Skip to content

CAS Authentication in C#

For a recent project I wanted to authenticate using Central Authentication Service (CAS), a single-sign on server deployed world-wide. My project is in ASP.NET, so I hunted down CASP, a C# class produced by John Tantalo at Case Western Reserve University. Coincidentally, John was also responsible for Planarity, a flash game which has only stolen mere days of my life.

I had a few nits to pick with it, so at the risk of calling his baby ugly:

  1. Doesn’t handle the latest CAS protocol, CAS2
  2. Dumps the authenticated username into Session, which isn’t what I wanted
  3. Doesn’t use “using” statements when dealing with IDisposable objects
  4. Doesn’t use XML comments, which .NET tools prefer
  5. Some minor duplication in specifying the login URL and the validation URL.

So, all in all nothing really big. I ended up going a little nuts with it resolving all my complaints. It can now speak CAS1 or CAS2, and has a bunch of options that I added in to solve my specific needs. It seems a little overcomplicated now, but I always get that feeling when I’m thinking in C#.


Pretty simple:

  1. Download the source: CASP.cs (BSD license)
  2. Add it to your project

Example usage

Like Tantalo’s CASP, mine is designed to be used from a System.Web.UI.Page, and will redirect the browser about as needed.

Simplest example, uses CAS2 by default
protected void Page_Load(object sender, EventArgs e) {
string username = CASP.Authenticate(“”, this.Page);
//do whatever with username

Slightly more complex, using CAS1 and always renewing the authentication ticket
protected void Page_Load(object sender, EventArgs e) {
string username = CASP.Authenticate(“”, this.Page, true, false);
//do whatever with username

Most complex example, giving you flexibility to decide what to do about errors, etc
protected void Page_Load(object sender, EventArgs e) {
CASP casp = new CASP(“”, this.Page, true); //re-login every time
if (casp.Login()) {
try {
string username = casp.ServerValidate(); //or casp.Validate() for CAS1
//do whatever with username
}catch (CASP.ValidateException ex) {
//try again, something was messed up

This code is certified:
works on my machine


  1. aaa wrote:

    Thank you, this works perfectly!

    Monday, April 12, 2010 at 11:33 am | Permalink
  2. BrainX wrote:

    Thanks, you saved me two days ;)

    Saturday, September 4, 2010 at 2:58 am | Permalink
  3. thenonhacker wrote:

    LOL @ “Works on MY machine.”

    Thursday, July 4, 2013 at 3:45 am | Permalink