DisplayName and Name

Once I've logged in, if I get access to backchannel, I can run some of the authorization for external service against cas server. (proxy/proxyvalidate). Backchannel obviously has necessary cookies required to progress.

For calls to other services, I'll need cookies that my CAS server established, but curious how this is supposed to be handled if anyone is doing this. If I just inject a HttpClientFactory, or create a new HttpClient, those cookies aren't set, and naturally things break.

I have some questions.
I succesfully created a webapi project with netcore 2.1.
If a open a browser, and hit an url, it redirects me to the login page, after successfull login I get redirected to my url and get the response.

I noticed that the ".AspNetCore.Cookies" cookie is set on my browser and if I use postman and send the cookie in the header, I'll get results.

I have an angular6 application.
This app redirects to CAS login, and returns with a Service Ticket. Who should validate the service ticket and set the cookie? Angular or the WebApi?

Does the angular app, needs to add the cookie or the ST in the header for any request? (Maybe an HttpInterceptor?

Thanks!

Is it possible to obtain additional attributes?

Is there a way to customize what goes in the "service" GET param on the initial request to the CAS server.

My asp.net core app lives inside a container, and the service seems to always be the container name, instead of my server fqdn.

Hi,
Is your latest AspNetCore.Security.CAS library support CAS 3.0 protocol. Please let us know and if it is possible then please try to update the example.
Thank you so much for the support.

This may be simple issue not related to this dll, but I am getting web timout with too many redirects.
It just cycles through over and over:
GET https://xxx/
302 Redirect to https://xxx/login?ReturnUrl=%2F

GET https://xxx/login?ReturnUrl=%2F
302 Redirect to https://sso/cas/login?service=

GET https://sso/cas/login?service=
302 Redirect to https://sso/commonauth?

GET https://sso/commonauth?
302 Redirect to https://sso/cas/login?sessionDataKey=

GET https://sso/cas/login?sessionDataKey=a
302 Redirect to https://xxx/signin-cas?

GET https://xxx/signin-cas?
302 Redirect to /

GET https://xxx/
302 Redirect to https://xxx/login?ReturnUrl=%2F

Any help would be appreciated.

Hello
I receive the following error after login

Exception: Correlation failed.

Any idea?
thank you

Does this implementation support JWT?

Hello,

When I login I receive the following message

"error loading external login information"

I also notice that at the url returns
http://localhost:xxxxx/Identity/Account/Login?ReturnUrl=%2F

Any idea?
Thank you

Is there any way to configure a outbound HTTP proxy?

Hello, I would like to ask how can I set the redirect page after the user logs in. I use MVC 5 .Thank you

Hi,
I'm trying this library in my api project with net core 2.

I was able to succesfully login (being redirected to CAS page and the back to my app)
I have two questions?

1. If I logout in CAS from another application (2) in my app, it seems that my login is still valid, How can I check if my ticket is still valid?
2. What about the logout action? Is ok something like

[Route("logout")]
public async Task Logout(string returnUrl) {
            var props = new AuthenticationProperties { RedirectUri = returnUrl };
            var user = HttpContext.User.Identity;
            await HttpContext.SignOutAsync();
}

Status Code: 404; Not Found

Hello! How can I allow users that have already login with Owin Cas to see pages that have been marked as [Authorize] in controller actions? It returns the user again to login page. thank you

As of now implementation allows only one url: CasServerUrlBase. This is used by ticket validators and user redirect. A use case exists where user is taken to a different domain than what the server side uses.

XmlException: '=' is an unexpected token. The expected token is ';'. Line 85, position 407.
Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler+d__12.MoveNext()

This is after making a copy of your sample project. I set the CasBaseUrl correctly. I can't tell what file is actually giving the error.

Hi,

Is there a reason the namespace is hardcoded in Cas2TicketValidator? It causes the parsing of the authenticationSuccess message to fail.

private readonly XNamespace _ns = "http://www.yale.edu/tp/cas";

i didn't find any code process cas server logout request,it only provider a front end logout method,however
when my app is deploy more then one node,the logout is not work,can you support this feature

Your readme indicates that the package supports CAS 2.0. Do you expect to add support for CAS 3.0 in the near future?

We are running this on a subroute with an Angular frontend. The AddCookie options.LoginPath needs to go to /account/login but it is not honoring that.

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
              .AddCookie(options =>
              {
                  options.LoginPath = new PathString("/account/login");
              })
              .AddCAS(options =>
              {
                  options.CasServerUrlBase = Configuration["CasBaseUrl"];   // Set in `appsettings.json` file.
                  options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                  options.CallbackPath = new PathString("/account/signin-cas");
              });

User Controller Route

[AllowAnonymous]
        [Route("account/login")]
        public async Task Login(string returnUrl)
        {
            var props = new AuthenticationProperties { RedirectUri = returnUrl };
            await HttpContext.ChallengeAsync("CAS", props);
        }

It appears to be sending to the root /login. Are we missing something? @davidmdem

Hi - would you have a code sample/walkthrough of how to combine this with ASP.NET Core aspnet security to allow for traditional authorisation on controllers - so that I could write code like:

[Authorize(Roles = "System Administrator")]

in my controllers?

Any help much appreciated.

With Asp.NET Core RC2 released, the project needs updated.

Iwrite a modification of your code, I want send you a pull reques.
the change is add iwa param to url, but only if the mode is windows.

I've got a weird occasional thing that happens.. .seems like its after a browser sits a while... or maybe session expired, but a cookie is hanging around or something... I'll randomly get

Missing CAS ticket exception, and simply attempting to reload resolves the problem.

Also, occasionally get a problem trying to decode state data, and I think that one may have to do with data protection keys?

I'm just trying to understand what causes these so I can either check for those problems and basically initiate login again. Any input would be greatly appreciated.

The 'meta' start tag on line 25 position 4 does not match the end tag of 'head'. Line 28, position 4.

System.Xml.XmlException: The 'meta' start tag on line 25 position 4 does not match the end tag of 'head'. Line 28, position 4.
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler1.<HandleRequestAsync>d__12.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter1.GetResult()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.d__7.MoveNext()

nginx proxy host error
i edit code \AspNetCore.Security.CAS\CasHandler.cs
private string BuildReturnTo(string state)
{
// var host = Request.Host;
var host = "www.mydomain.com";
return Request.Scheme + "://" + host +
Request.PathBase + Options.CallbackPath +
"?state=" + Uri.EscapeDataString(state);
}
when return url http://www.mydomain.com/signin-cas?state= error
Exception: Failed to retrieve user information from remote server.
Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler+d__12.MoveNext()
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
Microsoft.AspNetCore.Authentication.AuthenticationMiddleware+d__6.MoveNext()
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware+d__7.MoveNext()

Maybe I am missing something here in the flow.

1. User hits my defined login URL.
2. This redirects them to the CAS server.
3. After logging in user is redirected back to my page with the ?ticket=<...> get parameter appended.

At this point User.Identity reports authenticated: false
Should there be another endpoint to exchange the ticket for data, or am i missing a configuration option that would yield the user already being authenticated at this point.

In your project's readme file, at the very bottom, you reference the old Jasig .NET Cas Client. That repository/group has long since been renamed to Apereo. Can you update your reference to point to https://github.com/apereo/dotnet-cas-client/, which it gets redirected to anyways.

Also, I think it'd be worth pointing out, in your reference, that currently that repository only targets .NET Framework. There is currently no .NET Core support, which is important to note since your project targets .NET Core. There are plans to eventually support OWIN/.NET Standard (and therefore .NET Core), but there is no official timetable for that yet.

Thanks!

no support .netcore3.1,找不到 Web 地址对应的网页: https://localhost:5001/signin-cas?state=CfDJ8J09GAFHuTZIuYMISDqj1OY_ROAYXWC4e_hzHfwOhPDCj0k0Na2PDcucPU3n_w8YoVrbth_FHMxNChHEZjcPneL8I7RnbCdu5P_bN2KaySoMqtCY1HmmId2O_2TfV06Cwgh48FMuFpLYwkknvVnjQZGjmt6vOL7ZFXHeTbUXom3rEntdDB5_B5T2VS4bNGgWanHed67SnsedS9HWAD7vbdfisgDpaci4p_dCSfuBmBRK&ticket=ST-24-ifA-2V9fB6dCkqJIXp5N1kjBSXY-10_105_34_146

Hi i am using CAS for single sign-on in my application(.Net Core2.2). I was able to login with CAS, I am getting the username only but not email or any other attributes from CAS.

For authentication in CAS side I am using AspNetCore.Security.CAS Nuget Pacakage and configured in Startup.cs file below is the code.

In startup's ConfigureServices method:

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)

.AddCookie(options => {
options.LoginPath = new PathString("/login");
})

.AddCAS(options =>
{
options.CasServerUrlBase = Configuration["CasBaseUrl"];
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
});
In your startup's Configure method before UseMvc:

app.UseAuthentication();
In Context I am able to get username from context.Principal.Identity.Name but not able to find out other attribute information. Please help me for this.