iucrimson / aspnet.security.cas Goto Github PK
View Code? Open in Web Editor NEWASP.NET Core authentication provider for CAS
License: MIT License
ASP.NET Core authentication provider for CAS
License: MIT License
Am I missing something ? Once the user is authenticated it doesn't look like the ticket is ever validated again to check if the ticket/cookie is still valid (user is never prompted to login again, until the session cookie is deleted from the browser or browser is closed), unless I am not seeing something.
Is the DisplayName option able to be added somehow? Previous version allowed for setting this property. I couldn't pull out the Caption property from the provider model, or its not available, just DisplayName and Name
Once I've logged in, if I get access to backchannel, I can run some of the authorization for external service against cas server. (proxy/proxyvalidate). Backchannel obviously has necessary cookies required to progress.
For calls to other services, I'll need cookies that my CAS server established, but curious how this is supposed to be handled if anyone is doing this. If I just inject a HttpClientFactory, or create a new HttpClient, those cookies aren't set, and naturally things break.
I have some questions.
I succesfully created a webapi project with netcore 2.1.
If a open a browser, and hit an url, it redirects me to the login page, after successfull login I get redirected to my url and get the response.
I noticed that the ".AspNetCore.Cookies" cookie is set on my browser and if I use postman and send the cookie in the header, I'll get results.
I have an angular6 application.
This app redirects to CAS login, and returns with a Service Ticket. Who should validate the service ticket and set the cookie? Angular or the WebApi?
Does the angular app, needs to add the cookie or the ST in the header for any request? (Maybe an HttpInterceptor?
Thanks!
Is it possible to obtain additional attributes?
Is there a way to customize what goes in the "service" GET param on the initial request to the CAS server.
My asp.net core app lives inside a container, and the service seems to always be the container name, instead of my server fqdn.
Hi,
Is your latest AspNetCore.Security.CAS library support CAS 3.0 protocol. Please let us know and if it is possible then please try to update the example.
Thank you so much for the support.
This may be simple issue not related to this dll, but I am getting web timout with too many redirects.
It just cycles through over and over:
GET https://xxx/
302 Redirect to https://xxx/login?ReturnUrl=%2F
GET https://xxx/login?ReturnUrl=%2F
302 Redirect to https://sso/cas/login?service=
GET https://sso/cas/login?service=
302 Redirect to https://sso/commonauth?
GET https://sso/commonauth?
302 Redirect to https://sso/cas/login?sessionDataKey=
GET https://sso/cas/login?sessionDataKey=a
302 Redirect to https://xxx/signin-cas?
GET https://xxx/signin-cas?
302 Redirect to /
GET https://xxx/
302 Redirect to https://xxx/login?ReturnUrl=%2F
Any help would be appreciated.
Hello
I receive the following error after login
Exception: Correlation failed.
Any idea?
thank you
Does this implementation support JWT?
Hello,
When I login I receive the following message
"error loading external login information"
I also notice that at the url returns
http://localhost:xxxxx/Identity/Account/Login?ReturnUrl=%2F
Any idea?
Thank you
Is there any way to configure a outbound HTTP proxy?
Hello, I would like to ask how can I set the redirect page after the user logs in. I use MVC 5 .Thank you
Hi,
I'm trying this library in my api project with net core 2.
I was able to succesfully login (being redirected to CAS page and the back to my app)
I have two questions?
[Route("logout")]
public async Task Logout(string returnUrl) {
var props = new AuthenticationProperties { RedirectUri = returnUrl };
var user = HttpContext.User.Identity;
await HttpContext.SignOutAsync();
}
Status Code: 404; Not Found
Hello! How can I allow users that have already login with Owin Cas to see pages that have been marked as [Authorize] in controller actions? It returns the user again to login page. thank you
As of now implementation allows only one url: CasServerUrlBase
. This is used by ticket validators and user redirect. A use case exists where user is taken to a different domain than what the server side uses.
XmlException: '=' is an unexpected token. The expected token is ';'. Line 85, position 407.
Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler+d__12.MoveNext()
This is after making a copy of your sample project. I set the CasBaseUrl correctly. I can't tell what file is actually giving the error.
Hi,
Is there a reason the namespace is hardcoded in Cas2TicketValidator? It causes the parsing of the authenticationSuccess message to fail.
private readonly XNamespace _ns = "http://www.yale.edu/tp/cas";
i didn't find any code process cas server logout request,it only provider a front end logout method,however
when my app is deploy more then one node,the logout is not work,can you support this feature
Your readme indicates that the package supports CAS 2.0. Do you expect to add support for CAS 3.0 in the near future?
We are running this on a subroute with an Angular frontend. The AddCookie options.LoginPath needs to go to /account/login but it is not honoring that.
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.LoginPath = new PathString("/account/login");
})
.AddCAS(options =>
{
options.CasServerUrlBase = Configuration["CasBaseUrl"]; // Set in `appsettings.json` file.
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.CallbackPath = new PathString("/account/signin-cas");
});
User Controller Route
[AllowAnonymous]
[Route("account/login")]
public async Task Login(string returnUrl)
{
var props = new AuthenticationProperties { RedirectUri = returnUrl };
await HttpContext.ChallengeAsync("CAS", props);
}
It appears to be sending to the root /login. Are we missing something? @davidmdem
Hi - would you have a code sample/walkthrough of how to combine this with ASP.NET Core aspnet security to allow for traditional authorisation on controllers - so that I could write code like:
[Authorize(Roles = "System Administrator")]
in my controllers?
Any help much appreciated.
With Asp.NET Core RC2 released, the project needs updated.
Iwrite a modification of your code, I want send you a pull reques.
the change is add iwa param to url, but only if the mode is windows.
I've got a weird occasional thing that happens.. .seems like its after a browser sits a while... or maybe session expired, but a cookie is hanging around or something... I'll randomly get
Missing CAS ticket exception, and simply attempting to reload resolves the problem.
Also, occasionally get a problem trying to decode state data, and I think that one may have to do with data protection keys?
I'm just trying to understand what causes these so I can either check for those problems and basically initiate login again. Any input would be greatly appreciated.
The 'meta' start tag on line 25 position 4 does not match the end tag of 'head'. Line 28, position 4.
System.Xml.XmlException: The 'meta' start tag on line 25 position 4 does not match the end tag of 'head'. Line 28, position 4.
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler1.<HandleRequestAsync>d__12.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter
1.GetResult()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.d__7.MoveNext()
Accept | text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 |
---|---|
Accept-Encoding | gzip, deflate |
Accept-Language | zh-CN,zh;q=0.9 |
Cache-Control | max-age=0 |
Connection | close |
Cookie | .AspNetCore.Correlation.CAS.EbNSSTqqmTbO5GCQDyPxL0Or6volOPdy-9r8FWT9ISw=N |
Host | 127.0.0.1:63210 |
REMOTE-HOST | www.mydomain.com |
Upgrade-Insecure-Requests | 1 |
User-Agent | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36 |
Maybe I am missing something here in the flow.
At this point User.Identity reports authenticated: false
Should there be another endpoint to exchange the ticket for data, or am i missing a configuration option that would yield the user already being authenticated at this point.
In your project's readme file, at the very bottom, you reference the old Jasig .NET Cas Client. That repository/group has long since been renamed to Apereo. Can you update your reference to point to https://github.com/apereo/dotnet-cas-client/, which it gets redirected to anyways.
Also, I think it'd be worth pointing out, in your reference, that currently that repository only targets .NET Framework. There is currently no .NET Core support, which is important to note since your project targets .NET Core. There are plans to eventually support OWIN/.NET Standard (and therefore .NET Core), but there is no official timetable for that yet.
Thanks!
no support .netcore3.1,找不到 Web 地址对应的网页: https://localhost:5001/signin-cas?state=CfDJ8J09GAFHuTZIuYMISDqj1OY_ROAYXWC4e_hzHfwOhPDCj0k0Na2PDcucPU3n_w8YoVrbth_FHMxNChHEZjcPneL8I7RnbCdu5P_bN2KaySoMqtCY1HmmId2O_2TfV06Cwgh48FMuFpLYwkknvVnjQZGjmt6vOL7ZFXHeTbUXom3rEntdDB5_B5T2VS4bNGgWanHed67SnsedS9HWAD7vbdfisgDpaci4p_dCSfuBmBRK&ticket=ST-24-ifA-2V9fB6dCkqJIXp5N1kjBSXY-10_105_34_146
Hi i am using CAS for single sign-on in my application(.Net Core2.2). I was able to login with CAS, I am getting the username only but not email or any other attributes from CAS.
For authentication in CAS side I am using AspNetCore.Security.CAS Nuget Pacakage and configured in Startup.cs file below is the code.
In startup's ConfigureServices method:
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options => {
options.LoginPath = new PathString("/login");
})
.AddCAS(options =>
{
options.CasServerUrlBase = Configuration["CasBaseUrl"];
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
});
In your startup's Configure method before UseMvc:
app.UseAuthentication();
In Context I am able to get username from context.Principal.Identity.Name but not able to find out other attribute information. Please help me for this.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.