dotnetcasclient 重定向问题，没有生成日志

Question

I am trying to implement the dotnet-cas-client for SSO on my website. I followed the documentation given here https://github.com/apereo/dotnet-cas-client/wiki/Getting-Started . I am able to connect to the CAS server and I see the login page for SSO but after logging in I get the error 'page redirected too many times'. I have searched through several websites and tried many different things but I can't seem to resolve the issue. I tried implementing the diagnostics part in my webconfig to generate logs so that I can get an idea of what is wrong but no logs are being generated. I am pasting below my webconfig configuration. Can someone please give me an idea of what I am doing wrong. If you require more information from my end please let me know.

<?xml version="1.0" encoding="UTF-8"?>
<!--
  For more information on how to configure your ASP.NET application, please visit
  https://go.microsoft.com/fwlink/?LinkId=301879
  -->
<configuration>
  <configSections>
    <section name="casClientConfig" type="DotNetCasClient.Configuration.CasClientConfiguration, DotNetCasClient" />
  </configSections>
  <appSettings>
    <add key="webpages:Version" value="3.0.0.0" />
    <add key="webpages:Enabled" value="false" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
    <add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
  </appSettings>
  <connectionStrings>
    <add name="TestConnectionString" connectionString="Data Source=localhost;Initial Catalog=clinical;Persist Security Info=True; Integrated Security=SSPI;" providerName="System.Data.SqlClient" />    
  </connectionStrings>
  <system.diagnostics>
    <trace autoflush="true" useGlobalLock="false" />
    <sharedListeners>
      <!--
      Writing trace output to a log file is recommended.
      IMPORTANT:
      The user account under which the containing application pool runs
      must have privileges to create and modify the trace log file.
    -->
      <add name="TraceFile"
           type="System.Diagnostics.TextWriterTraceListener"
           initializeData="C:\inetpub\logs\LogFiles\DotNetCasClient.Log"
           traceOutputOptions="DateTime" />
    </sharedListeners>
    <sources>
      <!-- Provides diagnostic information on module configuration parameters. -->
      <source name="DotNetCasClient.Config" switchName="Config" switchType="System.Diagnostics.SourceSwitch" >
        <listeners>
          <add name="TraceFile" />
        </listeners>
      </source>
      <!-- Traces IHttpModule lifecycle events and meaningful operations performed therein. -->
      <source name="DotNetCasClient.HttpModule" switchName="HttpModule" switchType="System.Diagnostics.SourceSwitch" >
        <listeners>
          <add name="TraceFile" />
        </listeners>
      </source>
      <!-- Provides protocol message and routing information. -->
      <source name="DotNetCasClient.Protocol" switchName="Protocol" switchType="System.Diagnostics.SourceSwitch" >
        <listeners>
          <add name="TraceFile" />
        </listeners>
      </source>
      <!-- Provides details on security operations and notable security conditions. -->
      <source name="DotNetCasClient.Security" switchName="Security" switchType="System.Diagnostics.SourceSwitch" >
        <listeners>
          <add name="TraceFile" />
        </listeners>
      </source>
    </sources>
    <switches>
      <!--
      Set trace switches to appropriate logging level.  Recommended values in order of increasing verbosity:
       - Off
       - Error
       - Warning
       - Information
       - Verbose
    -->
      <!--
      Config category displays detailed information about CasAuthenticationModule configuration.
      The output of this category is only displayed when the module is initialized, which happens
      for the first request following application/server startup.
    -->
      <add name="Config" value="Verbose"/>
      <!--
      Set this category to Verbose to trace HttpModule lifecycle events in CasAuthenticationModule.
      This category produces voluminous output in Verbose mode and should be avoided except for
      limited periods of time troubleshooting vexing integration problems.
    -->
      <add name="HttpModule" value="Verbose"/>
      <!--
      Set to Verbose to display protocol messages between the client and server.
      This category is very helpful for troubleshooting integration problems.
    -->
      <add name="Protocol" value="Verbose"/>
      <!--
      Displays important security-related information.
    -->
      <add name="Security" value="Verbose"/>
    </switches>
  </system.diagnostics>
  <system.web>
   <authentication mode="Forms">
      <forms name=".DotNetCasClientAuth" loginUrl="https://cas.server.com/cas/login" timeout="30" cookieless="UseCookies" defaultUrl="~/Default.aspx" path="/" />
    </authentication>
    <customErrors mode="Off" />
    <compilation targetFramework="4.7.1" debug="true">
      <assemblies>
        <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
        <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
      </assemblies>
    </compilation>
    <httpRuntime targetFramework="4.7.1" />
    <httpModules>
      <add name="DotNetCasClient" type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" />
      <add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" />
    </httpModules>
    <authorization>
      <allow users = "*" />
    </authorization>
    <roleManager enabled="true" defaultProvider="AspNetReadOnlyXmlRoleProvider">
      <providers>
        <add name="AspNetReadOnlyXmlRoleProvider" type="DotNetCasClient.Security.ReadOnlyXmlRoleProvider" xmlFileName="~/App_Data/UserRoles.xml"/>
      </providers>
    </roleManager>
    <siteMap enabled="true">
      <providers>
        <clear/>
        <add siteMapFile="Web.sitemap" name="AspNetXmlSiteMapProvider" type="System.Web.XmlSiteMapProvider"/>
      </providers>
    </siteMap>
    <pages enableEventValidation="false" >
      <controls>
        <add tagPrefix="cas" tagName="CookieViewer" src="~/Controls/CookieViewer.ascx"/>
        <add tagPrefix="cas" tagName="TicketManager" src="~/Controls/TicketManager.ascx"/>
      </controls>
    </pages>
  </system.web>

  <system.webServer>
    <defaultDocument>
      <files>
        <remove value="iisstart.htm" />
        <remove value="index.htm" />
        <remove value="index.html" />
        <remove value="Default.asp" />
        <remove value="Default.htm" />
        <add value="index.aspx" />
      </files>
    </defaultDocument>
    <handlers>
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <remove name="OPTIONSVerbHandler" />
      <remove name="TRACEVerbHandler" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
    <modules>
      <remove name="TelemetryCorrelationHttpModule" />
      <remove name="DotNetCasClient" />
      <add name="DotNetCasClient" type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient" />
      <add name="TelemetryCorrelationHttpModule" type="Microsoft.AspNet.TelemetryCorrelation.TelemetryCorrelationHttpModule, Microsoft.AspNet.TelemetryCorrelation" preCondition="integratedMode,managedHandler" />
      <remove name="ApplicationInsightsWebTracking" />
      <add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" preCondition="managedHandler" />
    </modules>
    <validation validateIntegratedModeConfiguration="false" />
    <rewrite>
      <rules>
        <rule name="HTTPS redirect" enabled="false">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTPS}" pattern="^OFFS" />
          </conditions>
          <action type="Rewrite" url="https://{HTTP_HOST}/{R:1}" />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Antlr3.Runtime" publicKeyToken="eb42632606e9261f" />
        <bindingRedirect oldVersion="0.0.0.0-3.5.0.2" newVersion="3.5.0.2" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="cc7b13ffcd2ddd51" />
        <bindingRedirect oldVersion="0.0.0.0-4.0.2.1" newVersion="4.0.2.1" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
        <bindingRedirect oldVersion="0.0.0.0-11.0.0.0" newVersion="11.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="0.0.0.0-1.6.5135.21930" newVersion="1.6.5135.21930" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-5.2.4.0" newVersion="5.2.4.0" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
  <system.codedom>
    <compilers>
      <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.8.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:default /nowarn:1659;1699;1701" />
      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.8.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:default /nowarn:41008 /define:_MYTYPE=\&quot;Web\&quot; /optionInfer+" />
    </compilers>
  </system.codedom>
  <casClientConfig casServerLoginUrl="https://cas.server.com/cas/login" casServerUrlPrefix="https://cas.server.com/cas/" serverName="https://mywebsite.com/"  redirectAfterValidation="true" renew="false" singleSignOut="true" ticketTimeTolerance="5000" ticketValidatorName="Cas20"  serviceTicketManager="CacheServiceTicketManager" />

</configuration>

Answer 1

I got logs to work by changing the location that they were supposed to be generated. The redirect loop was caused by a 403 forbidden error. After investigating I found out that the CAS server I was connecting to was not allowed to communicate with me via port 443 as that port was blocked. Once the port was opened up, CAS started to work.

Answer 2

For others who might have this same issue I was able to resolve it by looking at the defaultUrl of the forms section. Make sure that this url is not protected by CAS otherwise it can result in an infinite redirect loop.

Also make sure that TLS 1.0 and/or TLS 1.1 are enabled on your web server. If they are not (at this time they should be disabled for security reasons and only use TLS 1.2) you can try forcing all requests from your application to use TLS 1.2 by adding the following code in Global.asax.cs method Application_Start:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;