This browser does not support basic Web standards, preventing the display of our site's intended design. May we suggest that you upgrade your browser?

Web Development Code Library ASPCAS authentication

CAS authentication

Include this file at the top of every page that you want to have CAS authentication on. Note that this only authenticates that the person signing is is a UWEC user, but doesn't take into account the role of the user. Currently the username is stored into Session[uwecNetworkID], but can be changed for each application. It also checks to see if the user has already been authenticated.

<%@ LANGUAGE="VBScript" %>

<%
	' 	Credit for this code goes to Jonathan Wehner of 
	'	Case's Department of Enrollment Management.
	'	http://opensource.case.edu/projects/CAS/wiki/VBScript
	
	'Declare and assign CAS server variable
	Dim casServer
	casServer = "ash.uwec.edu/cas"

	'Declare additional variables used for redirect
	Dim protocol, originatingURL, caseNetworkID

	'Determine the protocol for the originitating page
	if Request.ServerVariables("HTTPS") = "off" then
		protocol = "http"
	else
		protocol = "https"
	end if

	'Construct the originatingURL variable based on ServerVariables
	originatingURL = protocol & "://" & Request.ServerVariables("HTTP_HOST") & Request.ServerVariables("URL")

	'Check to see if the 'ticket' variable was passed via the query string
	if Request.QueryString("ticket") = "" then
		'If no, then redirect to CAS
		Response.Redirect("https://" & casServer & "/login?service=" & originatingURL)
	else
		'If yes, create MSXML object and attempt to validate the ticket
		Dim objSvrHTTP, ticket, casResponse, casResponseArray

		ticket = Request.QueryString("ticket")

		Set objSvrHTTP = Server.CreateObject("Msxml2.ServerXMLHTTP")
		objSvrHTTP.open "GET", "https://" & casServer & "/validate?ticket="+ ticket +"&service=" & originatingURL, false
		
		objSvrHTTP.send
		casResponse = objSvrHTTP.responseText
		casResponseArray = Split(casResponse, Chr(10), -1, 1)
		
		
		if casResponseArray(0) = "no" then
			' Redirect the user to the login page and give them another chance to log in
			Response.Redirect("https://" & casServer & "/login?service=" & originatingURL)
		else
			' Store the UWEC username into the Session
		 	Session.Contents("uwecNetworkID") = casResponseArray(1)
			'Response.write caseNetworkID
		end if
	end if
%>
Excellence. Our Measure. Our Motto. Our Goal.