jriver12
asked on
Just out of curiosity
is there a way to authenticate using the users nt login.
I see that there is a cgi variable for
AUTH_TYPE=NTLM
AUTH_USER=
HTTP_AUTHORIZATION
VS
Creating a login app that passes the information in plain text and writes it in plain text to the logs.
or am I wrong in my assumption.
I see that there is a cgi variable for
AUTH_TYPE=NTLM
AUTH_USER=
HTTP_AUTHORIZATION
VS
Creating a login app that passes the information in plain text and writes it in plain text to the logs.
or am I wrong in my assumption.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you can use
#cgi.remote_user# it will give the nt user id .
#cgi.remote_user# it will give the nt user id .
It just so happens that I'm in the middle of trying to solve a similar dilema. The way it works is as follows. The user must be using IIS for your web server and Internet Explorer for your browser for it to work because netscape will not use windows authentication. You must first go into IIS console management, click on the directory or individual file that you want to secure. Go to properties and click on Directory Security. Under there, click on Edit under Anonymous Access and Authentication Control. Make sure that Integrated Windows Authentication is the only thing checked. You could use Basic authentication but it's much less secure. Once you ok and apply this, you will notice that the cgi.AUTH_USER variable now has the domain\username of whomever is logged in on the machine accessing the website.
Furthermore, if you want to restrict access to certain users, you will have to go outside of IIS into the file security, remove the EVERYONE option and restrict access to individuals or groups of users.
Furthermore, if you want to restrict access to certain users, you will have to go outside of IIS into the file security, remove the EVERYONE option and restrict access to individuals or groups of users.
ASKER
Soulive,
I like the way your solution sounds, let me play with it and I will let you know. :^)
I like the way your solution sounds, let me play with it and I will let you know. :^)
ASKER
Soulive,
your suggestion seems to work, but I am having questions on the following issues:
1. When my session is timed out and my user tries to perform another action it is not prompting them to log back in.
is this happening because the user is already authenticated thru ntlm?
2. what exactly is the CGI.Auth_password and how do I set it.?
3. I have tried but failed on this next one. by looking at the code that I have attached,
I would like the system to first, check and see if the AUth_user is not "" and if it isn't I would like them to go ahead and not have to log in again,
(knowing that this app is internal only)
once my user logs into my network then i am making an assumption that they are authorized to use the app.
of course cf server will check and see if they are one of the auth users and if not they will not be allowed to view the pages.
can you take a look at this and tell me why the above issues are either happening or not happening Please?
here is the code.
application.cfm
<!--- CHECK FOR A USERNAME --->
<CFPARAM name="usador" default="Yes">
<CFIF IsDefined("Cookie.Username ")>
<CFSET USERNAME=Cookie.Username>
<CFELSE>
<CFSET USERNAME="">
<CFIF IsDefined("Form.Username") >
<CFSET USERNAME=Form.Username>
<CFCOOKIE NAME="username" VALUE="#Form.Username#">
<CFELSE>
<CFSET usador = "No">
</CFIF>
</CFIF>
<!--- CHECK FOR A PASSWORD --->
<CFPARAM name="palabrasecreta" default="Yes">
<CFIF IsDefined("Cookie.Password ")>
<CFSET PASSWORD=Cookie.Password>
<CFELSE>
<CFSET PASSWORD="">
<CFIF IsDefined("Form.Password") >
<CFSET PASSWORD=Form.Password>
<CFCOOKIE NAME="password" VALUE="#Form.Password#">
<CFELSE>
<CFSET palabrasecreta = "No">
</CFIF>
</CFIF>
<!--- CHECK AUTHENTICATION STATUS AND IF NOT AUTHENTICATED HANDLE IT --->
<CFIF NOT IsAuthenticated()>
<!--- IF WE HAVE A PASSWORD AND USERNAME, TRY AUTHENTICATING --->
<CFIF usador and palabrasecreta>
<CFTRY>
<CFAUTHENTICATE
SECURITYCONTEXT="expositio n_context"
USERNAME="#USERNAME#"
PASSWORD="#PASSWORD#"
SETCOOKIE="Yes">
<!--- IF AN EXCEPTION IS THROWN, HANDLE IT --->
<CFCATCH TYPE="Security">
<CFCOOKIE NAME="username" VALUE="" EXPIRES="NOW">
<CFCOOKIE NAME="password" VALUE="" EXPIRES="NOW">
<CFLOCATION URL="index.cfm">
</CFCATCH>
</CFTRY>
</CFIF>
<!--- OUTPUT A LOGIN FORM --->
<FORM ACTION="index.cfm" METHOD="POST">
Username: <INPUT TYPE=text NAME="username"><BR>
Password: <INPUT TYPE=password NAME="password"><BR>
<INPUT TYPE=submit VALUE="LOGIN">
</FORM>
<CFABORT>
</CFIF>
<!--- USER IS AUTHENTICATED, SO WE CONTINUE --->
<cfapplication name="intranet"
clientmanagement="Yes"
sessionmanagement="Yes"
setclientcookies="Yes" sessiontimeout="#CreateTim eSpan(0,0, 0,1)#" applicationtimeout="#Creat eTimeSpan( 0,0,0,1)#" setdomaincookies="no">
<!--- set the user name to blank --->
<cfparam name="Session.UserName" default="">
<!--- set the pass word to blank --->
<cfparam name="Session.Password" default="">
<!--- define Error Templates --->
<cferror type="REQUEST" template="errors/RQ_error. cfm" mailto="me@myplaceof work.org">
<cferror type="VALIDATION" template="errors\Val_error .cfm" mailto="me@myplaceof work.org">
<!--- the application title has not been defined let go get it at SetGlobals.cfm --->
<cfif not ISDefined("application.App Title")>
<cfinclude template="SetGlobals.cfm">
</cfif>
your suggestion seems to work, but I am having questions on the following issues:
1. When my session is timed out and my user tries to perform another action it is not prompting them to log back in.
is this happening because the user is already authenticated thru ntlm?
2. what exactly is the CGI.Auth_password and how do I set it.?
3. I have tried but failed on this next one. by looking at the code that I have attached,
I would like the system to first, check and see if the AUth_user is not "" and if it isn't I would like them to go ahead and not have to log in again,
(knowing that this app is internal only)
once my user logs into my network then i am making an assumption that they are authorized to use the app.
of course cf server will check and see if they are one of the auth users and if not they will not be allowed to view the pages.
can you take a look at this and tell me why the above issues are either happening or not happening Please?
here is the code.
application.cfm
<!--- CHECK FOR A USERNAME --->
<CFPARAM name="usador" default="Yes">
<CFIF IsDefined("Cookie.Username
<CFSET USERNAME=Cookie.Username>
<CFELSE>
<CFSET USERNAME="">
<CFIF IsDefined("Form.Username")
<CFSET USERNAME=Form.Username>
<CFCOOKIE NAME="username" VALUE="#Form.Username#">
<CFELSE>
<CFSET usador = "No">
</CFIF>
</CFIF>
<!--- CHECK FOR A PASSWORD --->
<CFPARAM name="palabrasecreta" default="Yes">
<CFIF IsDefined("Cookie.Password
<CFSET PASSWORD=Cookie.Password>
<CFELSE>
<CFSET PASSWORD="">
<CFIF IsDefined("Form.Password")
<CFSET PASSWORD=Form.Password>
<CFCOOKIE NAME="password" VALUE="#Form.Password#">
<CFELSE>
<CFSET palabrasecreta = "No">
</CFIF>
</CFIF>
<!--- CHECK AUTHENTICATION STATUS AND IF NOT AUTHENTICATED HANDLE IT --->
<CFIF NOT IsAuthenticated()>
<!--- IF WE HAVE A PASSWORD AND USERNAME, TRY AUTHENTICATING --->
<CFIF usador and palabrasecreta>
<CFTRY>
<CFAUTHENTICATE
SECURITYCONTEXT="expositio
USERNAME="#USERNAME#"
PASSWORD="#PASSWORD#"
SETCOOKIE="Yes">
<!--- IF AN EXCEPTION IS THROWN, HANDLE IT --->
<CFCATCH TYPE="Security">
<CFCOOKIE NAME="username" VALUE="" EXPIRES="NOW">
<CFCOOKIE NAME="password" VALUE="" EXPIRES="NOW">
<CFLOCATION URL="index.cfm">
</CFCATCH>
</CFTRY>
</CFIF>
<!--- OUTPUT A LOGIN FORM --->
<FORM ACTION="index.cfm" METHOD="POST">
Username: <INPUT TYPE=text NAME="username"><BR>
Password: <INPUT TYPE=password NAME="password"><BR>
<INPUT TYPE=submit VALUE="LOGIN">
</FORM>
<CFABORT>
</CFIF>
<!--- USER IS AUTHENTICATED, SO WE CONTINUE --->
<cfapplication name="intranet"
clientmanagement="Yes"
sessionmanagement="Yes"
setclientcookies="Yes" sessiontimeout="#CreateTim
<!--- set the user name to blank --->
<cfparam name="Session.UserName" default="">
<!--- set the pass word to blank --->
<cfparam name="Session.Password" default="">
<!--- define Error Templates --->
<cferror type="REQUEST" template="errors/RQ_error.
<cferror type="VALIDATION" template="errors\Val_error
<!--- the application title has not been defined let go get it at SetGlobals.cfm --->
<cfif not ISDefined("application.App
<cfinclude template="SetGlobals.cfm">
</cfif>
ASKER
meverest,
I beleive that that is something that I would feel comfortable assuming. unfortunately I have had no success with the process could you post an example??
thanks
I beleive that that is something that I would feel comfortable assuming. unfortunately I have had no success with the process could you post an example??
thanks
ASKER
for even dist.
Points shared at 100 each per request of jriver12 for your help. Experts, please comment in your respective links below to complete this.
Points for cmurugavel -> https://www.experts-exchange.com/jsp/qShow.jsp?qid=20308323
Points for dash420 -> https://www.experts-exchange.com/jsp/qShow.jsp?qid=20308326
Points for Soulive -> https://www.experts-exchange.com/jsp/qShow.jsp?qid=20308327
:) Moondancer - EE Moderator
Points for cmurugavel -> https://www.experts-exchange.com/jsp/qShow.jsp?qid=20308323
Points for dash420 -> https://www.experts-exchange.com/jsp/qShow.jsp?qid=20308326
Points for Soulive -> https://www.experts-exchange.com/jsp/qShow.jsp?qid=20308327
:) Moondancer - EE Moderator
You can use below code in your application.cfm
<CFSET #UserId# = cgi.auth_user>
finally you can store #UserId# into your database for further use.
--C.M