apereo / dotnet-cas-client

Apereo .NET CAS Client
Apache License 2.0
233 stars 176 forks source link

Obtaining a Ticket Granting Ticket and a Service Ticket for an API #90

Open idilov opened 5 years ago

idilov commented 5 years ago

I am going to call a Java REST API from .net. The API is secured by CAS. Does this project cover the protocol described here i.e. getting, validating, caching, deleting and error-handling a TGT and a ST for an API? If this is out of scope for dotnet-cas-client, is there any .net library or .net example for accessing a REST API after authenticating via CAS server?

phantomtypist commented 5 years ago

This client does not contain the code to handle TGT via the CAS REST protocol. If you'd like you can contribute that code and submit a PR.

KhanhVanCong commented 4 years ago

I have this problem with API. I have one client app use the outer CAS to authentication and one other server API to authorization as well as get data. In the client web app, when the user was verified from the CAS server, How can I tell other server API that the user is authenticated and generate token? Do you have any experience with this problem?

TheHokieCoder commented 4 years ago

@KhanhVanCong You will not be able to, out of the box, use the same token/authentication cookie generated by this ASP.NET CAS client to perform authentication/authorization with your API server that is another application/server. And as @phantomtypist mentioned earlier, this client does not currently support CAS via REST. What you are looking for is the ability to secure two or more microservices with the same authentication system (CAS, in this case), which unfortunately is outside the scope of this project.

KhanhVanCong commented 4 years ago

@TheHokieCoder Thank you for your support.