?
Solved

Just out of curiosity

Posted on 2002-05-29
9
Medium Priority
?
554 Views
Last Modified: 2013-12-24
is there a way to authenticate using the users nt login.

I see that there is a cgi variable for
AUTH_TYPE=NTLM
AUTH_USER=
HTTP_AUTHORIZATION
VS
Creating a login app that passes the information in plain text and writes it in plain text to the logs.
or am I wrong in my assumption.
0
Comment
Question by:jriver12
9 Comments
 
LVL 37

Accepted Solution

by:
meverest earned 400 total points
ID: 7043411
Hello,

you can use the http_auth_user cgi variable to get the username of the loggon on user.  it is safe to assume that the password is valid because you will only find that variable set if the web server has successfully authed that user.

then you can have a db table of usernames with your relevent application variables - user preferences, access lists etc.

cheers.
0
 
LVL 1

Expert Comment

by:cmurugavel
ID: 7043791
Hi,

You can use below code in your application.cfm

<CFSET #UserId# = cgi.auth_user>


finally you can store #UserId# into your database for further use.

--C.M
0
 
LVL 6

Expert Comment

by:dash420
ID: 7043991
you can use
  #cgi.remote_user# it will give the nt user id .
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
LVL 1

Expert Comment

by:Soulive
ID: 7046892
It just so happens that I'm in the middle of trying to solve a similar dilema.  The way it works is as follows.  The user must be using IIS for your web server and Internet Explorer for your browser for it to work because netscape will not use windows authentication.  You must first go into IIS console management, click on the directory or individual file that you want to secure.  Go to properties and click on Directory Security.  Under there, click on Edit under Anonymous Access and Authentication Control.  Make sure that Integrated Windows Authentication is the only thing checked.  You could use Basic authentication but it's much less secure.  Once you ok and apply this, you will notice that the cgi.AUTH_USER variable now has the domain\username of whomever is logged in on the machine accessing the website.  
   Furthermore, if you want to restrict access to certain users, you will have to go outside of IIS into the file security, remove the EVERYONE option and restrict access to individuals or groups of users.
0
 

Author Comment

by:jriver12
ID: 7047265
Soulive,

I like the way your solution sounds, let me play with it and I will let you know. :^)
0
 

Author Comment

by:jriver12
ID: 7051118
Soulive,
your suggestion seems to work, but I am having questions on the following issues:

1.  When my session is timed out and my user tries to perform another action it is not prompting them to log back in.
is this happening because the user is already authenticated thru ntlm?

2. what exactly is the CGI.Auth_password and how do I  set it.?

3.  I have tried but failed on this next one.  by looking at the code that I have attached,
I would like the system to first, check and see if the AUth_user is  not "" and if it isn't I would like them to go ahead and not have to log in again,
(knowing that this app is internal only)
once my user logs into my network then i am making an assumption that they are authorized to use the app.

of course cf server will check and see if they are one of the auth users and if not they will not be allowed to view the pages.

can you take a look at this and tell me why the above issues are either happening or not happening Please?

here is the code.
application.cfm

<!--- CHECK FOR A USERNAME --->
<CFPARAM name="usador" default="Yes">

<CFIF IsDefined("Cookie.Username")>
   <CFSET USERNAME=Cookie.Username>
<CFELSE>
   <CFSET USERNAME="">
   <CFIF IsDefined("Form.Username")>
      <CFSET USERNAME=Form.Username>
      <CFCOOKIE NAME="username" VALUE="#Form.Username#">
   <CFELSE>
      <CFSET usador = "No">
   </CFIF>
</CFIF>

<!--- CHECK FOR A PASSWORD --->
<CFPARAM name="palabrasecreta" default="Yes">

<CFIF IsDefined("Cookie.Password")>
   <CFSET PASSWORD=Cookie.Password>
<CFELSE>
   <CFSET PASSWORD="">
   <CFIF IsDefined("Form.Password")>
      <CFSET PASSWORD=Form.Password>
      <CFCOOKIE NAME="password" VALUE="#Form.Password#">
   <CFELSE>
      <CFSET palabrasecreta = "No">
   </CFIF>
</CFIF>

<!--- CHECK AUTHENTICATION STATUS AND IF NOT AUTHENTICATED HANDLE IT --->
<CFIF NOT IsAuthenticated()>

   <!--- IF WE HAVE A PASSWORD AND USERNAME, TRY AUTHENTICATING --->
   <CFIF usador and palabrasecreta>
      <CFTRY>
         <CFAUTHENTICATE
         SECURITYCONTEXT="exposition_context"
         USERNAME="#USERNAME#"
         PASSWORD="#PASSWORD#"
         SETCOOKIE="Yes">

         <!--- IF AN EXCEPTION IS THROWN, HANDLE IT --->
         <CFCATCH TYPE="Security">
            <CFCOOKIE NAME="username" VALUE="" EXPIRES="NOW">
            <CFCOOKIE NAME="password" VALUE="" EXPIRES="NOW">
            <CFLOCATION URL="index.cfm">
         </CFCATCH>
      </CFTRY>
   </CFIF>

   <!--- OUTPUT A LOGIN FORM --->
   <FORM ACTION="index.cfm" METHOD="POST">
      Username: <INPUT TYPE=text NAME="username"><BR>
      Password: <INPUT TYPE=password NAME="password"><BR>
      <INPUT TYPE=submit VALUE="LOGIN">
   </FORM>

   <CFABORT>

</CFIF>

<!--- USER IS AUTHENTICATED, SO WE CONTINUE --->

<cfapplication name="intranet"
clientmanagement="Yes"
sessionmanagement="Yes"
setclientcookies="Yes" sessiontimeout="#CreateTimeSpan(0,0,0,1)#" applicationtimeout="#CreateTimeSpan(0,0,0,1)#" setdomaincookies="no">
<!--- set the user name to blank --->
<cfparam name="Session.UserName" default="">
<!--- set the pass word to blank --->
<cfparam name="Session.Password" default="">    
             
<!--- define Error Templates --->
<cferror type="REQUEST" template="errors/RQ_error.cfm" mailto="me@myplaceof work.org">

<cferror type="VALIDATION" template="errors\Val_error.cfm" mailto="me@myplaceof work.org">
<!--- the application title has not been defined let go get it at SetGlobals.cfm --->
<cfif not ISDefined("application.AppTitle")>
               <cfinclude template="SetGlobals.cfm">
               </cfif>







0
 

Author Comment

by:jriver12
ID: 7051996
meverest,
I beleive that that is something that I would feel comfortable assuming. unfortunately I have had no success with the process could you post an example??

thanks
0
 

Author Comment

by:jriver12
ID: 7057419
for even dist.
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 7057894
Points shared at 100 each per request of jriver12 for your help.  Experts, please comment in your respective links below to complete this.

Points for cmurugavel -> http://www.experts-exchange.com/jsp/qShow.jsp?qid=20308323
Points for dash420 -> http://www.experts-exchange.com/jsp/qShow.jsp?qid=20308326
Points for Soulive -> http://www.experts-exchange.com/jsp/qShow.jsp?qid=20308327

:) Moondancer - EE Moderator
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Most ColdFusion developers get confused between the CFSet, Duplicate, and Structcopy methods of copying a Structure, especially which one to use when. This Article will explain the differences in the approaches with examples; therefore, after readin…
Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
In the video, one can understand the process of resizing images in single or bulk. Kernel Bulk Image Resizer is an easy to use tool for resizing large number of images. One can add and resize multiple images with this tool in single go. The video sh…

568 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question