-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathWeb.config
201 lines (190 loc) · 12.5 KB
/
Web.config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<configSections>
<section name="casClientConfig" type="DotNetCasClient.Configuration.CasClientConfiguration, DotNetCasClient" />
<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" />
<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere" />
<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" />
<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" />
<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" />
</sectionGroup>
</sectionGroup>
</sectionGroup>
</configSections>
<appSettings>
<add key="CasOwa.ClearPassUrl" value="https://cas.hostname.edu/cas/clearPass"/>
<add key="CasOwa.OwaUrl" value="https://owa.hostname.edu/owa"/>
<add key="CasOwa.skipOwaUrlCertificateValidation" value="false" />
</appSettings>
<connectionStrings />
<!--
======================
CAS Config #1
======================
Configure basic CAS client properties.
Required Attributes:
casServerLoginUrl - URL of CAS login form.
serverName - Name of server hosting this application.
casServerUrlPrefix - URL to root of CAS server application.
ticketValidatorName - Name of ticket validator that validates CAS tickets using a particular protocol.
Valid values are Cas10, Cas20, and Saml11.
Optional Attributes:
secureUriRegex - Regular expression describing URIs to be protected by CAS authentication.
Default is .* to protect all application resources with CAS.
secureUriExceptionRegex - Regular expression describing URIs to be specifically excluded from CAS auth.
This feature originated to easily exclude resources used by .NET AJAX controls.
The value in the following example illustrates how to ignore the resource used
to bootstrap AJAX controls.
redirectAfterValidation - Whether to redirect to the same URL after ticket validation, but without the
ticket in the parameter. Default is false.
useSession - Use session to store CAS authenticated state and principal/attribute info.
Default is true.
gateway - Enable CAS gateway feature, see http://www.jasig.org/cas/protocol section 2.1.1.
Default is false.
renew - Force user to reauthenticate to CAS before accessing this application.
This provides additional security at the cost of usability since it effectively
disables SSO for this application. Default is false.
singleSignOut - Enables this application to receive CAS single sign-out messages sent when the
user's SSO session ends. This will cause the user's session in this application
to be destroyed. Default is false.
ticketTimeTolerance - SAML ticket validator property to allow at most the given time difference in ms
between artifact (ticket) timestamp and CAS server system time. Increasing this
may have negative security consequences; we recommend fixing sources of clock drift
rather than increasing this value.
-->
<casClientConfig casServerLoginUrl="https://cas.hostname.edu/cas/login"
serverName="https://owa.hostname.edu"
secureUriRegex="(?i)/auth"
casServerUrlPrefix="https://cas.hostname.edu/cas/"
redirectAfterValidation="false"
useSession="false"
gateway="false"
renew="false"
ticketValidatorName="Cas20"
ticketTimeTolerance="5000"
singleSignOut="false"
proxyGrantingTicketReceptor="true"
proxyCallbackUrl="https://owa.hostname.edu/coa/proxyCallback"
proxyReceptorUrl="/coa/proxyCallback" />
<system.web>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
-->
<compilation debug="true">
<assemblies>
<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</assemblies>
</compilation>
<!--
======================
CAS Config #2
======================
Configure the authentication method used by the application.
There are two basic approaches:
1. Windows Forms Authentication (WFA)
2. non-WFA
Use WFA if you specifically need/want the features of that authentication model,
otherwise use the simpler non-WFA approach.
Set mode="Forms" for WFA and provide the URL to the CAS login form:
<authentication mode="Forms">
<forms loginUrl ="https://cas.example.com/cas/login"
timeout="10"/>
</authentication>
For non-WFA, use mode="None"
-->
<authentication mode="None" />
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
<pages>
<controls>
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</controls>
</pages>
<httpHandlers>
<remove verb="*" path="*.asmx" />
<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false" />
<add verb="*" path="auth" type="CasOwa.CasOwaAuthHandler, CasOwa" />
</httpHandlers>
<!--
======================
CAS Config #3
======================
Choose a CAS authentication module.
The authentication module determines the authentication method, discussed in #2 above,
and must match the configuration specified in that section. The two available authentication
modules:
1. CASAuthenticationModule - WFA
2. CasAlternateAuthModule - non-WFA
-->
<httpModules>
<remove name="FormsAuthentication" />
<remove name="WindowsAuthentication" />
<remove name="PassportAuthentication" />
<add name="DotNetCasClient" type="DotNetCasClient.CasAlternateAuthModule,DotNetCasClient" />
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</httpModules>
</system.web>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<providerOption name="CompilerVersion" value="v3.5" />
<providerOption name="WarnAsError" value="false" />
</compiler>
</compilers>
</system.codedom>
<!--
The system.webServer section is required for running ASP.NET AJAX under Internet
Information Services 7.0. It is not necessary for previous version of IIS.
-->
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules>
<remove name="ScriptModule" />
<add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</modules>
<handlers>
<remove name="WebServiceHandlerFactory-Integrated" />
<remove name="ScriptHandlerFactory" />
<remove name="ScriptHandlerFactoryAppServices" />
<remove name="ScriptResource" />
<add name="CasDotNetClient-ProxyCallback" path="proxyCallback" verb="*" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll" resourceType="Unspecified" preCondition="classicMode,runtimeVersionv2.0,bitness32" />
<add name="CasOwaAuthHandler" path="auth" verb="*" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll" resourceType="Unspecified" preCondition="classicMode,runtimeVersionv2.0,bitness32" />
<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</handlers>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>