<p> Administration General Direction Information Technology Direction</p><p>CAS .NET</p><p>CAS-SSO IN THE .NET WEB-APPLICATIONS</p><p>Type of document:  working document  waiting for validation  approved for diffusion</p><p>Référence : 019f08e37f72d22fecf8cc668802e368.docx</p><p>Objectives of the document :</p><p>This document describes the best practices of the single sign-on « CAS » tool integration in a .NET application development for the Council of Europe. </p><p>This document is the Council of Europe’s property. It can’t be reproduced or communicated without the author’s agreement.</p><p>019f08e37f72d22fecf8cc668802e368.docx [CAS .NET] Dernière modification 15 novembre 2012 à 09:50:00 Auteur </p><p>Version : 1.0 Page 1 / 6 CAS .NET CAS-SSO in the .NET web-applications</p><p>Sommaire</p><p>019f08e37f72d22fecf8cc668802e368.docx [CAS .NET] Last modification 15 novembre 2012 à 09:50:00 Author </p><p>Version : 1.0 Page 2 / 6 CAS .NET CAS-SSO in the .NET web-applications</p><p>1. INTRODUCTION</p><p>1.1 OBJECTIVES</p><p>This document describes the best practices of the single sign-on « CAS » tool integration in a .NET application development for the Council of Europe. </p><p>2. INTÉGRATION - C# - ASP.NET</p><p>2.1 REFERENCE</p><p>The CasModule reference must be added to the Web Project. This library is available in the common_dlls directory linked to the solution. </p><p>2.2 WEB.CONFIG</p><p>Add the following lines in the web.config</p><p><configuration> . . <appSettings> <!--config CAS--> <!—to desactivate CAS, please comment the CasModule line + CasAuthActivate="false" + Authentication mode="Windows" --> <add key ="CasAuthActivate" value="true"/> <add key="CASTimeoutInMinutes" value="10"/> <add key="CASCheckIntervalInMinutes" value="5"/> <add key="loginUrl" value="https://cas.coe.int/cas/login"/> <add key="validateUrl" value="https://cas.coe.int/cas/serviceValidate"/> <add key="logoutUrl" value="https://cas.coe.int/cas/logout"/> </appSettings> . . </configuration></p><p>And</p><p><system.web> . . <httpModules> <!—to desactivate CAS, please comment the CasModule line + CasAuthActivate="false" + Authentication mode="Windows" --> <add name="CasModule" type="Upmc.CasModule.CasModule, CasModule"/> </httpModules> .</p><p>019f08e37f72d22fecf8cc668802e368.docx [CAS .NET] Last modification 15 novembre 2012 à 09:50:00 Author </p><p>Version : 1.0 Page 3 / 6 CAS .NET CAS-SSO in the .NET web-applications</p><p>. </system.web> NB : The key “Folders_Without_CAS_Authentication” est is very important because she makes CAS know the folders that need an authentication (e.g. « webforms/tools » for the Sanity Tests).</p><p>2.3 CODE</p><p>Code to include in the masterpage</p><p>- e.g. in the Page_Load</p><p>//username without CAS string user = Page.User.Identity.Name;</p><p>//if CAS is activated, username is in HTTTPContext string casAuthent = appSettings.Get("CasAuthActivate"); if (casAuthent != null && casAuthent.ToLower().Equals("true")) { user = System.Web.HttpContext.Current.User.Identity.Name; CheckCASSession(); }</p><p>- PreviousCheckTime function</p><p>/// <summary> // allows to check the last check date of the CAS connection // </summary> Protected DateTime PreviousCheckTime { get { if (Session["PreviousCheckTime"] == null) { Session["PreviousCheckTime"] = DateTime.Now; } return (DateTime)Session["PreviousCheckTime"]; } set { Session["PreviousCheckTime"] = value; } }</p><p>- CheckCASSEssion function</p><p>/// <summary> /// MOE - issue 0012967: [CAS] Check of the validity of a CAS session /// The user asks for a page => Does the last time extension is 5 minutes old or more? /// - Yes => Makes a request on a CAS Page (e.g. cas.coe.int/login) /// 1) Request on the login page to extend the session</p><p>019f08e37f72d22fecf8cc668802e368.docx [CAS .NET] Last modification 15 novembre 2012 à 09:50:00 Author </p><p>Version : 1.0 Page 4 / 6 CAS .NET CAS-SSO in the .NET web-applications</p><p>/// (this does delete the cookie if it’s still here by error) /// 2) check the presence of the CAS cookie /// - No => Displays the requested page /// </summary> private void CheckCASSession() { NameValueCollection appSettings = ConfigurationManager.AppSettings;</p><p> if (Request.HttpMethod == "POST" || appSettings.Get("CASCheckIntervalInMinutes") == "-1") { //we’re in POST mode where the periodical check of CAS is disabled, so we don’t go further //In POST mode we don’t check, in order no to lose some data return; }</p><p> int nCASCheckInterval; if (!Int32.TryParse(appSettings.Get("CASCheckIntervalInMinutes"), out nCASCheckInterval)) { nCASCheckInterval = 5; }</p><p> if (PreviousCheckTime.AddMinutes(nCASCheckInterval) < DateTime.Now) { //last check is more than 5 minutes old</p><p>//update PreviousCheckTime PreviousCheckTime = DateTime.Now;</p><p>/// 1) Request on the login page to extend the session /// (this does delete the cookie if it’s still here by error)</p><p> string sUrlCAS = appSettings.Get("loginUrl") + "?service=" + this.Request.Url; Response.Redirect(sUrlCAS, false);</p><p>/// 2) check the presence of the CAS cookie foreach (string cookieMonster in Request.Cookies) { if (cookieMonster.ToLower().Contains("castgc")) { return; } }</p><p>// no cookie --> we redirect to the CAS Login Response.Redirect( sUrlCAS, true );</p><p>019f08e37f72d22fecf8cc668802e368.docx [CAS .NET] Last modification 15 novembre 2012 à 09:50:00 Author </p><p>Version : 1.0 Page 5 / 6 CAS .NET CAS-SSO in the .NET web-applications</p><p>Response.End(); } }</p><p>End of the document</p><p>019f08e37f72d22fecf8cc668802e368.docx [CAS .NET] Last modification 15 novembre 2012 à 09:50:00 Author </p><p>Version : 1.0 Page 6 / 6</p>