mvc下dotnetCasClient连接CAS不断重定向问题

一，关于CAS

Apereo Central Authentication Service (CAS)

About CAS | Apereo

二，dotnetCasClient

dotnetCasClient是官方提供的用于集成CAS客户端的工具。

dotnetCasClient源码地址：

GitHub - apereo/dotnet-cas-client: Apereo .NET CAS Client

三，使用方式

mvc项目下，nuget安装dotnetCasClient

安装完成后web.config会自动添加CAS相关配置信息（form认证），修改配置信息casClientConfig节点，casServerLoginUrl、casServerUrlPrefix、serverName等改为正确的地址。

对需要认证的action或者controller,添加[Authrize]修饰

访问此action，发现会不断重定向

1，添加dotnetCasClient调试日志

编辑mvc项目下web.config文件，在configuration根节点下添加如下配置

<system.diagnostics>
    <trace autoflush="true" useGlobalLock="false" />
    <sharedListeners>
      <!--
      Writing trace output to a log file is recommended.
      IMPORTANT:
      确保对目录有访问权限.
    -->
      <add name="TraceFile"
           type="System.Diagnostics.TextWriterTraceListener"
           initializeData="D:\caslogs\DotNetCasClient.Log"
           traceOutputOptions="DateTime" />
    </sharedListeners>
    <sources>
      <!-- Provides diagnostic information on module configuration parameters. -->
      <source name="DotNetCasClient.Config" switchName="Config" switchType="System.Diagnostics.SourceSwitch" >
        <listeners>
          <add name="TraceFile" />
        </listeners>
      </source>
      <!-- Traces IHttpModule lifecycle events and meaningful operations performed therein. -->
      <source name="DotNetCasClient.HttpModule" switchName="HttpModule" switchType="System.Diagnostics.SourceSwitch" >
        <listeners>
          <add name="TraceFile" />
        </listeners>
      </source>
      <!-- Provides protocol message and routing information. -->
      <source name="DotNetCasClient.Protocol" switchName="Protocol" switchType="System.Diagnostics.SourceSwitch" >
        <listeners>
          <add name="TraceFile" />
        </listeners>
      </source>
      <!-- Provides details on security operations and notable security conditions. -->
      <source name="DotNetCasClient.Security" switchName="Security" switchType="System.Diagnostics.SourceSwitch" >
        <listeners>
          <add name="TraceFile" />
        </listeners>
      </source>
    </sources>
    <switches>
      <!--
      Set trace switches to appropriate logging level.  Recommended values in order of increasing verbosity:
       - Off
       - Error
       - Warning
       - Information
       - Verbose
    -->
      <!--
      Config category displays detailed information about CasAuthenticationModule configuration.
      The output of this category is only displayed when the module is initialized, which happens
      for the first request following application/server startup.
    -->
      <add name="Config" value="Verbose"/>
      <!--
      Set this category to Verbose to trace HttpModule lifecycle events in CasAuthenticationModule.
      This category produces voluminous output in Verbose mode and should be avoided except for
      limited periods of time troubleshooting vexing integration problems.
    -->
      <add name="HttpModule" value="Verbose"/>
      <!--
      Set to Verbose to display protocol messages between the client and server.
      This category is very helpful for troubleshooting integration problems.
    -->
      <add name="Protocol" value="Verbose"/>
      <!--
      Displays important security-related information.
    -->
      <add name="Security" value="Verbose"/>
    </switches>
  </system.diagnostics>

查询调试信息(D:\caslogs\DotNetCasClient.Log)如下

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

DotNetCasClient.Protocol Verbose: 3237 : **ticket:ST-7865802-p1PyCGWF4HTbwRxKBSmr-zfsoft.com     DateTime=2022-09-20T00:57:16.0142453Z DotNetCasClient.Protocol Verbose: 3237 : Ticket validation response:     <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>     <cas:authenticationFailure code='INVALID_PROXY_CALLBACK'>             The supplied proxy callback url 'http://123.207.xxx.xxx:9090/account/caslogin?proxyResponse=true' could not be authenticated.     </cas:authenticationFailure> </cas:serviceResponse>       DateTime=2022-09-20T00:57:16.0288446Z DotNetCasClient.Protocol Error: 3237 : Ticket validation error: DotNetCasClient.Validation.TicketValidationException: CAS ticket could not be validated.    在 DotNetCasClient.Validation.TicketValidator.Cas20ServiceTicketValidator.ParseResponseFromServer(String response, String ticket) 位置 <br>D:\dopowing\ZJGSAI\DotNetCasClient\Validation\TicketValidator\Cas20ServiceTicketValidator.cs:行号 145    在 DotNetCasClient.CasAuthentication.ProcessTicketValidation() 位置 D:\dopowing\ZJGSAI\DotNetCasClient\CasAuthentication.cs:行号 835     DateTime=2022-09-20T00:57:16.0298178Z

　　其中

?

1	The supplied proxy callback url 'http://123.207.xxx.xxx:9090/account/caslogin?proxyResponse=true' could not be authenticated.

?

1	proxyResponse=true可能和代理相关，打开web.config里casClientConfig节点，删除属性proxyTicketManager="CacheProxyTicketManager"<br>再次访问action,正常工作。