/// <summary> /// Constructs a service URL using configured values in the following order: /// 1. if not empty, the value configured for Service is used /// - otherwise - /// 2. the value configured for ServerName is used together with HttpRequest /// data /// </summary> /// <remarks> /// The server name is not parsed from the request for security reasons, which /// is why the service and server name configuration parameters exist, per Jasig /// website. /// </remarks> /// <returns>the service URL to use, not encoded</returns> public static string ConstructServiceUrl(bool gateway) { CasAuthentication.Initialize(); HttpContext context = HttpContext.Current; HttpRequest request = context.Request; StringBuilder buffer = new StringBuilder(); if (!(CasAuthentication.ServerName.StartsWith("https://") || CasAuthentication.ServerName.StartsWith("http://"))) { buffer.Append(request.IsSecureConnection ? "https://" : "http://"); } buffer.Append(CasAuthentication.ServerName); EnhancedUriBuilder ub = new EnhancedUriBuilder(buffer.ToString()); ub.Path = request.Url.AbsolutePath; ub.QueryItems.Add(request.QueryString); ub.QueryItems.Remove(CasAuthentication.TicketValidator.ServiceParameterName); ub.QueryItems.Remove(CasAuthentication.TicketValidator.ArtifactParameterName); if (gateway) { ub.QueryItems.Set(CasAuthentication.GatewayParameterName, "true"); } else { ub.QueryItems.Remove(CasAuthentication.GatewayParameterName); } return(ub.Uri.AbsoluteUri); }
/// <summary> /// Constructs a URL used to check the validitiy of a service ticket, with or without a proxy /// callback URL, and with or without requiring renewed credentials. /// </summary> /// <remarks>See CAS Protocol specification, section 2.5</remarks> /// <param name="serviceTicket">The service ticket to validate.</param> /// <param name="renew"> /// Whether or not renewed credentials are required. If True, ticket validation /// will fail for Single Sign On credentials. /// </param> /// <param name="gateway"> /// whether or not to include gatewayResponse=true in the request (client specific). /// </param> /// <param name="customParameters">custom parameters to add to the validation URL</param> /// <returns>The service ticket validation URL to use</returns> public static string ConstructValidateUrl(string serviceTicket, bool gateway, bool renew, NameValueCollection customParameters) { if (gateway && renew) { throw new ArgumentException("Gateway and Renew parameters are mutually exclusive and cannot both be True"); } CasAuthentication.Initialize(); EnhancedUriBuilder ub = new EnhancedUriBuilder(EnhancedUriBuilder.Combine(CasAuthentication.CasServerUrlPrefix, CasAuthentication.TicketValidator.UrlSuffix)); ub.QueryItems.Add(CasAuthentication.TicketValidator.ServiceParameterName, HttpUtility.UrlEncode(ConstructServiceUrl(gateway))); ub.QueryItems.Add(CasAuthentication.TicketValidator.ArtifactParameterName, serviceTicket); if (renew) { ub.QueryItems.Set("renew", "true"); } if (customParameters != null) { for (int i = 0; i < customParameters.Count; i++) { string key = customParameters.AllKeys[i]; string value = customParameters[i]; ub.QueryItems.Add(key, value); } } return(ub.Uri.AbsoluteUri); }
/// <summary> /// Constructs the URL to use for redirection to the CAS server for login /// </summary> /// <remarks> /// The server name is not parsed from the request for security reasons, which /// is why the service and server name configuration parameters exist. /// </remarks> /// <returns>The redirection URL to use</returns> public static string ConstructLoginRedirectUrl(bool gateway, bool renew) { if (gateway && renew) { throw new ArgumentException("Gateway and Renew parameters are mutually exclusive and cannot both be True"); } CasAuthentication.Initialize(); EnhancedUriBuilder ub = new EnhancedUriBuilder(CasAuthentication.FormsLoginUrl); ub.QueryItems.Set(CasAuthentication.TicketValidator.ServiceParameterName, HttpUtility.UrlEncode(ConstructServiceUrl(gateway))); if (renew) { ub.QueryItems.Add("renew", "true"); } else if (gateway) { ub.QueryItems.Add("gateway", "true"); } string url = ub.Uri.AbsoluteUri; return url; }
/// <summary> /// Constructs a proxy callback URL containing a ProxyCallbackParameter /// (proxyResponse by default). This URL is sent to the CAS server during a proxy /// ticket request and is then connected to by the CAS server. If the 'CasProxyCallbackUrl' settings is specified, /// its value will be used to construct the proxy url. Otherwise, `ServerName` will be used. /// If the CAS server cannot successfully connect (generally due to SSL configuration issues), the /// CAS server will refuse to send a proxy ticket. /// </summary> /// <returns>the proxy callback URL to use</returns> public static string ConstructProxyCallbackUrl(bool gateway) { CasAuthentication.Initialize(); HttpContext context = HttpContext.Current; HttpRequest request = context.Request; EnhancedUriBuilder ub = null; if (CasAuthentication.CasProxyCallbackUrl != null && CasAuthentication.CasProxyCallbackUrl.Length > 0) { ub = new EnhancedUriBuilder(CasAuthentication.CasProxyCallbackUrl); } else { ub = new EnhancedUriBuilder(CasAuthentication.ServerName); } ub.Path = request.Url.AbsolutePath; ub.QueryItems.Add(request.QueryString); ub.QueryItems.Remove(CasAuthentication.TicketValidator.ArtifactParameterName); if (gateway) { ub.QueryItems.Set(CasAuthentication.GatewayParameterName, "true"); } else { ub.QueryItems.Remove(CasAuthentication.GatewayParameterName); } return(ub.Uri.AbsoluteUri); }
/// <summary> /// Constructs a proxy callback URL containing a ProxyCallbackParameter /// (proxyResponse by default). This URL is sent to the CAS server during a proxy /// ticket request and is then connected to by the CAS server. If the 'CasProxyCallbackUrl' settings is specified, /// its value will be used to construct the proxy url. Otherwise, `ServerName` will be used. /// If the CAS server cannot successfully connect (generally due to SSL configuration issues), the /// CAS server will refuse to send a proxy ticket. /// </summary> /// <returns>the proxy callback URL to use</returns> public static string ConstructProxyCallbackUrl(bool gateway) { CasAuthentication.Initialize(); HttpContext context = HttpContext.Current; HttpRequest request = context.Request; EnhancedUriBuilder ub = null; if (CasAuthentication.CasProxyCallbackUrl != null && CasAuthentication.CasProxyCallbackUrl.Length > 0) { ub = new EnhancedUriBuilder(CasAuthentication.CasProxyCallbackUrl); } else { ub = new EnhancedUriBuilder(CasAuthentication.ServerName); ub.Path = request.Url.AbsolutePath; } // Disallow dynamic parameters (see https://github.com/Jasig/dotnet-cas-client/issues/23) // ub.QueryItems.Add(request.QueryString); ub.QueryItems.Remove(CasAuthentication.TicketValidator.ArtifactParameterName); if (gateway) { ub.QueryItems.Set(CasAuthentication.GatewayParameterName, "true"); } else { ub.QueryItems.Remove(CasAuthentication.GatewayParameterName); } return(ub.Uri.AbsoluteUri); }
/// <summary> /// Constructs the URL to use for redirection to the CAS server for login /// </summary> /// <remarks> /// The server name is not parsed from the request for security reasons, which /// is why the service and server name configuration parameters exist. /// </remarks> /// <returns>The redirection URL to use</returns> public static string ConstructLoginRedirectUrl(bool gateway, bool renew) { if (gateway && renew) { throw new ArgumentException("Gateway and Renew parameters are mutually exclusive and cannot both be True"); } CasAuthentication.Initialize(); EnhancedUriBuilder ub = new EnhancedUriBuilder(CasAuthentication.FormsLoginUrl); ub.QueryItems.Set(CasAuthentication.TicketValidator.ServiceParameterName, HttpUtility.UrlEncode(ConstructServiceUrl(gateway))); if (renew) { ub.QueryItems.Add("renew", "true"); } else if (gateway) { ub.QueryItems.Add("gateway", "true"); } string url = ub.Uri.AbsoluteUri; return(url); }
/// <summary> /// Returns a copy of the URL supplied modified to remove CAS protocol-specific /// URL parameters. /// </summary> /// <param name="url">The URL to remove CAS artifacts from</param> /// <returns>The URL supplied without CAS artifacts</returns> public static string RemoveCasArtifactsFromUrl(string url) { CommonUtils.AssertNotNullOrEmpty(url, "url parameter can not be null or empty."); CasAuthentication.Initialize(); EnhancedUriBuilder ub = new EnhancedUriBuilder(url); ub.QueryItems.Remove(CasAuthentication.TicketValidator.ArtifactParameterName); ub.QueryItems.Remove(CasAuthentication.TicketValidator.ServiceParameterName); ub.QueryItems.Remove(CasAuthentication.GatewayParameterName); ub.QueryItems.Remove(CasAuthentication.ProxyCallbackParameterName); // ++ NETC-28 Uri uriServerName; if (CasAuthentication.ServerName.StartsWith("http://", StringComparison.InvariantCultureIgnoreCase) || CasAuthentication.ServerName.StartsWith("https://", StringComparison.InvariantCultureIgnoreCase)) { uriServerName = new Uri(CasAuthentication.ServerName); } else { // .NET URIs require scheme uriServerName = new Uri("https://" + CasAuthentication.ServerName); } ub.Scheme = uriServerName.Scheme; ub.Host = uriServerName.Host; ub.Port = uriServerName.Port; return(ub.Uri.AbsoluteUri); }
/// <summary> /// Constructs a proxy callback URL containing a ProxyCallbackParameter /// (proxyResponse by default). This URL is sent to the CAS server during a proxy /// ticket request and is then connected to by the CAS server. If the CAS server /// cannot successfully connect (generally due to SSL configuration issues), the /// CAS server will refuse to send a proxy ticket. /// </summary> /// <remarks> /// This is a .NET implementation specific method used to eliminate the need for /// a special HTTP Handler. Essentially, if the client detects an incoming request /// with the ProxyCallbackParameter in the URL (i.e., proxyResponse), that request /// is treated specially and behaves as if it were handled by an HTTP Handler. In /// other words, this behavior may or may not short circuit the request event /// processing and will not allow the underlying page to execute and transmit back to /// the client. If your application does coincidentally make use of the key /// 'proxyResponse' as a URL parameter, you will need to configure a custom /// proxyCallbackParameter value which does not conflict with the URL parameters in /// your application. /// </remarks> /// <returns>the proxy callback URL to use</returns> public static string ConstructProxyCallbackUrl() { CasAuthentication.Initialize(); EnhancedUriBuilder ub = new EnhancedUriBuilder(ConstructProxyCallbackUrl(false)); ub.QueryItems.Set(CasAuthentication.ProxyCallbackParameterName, "true"); return ub.Uri.AbsoluteUri; }
/// <summary> /// Constructs the URL to use for redirection to the CAS server for single /// signout. The CAS server will invalidate the ticket granting ticket and /// redirect back to the current page. The web application must then call /// ClearAuthCookie and revoke the ticket from the ServiceTicketManager to sign /// the client out. /// </summary> /// <returns>the redirection URL to use, not encoded</returns> public static string ConstructSingleSignOutRedirectUrl() { CasAuthentication.Initialize(); // TODO: Make "logout" configurable EnhancedUriBuilder ub = new EnhancedUriBuilder(EnhancedUriBuilder.Combine(CasAuthentication.CasServerUrlPrefix, "logout")); ub.QueryItems.Set(CasAuthentication.TicketValidator.ServiceParameterName, HttpUtility.UrlEncode(ConstructServiceUrl(false))); return ub.Uri.AbsoluteUri; }
/// <summary> /// Constructs a proxy ticket request URL containing both a proxy granting /// ticket and a URL Encoded targetServiceUrl. The URL returned will generally only /// be executed by the CAS client as a part of a proxy redirection in /// CasAuthentication.ProxyRedirect(...) or CasAuthentication.GetProxyTicketIdFor(...) /// but may also be used by applications which require low-level access to the proxy /// ticket request functionality. /// </summary> /// <param name="proxyGrantingTicketId"> /// The proxy granting ticket used to authorize the request for a proxy ticket on the /// CAS server /// </param> /// <param name="targetService"> /// The target service URL to request a proxy ticket request URL for /// </param> /// <returns>The URL to use to request a proxy ticket for the targetService specified</returns> public static string ConstructProxyTicketRequestUrl(string proxyGrantingTicketId, string targetService) { CasAuthentication.Initialize(); // TODO: Make "proxy" configurable. EnhancedUriBuilder ub = new EnhancedUriBuilder(EnhancedUriBuilder.Combine(CasAuthentication.CasServerUrlPrefix, "proxy")); ub.QueryItems.Add("pgt", proxyGrantingTicketId); ub.QueryItems.Add("targetService", HttpUtility.UrlEncode(targetService)); return(ub.Uri.AbsoluteUri); }
/// <summary> /// Attempts to request a proxy ticket for the targetService specified and /// returns a URL appropriate for redirection to the targetService containing /// a ticket. /// </summary> /// <param name="targetService">The target service for proxy authentication</param> /// <param name="proxyTicketUrlParameter"> /// The name of the ticket URL parameter expected by the target service (ticket by /// default) /// </param> /// <returns>The URL of the target service with a proxy ticket included</returns> public static string GetProxyRedirectUrl(string targetService, string proxyTicketUrlParameter) { CasAuthentication.Initialize(); // Todo: Is ResolveUrl(...) appropriate/necessary? If the URL starts with ~, it shouldn't require proxy authentication string resolvedUrl = ResolveUrl(targetService); string proxyTicket = CasAuthentication.GetProxyTicketIdFor(resolvedUrl); EnhancedUriBuilder ub = new EnhancedUriBuilder(resolvedUrl); ub.QueryItems[proxyTicketUrlParameter] = proxyTicket; return ub.Uri.AbsoluteUri; }
/// <summary> /// Constructs a proxy ticket request URL containing both a proxy granting /// ticket and a URL Encoded targetServiceUrl. The URL returned will generally only /// be executed by the CAS client as a part of a proxy redirection in /// CasAuthentication.ProxyRedirect(...) or CasAuthentication.GetProxyTicketIdFor(...) /// but may also be used by applications which require low-level access to the proxy /// ticket request functionality. /// </summary> /// <param name="proxyGrantingTicketId"> /// The proxy granting ticket used to authorize the request for a proxy ticket on the /// CAS server /// </param> /// <param name="targetService"> /// The target service URL to request a proxy ticket request URL for /// </param> /// <returns>The URL to use to request a proxy ticket for the targetService specified</returns> public static string ConstructProxyTicketRequestUrl(string proxyGrantingTicketId, string targetService) { CasAuthentication.Initialize(); if (String.IsNullOrEmpty(proxyGrantingTicketId)) { throw new ArgumentException("For proxy ticket requests, proxyGrantingTicketId cannot be null and must be specified."); } if (String.IsNullOrEmpty(targetService)) { throw new ArgumentException("For proxy ticket requests, targetService cannot be null and must be specified."); } // TODO: Make "proxy" configurable. EnhancedUriBuilder ub = new EnhancedUriBuilder(EnhancedUriBuilder.Combine(CasAuthentication.CasServerUrlPrefix, "proxy")); ub.QueryItems.Add("pgt", proxyGrantingTicketId); ub.QueryItems.Add("targetService", HttpUtility.UrlEncode(targetService)); return ub.Uri.AbsoluteUri; }
/// <summary> /// Constructs a service URL using configured values in the following order: /// 1. if not empty, the value configured for Service is used /// - otherwise - /// 2. the value configured for ServerName is used together with HttpRequest /// data /// </summary> /// <remarks> /// The server name is not parsed from the request for security reasons, which /// is why the service and server name configuration parameters exist, per Apereo /// website. /// </remarks> /// <returns>the service URL to use, not encoded</returns> public static string ConstructServiceUrl(bool gateway) { CasAuthentication.Initialize(); HttpContext context = HttpContext.Current; HttpRequest request = context.Request; StringBuilder buffer = new StringBuilder(); if (!(CasAuthentication.ServerName.StartsWith("https://") || CasAuthentication.ServerName.StartsWith("http://"))) { buffer.Append(request.IsSecureConnection ? "https://" : "http://"); } buffer.Append(CasAuthentication.ServerName); EnhancedUriBuilder ub = new EnhancedUriBuilder(buffer.ToString()); ub.Path = request.Url.AbsolutePath; // Iterate through each of the name/value pairs in the query component of the service URL foreach (string name in request.QueryString.AllKeys) { // URL encode each name/value pair and then add it to the query items collection ub.QueryItems.Add(HttpUtility.UrlEncode(name), HttpUtility.UrlEncode(request.QueryString[name])); } ub.QueryItems.Remove(CasAuthentication.TicketValidator.ServiceParameterName); ub.QueryItems.Remove(CasAuthentication.TicketValidator.ArtifactParameterName); if (gateway) { ub.QueryItems.Set(CasAuthentication.GatewayParameterName, "true"); } else { ub.QueryItems.Remove(CasAuthentication.GatewayParameterName); } return(ub.Uri.AbsoluteUri); }
/// <summary> /// Constructs a service URL using configured values in the following order: /// 1. if not empty, the value configured for Service is used /// - otherwise - /// 2. the value configured for ServerName is used together with HttpRequest /// data /// </summary> /// <remarks> /// The server name is not parsed from the request for security reasons, which /// is why the service and server name configuration parameters exist, per Jasig /// website. /// </remarks> /// <returns>the service URL to use, not encoded</returns> public static string ConstructServiceUrl(bool gateway) { CasAuthentication.Initialize(); HttpContext context = HttpContext.Current; HttpRequest request = context.Request; StringBuilder buffer = new StringBuilder(); if (!(CasAuthentication.ServerName.StartsWith("https://") || CasAuthentication.ServerName.StartsWith("http://"))) { buffer.Append(request.IsSecureConnection ? "https://" : "http://"); } buffer.Append(CasAuthentication.ServerName); EnhancedUriBuilder ub = new EnhancedUriBuilder(buffer.ToString()); ub.Path = request.Url.AbsolutePath; ub.QueryItems.Add(request.QueryString); ub.QueryItems.Remove(CasAuthentication.TicketValidator.ServiceParameterName); ub.QueryItems.Remove(CasAuthentication.TicketValidator.ArtifactParameterName); if (gateway) { ub.QueryItems.Set(CasAuthentication.GatewayParameterName, "true"); } else { ub.QueryItems.Remove(CasAuthentication.GatewayParameterName); } return ub.Uri.AbsoluteUri; }
/// <summary> /// Returns a copy of the URL supplied modified to remove CAS protocol-specific /// URL parameters. /// </summary> /// <param name="url">The URL to remove CAS artifacts from</param> /// <returns>The URL supplied without CAS artifacts</returns> public static string RemoveCasArtifactsFromUrl(string url) { CommonUtils.AssertNotNullOrEmpty(url, "url parameter can not be null or empty."); CasAuthentication.Initialize(); EnhancedUriBuilder ub = new EnhancedUriBuilder(url); ub.QueryItems.Remove(CasAuthentication.TicketValidator.ArtifactParameterName); ub.QueryItems.Remove(CasAuthentication.TicketValidator.ServiceParameterName); ub.QueryItems.Remove(CasAuthentication.GatewayParameterName); ub.QueryItems.Remove(CasAuthentication.ProxyCallbackParameterName); // ++ NETC-28 Uri uriServerName; if (CasAuthentication.ServerName.StartsWith("http://", StringComparison.InvariantCultureIgnoreCase) || CasAuthentication.ServerName.StartsWith("https://", StringComparison.InvariantCultureIgnoreCase)) { uriServerName = new Uri(CasAuthentication.ServerName); } else { // .NET URIs require scheme uriServerName = new Uri("https://" + CasAuthentication.ServerName); } ub.Scheme = uriServerName.Scheme; ub.Host = uriServerName.Host; ub.Port = uriServerName.Port; return ub.Uri.AbsoluteUri; }
/// <summary> /// The implementation uses the CAS clearPass extension to obtain the user's password /// by requesting a proxy ticket for clearPass and parsing out the user's password that /// is returned as part of the response enclosed within <![CDATA[<cas:credentials>]]> elements. /// </summary> public string GetPassword() { string password = null; EnhancedUriBuilder clearPassUri = new EnhancedUriBuilder(CasAuthentication.CasServerUrlPrefix); clearPassUri.Path += "clearPass"; string clearPassUrl = clearPassUri.Uri.AbsoluteUri; string proxyTicket = CasAuthentication.GetProxyTicketIdFor(clearPassUrl); if (string.IsNullOrEmpty(proxyTicket)) { throw new HttpException("Unable to obtain CAS Proxy Ticket for clearPass."); } string clearPassResponse = null; try { clearPassUri.QueryItems.Add(CasClientConfiguration.Config.ArtifactParameterName, proxyTicket); string clearPassRequest = clearPassUri.Uri.AbsoluteUri; clearPassResponse = HttpUtil.PerformHttpGet(clearPassRequest, true); } catch (Exception e) { throw new HttpException("Unable to obtain clearPass response from CAS. Review CAS logs and ensure the proxy chain is configured correctly.", e); } if (string.IsNullOrEmpty(clearPassResponse)) { throw new HttpException("No response for clearPass is received from CAS"); } using (TextReader stringReader = new StringReader(clearPassResponse)) { XmlReaderSettings xmlReaderSetting = new XmlReaderSettings(); xmlReaderSetting.ConformanceLevel = ConformanceLevel.Auto; xmlReaderSetting.IgnoreWhitespace = true; using (XmlReader xmlReader = XmlReader.Create(stringReader, xmlReaderSetting)) { if (xmlReader.ReadToFollowing("cas:credentials")) { password = xmlReader.ReadElementString(); if (String.IsNullOrEmpty(password)) { throw new HttpException("No password was received from CAS. Review clearPass configuration for CAS and ensure the feature is turned on"); } } } } return password; }
/// <summary> /// Constructs a proxy callback URL containing a ProxyCallbackParameter /// (proxyResponse by default). This URL is sent to the CAS server during a proxy /// ticket request and is then connected to by the CAS server. If the 'CasProxyCallbackUrl' settings is specified, /// its value will be used to construct the proxy url. Otherwise, `ServerName` will be used. /// If the CAS server cannot successfully connect (generally due to SSL configuration issues), the /// CAS server will refuse to send a proxy ticket. /// </summary> /// <returns>the proxy callback URL to use</returns> public static string ConstructProxyCallbackUrl(bool gateway) { CasAuthentication.Initialize(); HttpContext context = HttpContext.Current; HttpRequest request = context.Request; EnhancedUriBuilder ub = null; if (CasAuthentication.CasProxyCallbackUrl != null && CasAuthentication.CasProxyCallbackUrl.Length > 0) { ub = new EnhancedUriBuilder(CasAuthentication.CasProxyCallbackUrl); } else { ub = new EnhancedUriBuilder(CasAuthentication.ServerName); } ub.Path = request.Url.AbsolutePath; ub.QueryItems.Add(request.QueryString); ub.QueryItems.Remove(CasAuthentication.TicketValidator.ArtifactParameterName); if (gateway) { ub.QueryItems.Set(CasAuthentication.GatewayParameterName, "true"); } else { ub.QueryItems.Remove(CasAuthentication.GatewayParameterName); } return ub.Uri.AbsoluteUri; }
/// <summary> /// Constructs a URL used to check the validitiy of a service ticket, with or without a proxy /// callback URL, and with or without requiring renewed credentials. /// </summary> /// <remarks>See CAS Protocol specification, section 2.5</remarks> /// <param name="serviceTicket">The service ticket to validate.</param> /// <param name="renew"> /// Whether or not renewed credentials are required. If True, ticket validation /// will fail for Single Sign On credentials. /// </param> /// <param name="gateway"> /// whether or not to include gatewayResponse=true in the request (client specific). /// </param> /// <param name="customParameters">custom parameters to add to the validation URL</param> /// <returns>The service ticket validation URL to use</returns> public static string ConstructValidateUrl(string serviceTicket, bool gateway, bool renew, NameValueCollection customParameters) { if (gateway && renew) { throw new ArgumentException("Gateway and Renew parameters are mutually exclusive and cannot both be True"); } CasAuthentication.Initialize(); EnhancedUriBuilder ub = new EnhancedUriBuilder(EnhancedUriBuilder.Combine(CasAuthentication.CasServerUrlPrefix, CasAuthentication.TicketValidator.UrlSuffix)); ub.QueryItems.Add(CasAuthentication.TicketValidator.ServiceParameterName, HttpUtility.UrlEncode(ConstructServiceUrl(gateway))); ub.QueryItems.Add(CasAuthentication.TicketValidator.ArtifactParameterName, HttpUtility.UrlEncode(serviceTicket)); if (renew) { ub.QueryItems.Set("renew", "true"); } if (customParameters != null) { for (int i = 0; i < customParameters.Count; i++) { string key = customParameters.AllKeys[i]; string value = customParameters[i]; ub.QueryItems.Add(key, value); } } return ub.Uri.AbsoluteUri; }
/// <summary> /// Constructs a proxy ticket request URL containing both a proxy granting /// ticket and a URL Encoded targetServiceUrl. The URL returned will generally only /// be executed by the CAS client as a part of a proxy redirection in /// CasAuthentication.ProxyRedirect(...) or CasAuthentication.GetProxyTicketIdFor(...) /// but may also be used by applications which require low-level access to the proxy /// ticket request functionality. /// </summary> /// <param name="proxyGrantingTicketId"> /// The proxy granting ticket used to authorize the request for a proxy ticket on the /// CAS server /// </param> /// <param name="targetService"> /// The target service URL to request a proxy ticket request URL for /// </param> /// <returns>The URL to use to request a proxy ticket for the targetService specified</returns> public static string ConstructProxyTicketRequestUrl(string proxyGrantingTicketId, string targetService) { CasAuthentication.Initialize(); // TODO: Make "proxy" configurable. EnhancedUriBuilder ub = new EnhancedUriBuilder(EnhancedUriBuilder.Combine(CasAuthentication.CasServerUrlPrefix, "proxy")); ub.QueryItems.Add("pgt", proxyGrantingTicketId); ub.QueryItems.Add("targetService", HttpUtility.UrlEncode(targetService)); return ub.Uri.AbsoluteUri; }