Retrieving User Security Info through NT Authentication

i'm not going to be much help, but i'm pretty sure i saw something about that sort of thing in the Developer's exchange at macromedia.com.  I'd check there.  sorry for being such poor help.

There are some good security articles on macromedia's site.  If you are running Active Directory, you can connect to it using the <CFLDAP> tag.  Alot of the CF security stuff has changed with MX, so look towards the future if you haven't already upgraded.

....................
CFMX
....................

If your using CFMX use the following:
http://www.macromedia.com/desdev/mx/coldfusion/articles/ntdomain.html

Once users are authenticated you can use <cflogin> and <cfloginuser> to create a role for the person who is authenticated.

NOTE: Groups are not supported with the <cfloginuser> tag. You authenticat if the user is a user in the Domain then you set a role for that user. Then within your application you can check to see if the userinrole("admin") and allow the user to use that section of the applicaiton.

....................
CF5
....................

If your using CF5 you can do this with the Advanced Security features within the administrator. First you would need to create a UserDirectory. Select NTDOMAIN for (server: YOURDOMAINNAME) for username and password you would need a user that can read users within the domain. After you set all of this up within the CF Administrator you can then use the isauthenticated() features...

Next you would need to create a Security Context, the context only needs to have the UserDirectory you created associated with it.

You can then use isauthenticated(), I forget the attributes to this function.... I'm writing this via memory.

NOTE: Advanced Security features must have been installed when you installed CF5. You can verify this if you see two services(WIN) or process(UNIX) running. SiteMinder Authentication and SiteMinder Authorization. CF5 used SiteMinder to authenticate users.

-Kurt.

Opps... here is the Active Directory stuff if your using that...

http://www.macromedia.com/v1/handlers/index.cfm?id=21784

-Kurt.

Thanks for the help, Kurt. I looked through the documentation. I don't really need to authenticate the user, but would simply like to retrieve (pull) their NT username after they log into the network. All of the tags that are mentioned above require the username/password to be inputted. I basically don't want to have users log into the browser application that I am building, but would rather display content based upon their particular username. Please let me know if there's a way. Thanks!

By the way, we are NOT running Active Directory, and thus would need a different solution. Thanks.

I guess you need to read a registry

How can I read the registry? What CF tag needs to be used, and what key?

rajeevmshah5:

Take a look at the CGI variables that Coldfusion exposes.  Of particular interest to you would be the CGI.REMOTE_USER or CGI.AUTH_USER variables.  Depending on your server setup, that should work for you.

Try using the CGI variable #CGI.AUTH_USER#.  This will be the NT username if they have logged into the network.

Both CGI.REMOTE_USER or CGI.AUTH_USER not working for me.

Did you try to read the document that kurtfusion  mentioned?

Yeah, I read the document and it appears as though you have to input the username/password in order to retrieve information. I want to eliminate this step, and automatically just retrieve the username of the user logged into the domain. I heard something about using:

%username%

Apparently, this variable contains the username, but I don't know how to output it in ColdFusion. Any thoughts?

At some point the user is going to have to log in with a username/password.  If they do log in to a domain and your web server is on that domain, the #CGI.AUTH-USER# variable should still work, although I think it will also contain the domain (SERVER//username).  Otherwise you will probably have to turn on Active Directory on the domain server, or write a vb script or something.  I think you could write a dll and call it with the <CFOBJECT> tag, although I have not done so.

Auth_User and Remote_User are both not working. Remote_Ident generates an error. The following variables do output the correct information:

Server_Name
Server_Port
Remote_Host
Server_Software
Gateway_Interface

I was wondering why the Auth_User and Remote_User variables output nothing? Do I need to speak with our SA in order to make some configuration changes on the server? Please let me know your thoughts. Thanks.

#CGI.AUTH_USER#
#CGI.REMOTE_USER#
#CGI.LOGON_USER# <-- This may hold a diff value if you have an authentication filter for IIS.

you can also dump out the cgi scope....

<cfdump var="#cgi#">

Are you using IIS/Win2K Server with CFMX ? What is your environment ?

ColdFusion = CFMX / CF5 / CF45
Server = Win2k / Solaris / Linux
WebServer = Apache / IIS / Netscape

-Kurt.

CGI.Logon_User generated an error.

The cgi dump also did not include the username of the logged in user.

Environment:

ColdFusion 5
Server: Win2K
WebServer IIS

Other thoughts? Thanks!

Basic Authentication was the key. It was turned off, and by using it, I got the right output. Thank you everyone for your help.