/// <summary>
/// Login to the campus DistAuth system using CAS
/// </summary>
private void CASLogin()
{
string loginUrl = STR_CAS_URL;
// get the context from the source
HttpContext context = HttpContext.Current;
// try to load a valid ticket
HttpCookie validCookie = context.Request.Cookies[FormsAuthentication.FormsCookieName];
FormsAuthenticationTicket validTicket = null;
// check to make sure cookie is valid by trying to decrypt it
if (validCookie != null)
{
try
{
validTicket = FormsAuthentication.Decrypt(validCookie.Value);
}
catch
{
validTicket = null;
}
}
// if user is unauthorized and no validTicket is defined then authenticate with cas
//if (context.Response.StatusCode == 0x191 && (validTicket == null || validTicket.Expired))
if (validTicket == null || validTicket.Expired)
{
// build query string but strip out ticket if it is defined
string query = "";
foreach (string key in context.Request.QueryString.AllKeys)
{
if (String.Compare(key, STR_Ticket, true) != 0)
{
query += "&" + key + "=" + context.Request.QueryString[key];
}
}
// replace 1st character with ? if query is not empty
if (!String.IsNullOrEmpty(query))
{
query = "?" + query.Substring(1);
}
// get ticket & service
string ticket = context.Request.QueryString[STR_Ticket];
string service = context.Server.UrlEncode(context.Request.Url.GetLeftPart(UriPartial.Path) + query);
// if ticket is defined then we assume they are coming from CAS
if (!String.IsNullOrEmpty(ticket))
{
// validate ticket against cas
StreamReader sr = new StreamReader(new WebClient().OpenRead(loginUrl + "validate?ticket=" + ticket + "&service=" + service));
// parse text file
if (sr.ReadLine() == "yes")
{
// get kerberos id
string kerberos = sr.ReadLine();
// set forms authentication ticket
FormsAuthentication.SetAuthCookie(kerberos, false);
// pull out the user info and save in a session object
var user = UserBLL.GetByLogin(kerberos);
if (user != null)
{
Session["userdetails"] = new UserDetails
{
Login = kerberos,
Name = string.Format("{0} {1}", user.FirstName, user.LastName),
Email = user.Email
};
}
// redirect to original url
string returnURL = context.Request.QueryString[STR_ReturnURL];
if (returnURL == null)
returnURL = FormsAuthentication.DefaultUrl;
context.Response.Redirect(returnURL);
return;
}
}
// ticket doesn't exist or is invalid so redirect user to CAS login
context.Response.Redirect(loginUrl + "login?service=" + service);
}
}
