Solved

Just out of curiosity

Posted on 2002-05-29
9
541 Views
Last Modified: 2013-12-24
is there a way to authenticate using the users nt login.

I see that there is a cgi variable for
AUTH_TYPE=NTLM
AUTH_USER=
HTTP_AUTHORIZATION
VS
Creating a login app that passes the information in plain text and writes it in plain text to the logs.
or am I wrong in my assumption.
0
Comment
Question by:jriver12
9 Comments
 
LVL 37

Accepted Solution

by:
meverest earned 100 total points
ID: 7043411
Hello,

you can use the http_auth_user cgi variable to get the username of the loggon on user.  it is safe to assume that the password is valid because you will only find that variable set if the web server has successfully authed that user.

then you can have a db table of usernames with your relevent application variables - user preferences, access lists etc.

cheers.
0
 
LVL 1

Expert Comment

by:cmurugavel
ID: 7043791
Hi,

You can use below code in your application.cfm

<CFSET #UserId# = cgi.auth_user>


finally you can store #UserId# into your database for further use.

--C.M
0
 
LVL 6

Expert Comment

by:dash420
ID: 7043991
you can use
  #cgi.remote_user# it will give the nt user id .
0
 
LVL 1

Expert Comment

by:Soulive
ID: 7046892
It just so happens that I'm in the middle of trying to solve a similar dilema.  The way it works is as follows.  The user must be using IIS for your web server and Internet Explorer for your browser for it to work because netscape will not use windows authentication.  You must first go into IIS console management, click on the directory or individual file that you want to secure.  Go to properties and click on Directory Security.  Under there, click on Edit under Anonymous Access and Authentication Control.  Make sure that Integrated Windows Authentication is the only thing checked.  You could use Basic authentication but it's much less secure.  Once you ok and apply this, you will notice that the cgi.AUTH_USER variable now has the domain\username of whomever is logged in on the machine accessing the website.  
   Furthermore, if you want to restrict access to certain users, you will have to go outside of IIS into the file security, remove the EVERYONE option and restrict access to individuals or groups of users.
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 

Author Comment

by:jriver12
ID: 7047265
Soulive,

I like the way your solution sounds, let me play with it and I will let you know. :^)
0
 

Author Comment

by:jriver12
ID: 7051118
Soulive,
your suggestion seems to work, but I am having questions on the following issues:

1.  When my session is timed out and my user tries to perform another action it is not prompting them to log back in.
is this happening because the user is already authenticated thru ntlm?

2. what exactly is the CGI.Auth_password and how do I  set it.?

3.  I have tried but failed on this next one.  by looking at the code that I have attached,
I would like the system to first, check and see if the AUth_user is  not "" and if it isn't I would like them to go ahead and not have to log in again,
(knowing that this app is internal only)
once my user logs into my network then i am making an assumption that they are authorized to use the app.

of course cf server will check and see if they are one of the auth users and if not they will not be allowed to view the pages.

can you take a look at this and tell me why the above issues are either happening or not happening Please?

here is the code.
application.cfm

<!--- CHECK FOR A USERNAME --->
<CFPARAM name="usador" default="Yes">

<CFIF IsDefined("Cookie.Username")>
   <CFSET USERNAME=Cookie.Username>
<CFELSE>
   <CFSET USERNAME="">
   <CFIF IsDefined("Form.Username")>
      <CFSET USERNAME=Form.Username>
      <CFCOOKIE NAME="username" VALUE="#Form.Username#">
   <CFELSE>
      <CFSET usador = "No">
   </CFIF>
</CFIF>

<!--- CHECK FOR A PASSWORD --->
<CFPARAM name="palabrasecreta" default="Yes">

<CFIF IsDefined("Cookie.Password")>
   <CFSET PASSWORD=Cookie.Password>
<CFELSE>
   <CFSET PASSWORD="">
   <CFIF IsDefined("Form.Password")>
      <CFSET PASSWORD=Form.Password>
      <CFCOOKIE NAME="password" VALUE="#Form.Password#">
   <CFELSE>
      <CFSET palabrasecreta = "No">
   </CFIF>
</CFIF>

<!--- CHECK AUTHENTICATION STATUS AND IF NOT AUTHENTICATED HANDLE IT --->
<CFIF NOT IsAuthenticated()>

   <!--- IF WE HAVE A PASSWORD AND USERNAME, TRY AUTHENTICATING --->
   <CFIF usador and palabrasecreta>
      <CFTRY>
         <CFAUTHENTICATE
         SECURITYCONTEXT="exposition_context"
         USERNAME="#USERNAME#"
         PASSWORD="#PASSWORD#"
         SETCOOKIE="Yes">

         <!--- IF AN EXCEPTION IS THROWN, HANDLE IT --->
         <CFCATCH TYPE="Security">
            <CFCOOKIE NAME="username" VALUE="" EXPIRES="NOW">
            <CFCOOKIE NAME="password" VALUE="" EXPIRES="NOW">
            <CFLOCATION URL="index.cfm">
         </CFCATCH>
      </CFTRY>
   </CFIF>

   <!--- OUTPUT A LOGIN FORM --->
   <FORM ACTION="index.cfm" METHOD="POST">
      Username: <INPUT TYPE=text NAME="username"><BR>
      Password: <INPUT TYPE=password NAME="password"><BR>
      <INPUT TYPE=submit VALUE="LOGIN">
   </FORM>

   <CFABORT>

</CFIF>

<!--- USER IS AUTHENTICATED, SO WE CONTINUE --->

<cfapplication name="intranet"
clientmanagement="Yes"
sessionmanagement="Yes"
setclientcookies="Yes" sessiontimeout="#CreateTimeSpan(0,0,0,1)#" applicationtimeout="#CreateTimeSpan(0,0,0,1)#" setdomaincookies="no">
<!--- set the user name to blank --->
<cfparam name="Session.UserName" default="">
<!--- set the pass word to blank --->
<cfparam name="Session.Password" default="">    
             
<!--- define Error Templates --->
<cferror type="REQUEST" template="errors/RQ_error.cfm" mailto="me@myplaceof work.org">

<cferror type="VALIDATION" template="errors\Val_error.cfm" mailto="me@myplaceof work.org">
<!--- the application title has not been defined let go get it at SetGlobals.cfm --->
<cfif not ISDefined("application.AppTitle")>
               <cfinclude template="SetGlobals.cfm">
               </cfif>







0
 

Author Comment

by:jriver12
ID: 7051996
meverest,
I beleive that that is something that I would feel comfortable assuming. unfortunately I have had no success with the process could you post an example??

thanks
0
 

Author Comment

by:jriver12
ID: 7057419
for even dist.
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 7057894
Points shared at 100 each per request of jriver12 for your help.  Experts, please comment in your respective links below to complete this.

Points for cmurugavel -> http://www.experts-exchange.com/jsp/qShow.jsp?qid=20308323
Points for dash420 -> http://www.experts-exchange.com/jsp/qShow.jsp?qid=20308326
Points for Soulive -> http://www.experts-exchange.com/jsp/qShow.jsp?qid=20308327

:) Moondancer - EE Moderator
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

A web service (http://en.wikipedia.org/wiki/Web_service) is a software related technology that facilitates machine-to-machine interaction over a network. This article helps beginners in creating and consuming a web service using the ColdFusion Ma…
One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now