Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 552
  • Last Modified:

Just out of curiosity

is there a way to authenticate using the users nt login.

I see that there is a cgi variable for
AUTH_TYPE=NTLM
AUTH_USER=
HTTP_AUTHORIZATION
VS
Creating a login app that passes the information in plain text and writes it in plain text to the logs.
or am I wrong in my assumption.
0
jriver12
Asked:
jriver12
1 Solution
 
meverestCommented:
Hello,

you can use the http_auth_user cgi variable to get the username of the loggon on user.  it is safe to assume that the password is valid because you will only find that variable set if the web server has successfully authed that user.

then you can have a db table of usernames with your relevent application variables - user preferences, access lists etc.

cheers.
0
 
cmurugavelCommented:
Hi,

You can use below code in your application.cfm

<CFSET #UserId# = cgi.auth_user>


finally you can store #UserId# into your database for further use.

--C.M
0
 
dash420Commented:
you can use
  #cgi.remote_user# it will give the nt user id .
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
SouliveCommented:
It just so happens that I'm in the middle of trying to solve a similar dilema.  The way it works is as follows.  The user must be using IIS for your web server and Internet Explorer for your browser for it to work because netscape will not use windows authentication.  You must first go into IIS console management, click on the directory or individual file that you want to secure.  Go to properties and click on Directory Security.  Under there, click on Edit under Anonymous Access and Authentication Control.  Make sure that Integrated Windows Authentication is the only thing checked.  You could use Basic authentication but it's much less secure.  Once you ok and apply this, you will notice that the cgi.AUTH_USER variable now has the domain\username of whomever is logged in on the machine accessing the website.  
   Furthermore, if you want to restrict access to certain users, you will have to go outside of IIS into the file security, remove the EVERYONE option and restrict access to individuals or groups of users.
0
 
jriver12Author Commented:
Soulive,

I like the way your solution sounds, let me play with it and I will let you know. :^)
0
 
jriver12Author Commented:
Soulive,
your suggestion seems to work, but I am having questions on the following issues:

1.  When my session is timed out and my user tries to perform another action it is not prompting them to log back in.
is this happening because the user is already authenticated thru ntlm?

2. what exactly is the CGI.Auth_password and how do I  set it.?

3.  I have tried but failed on this next one.  by looking at the code that I have attached,
I would like the system to first, check and see if the AUth_user is  not "" and if it isn't I would like them to go ahead and not have to log in again,
(knowing that this app is internal only)
once my user logs into my network then i am making an assumption that they are authorized to use the app.

of course cf server will check and see if they are one of the auth users and if not they will not be allowed to view the pages.

can you take a look at this and tell me why the above issues are either happening or not happening Please?

here is the code.
application.cfm

<!--- CHECK FOR A USERNAME --->
<CFPARAM name="usador" default="Yes">

<CFIF IsDefined("Cookie.Username")>
   <CFSET USERNAME=Cookie.Username>
<CFELSE>
   <CFSET USERNAME="">
   <CFIF IsDefined("Form.Username")>
      <CFSET USERNAME=Form.Username>
      <CFCOOKIE NAME="username" VALUE="#Form.Username#">
   <CFELSE>
      <CFSET usador = "No">
   </CFIF>
</CFIF>

<!--- CHECK FOR A PASSWORD --->
<CFPARAM name="palabrasecreta" default="Yes">

<CFIF IsDefined("Cookie.Password")>
   <CFSET PASSWORD=Cookie.Password>
<CFELSE>
   <CFSET PASSWORD="">
   <CFIF IsDefined("Form.Password")>
      <CFSET PASSWORD=Form.Password>
      <CFCOOKIE NAME="password" VALUE="#Form.Password#">
   <CFELSE>
      <CFSET palabrasecreta = "No">
   </CFIF>
</CFIF>

<!--- CHECK AUTHENTICATION STATUS AND IF NOT AUTHENTICATED HANDLE IT --->
<CFIF NOT IsAuthenticated()>

   <!--- IF WE HAVE A PASSWORD AND USERNAME, TRY AUTHENTICATING --->
   <CFIF usador and palabrasecreta>
      <CFTRY>
         <CFAUTHENTICATE
         SECURITYCONTEXT="exposition_context"
         USERNAME="#USERNAME#"
         PASSWORD="#PASSWORD#"
         SETCOOKIE="Yes">

         <!--- IF AN EXCEPTION IS THROWN, HANDLE IT --->
         <CFCATCH TYPE="Security">
            <CFCOOKIE NAME="username" VALUE="" EXPIRES="NOW">
            <CFCOOKIE NAME="password" VALUE="" EXPIRES="NOW">
            <CFLOCATION URL="index.cfm">
         </CFCATCH>
      </CFTRY>
   </CFIF>

   <!--- OUTPUT A LOGIN FORM --->
   <FORM ACTION="index.cfm" METHOD="POST">
      Username: <INPUT TYPE=text NAME="username"><BR>
      Password: <INPUT TYPE=password NAME="password"><BR>
      <INPUT TYPE=submit VALUE="LOGIN">
   </FORM>

   <CFABORT>

</CFIF>

<!--- USER IS AUTHENTICATED, SO WE CONTINUE --->

<cfapplication name="intranet"
clientmanagement="Yes"
sessionmanagement="Yes"
setclientcookies="Yes" sessiontimeout="#CreateTimeSpan(0,0,0,1)#" applicationtimeout="#CreateTimeSpan(0,0,0,1)#" setdomaincookies="no">
<!--- set the user name to blank --->
<cfparam name="Session.UserName" default="">
<!--- set the pass word to blank --->
<cfparam name="Session.Password" default="">    
             
<!--- define Error Templates --->
<cferror type="REQUEST" template="errors/RQ_error.cfm" mailto="me@myplaceof work.org">

<cferror type="VALIDATION" template="errors\Val_error.cfm" mailto="me@myplaceof work.org">
<!--- the application title has not been defined let go get it at SetGlobals.cfm --->
<cfif not ISDefined("application.AppTitle")>
               <cfinclude template="SetGlobals.cfm">
               </cfif>







0
 
jriver12Author Commented:
meverest,
I beleive that that is something that I would feel comfortable assuming. unfortunately I have had no success with the process could you post an example??

thanks
0
 
jriver12Author Commented:
for even dist.
0
 
MoondancerCommented:
Points shared at 100 each per request of jriver12 for your help.  Experts, please comment in your respective links below to complete this.

Points for cmurugavel -> http://www.experts-exchange.com/jsp/qShow.jsp?qid=20308323
Points for dash420 -> http://www.experts-exchange.com/jsp/qShow.jsp?qid=20308326
Points for Soulive -> http://www.experts-exchange.com/jsp/qShow.jsp?qid=20308327

:) Moondancer - EE Moderator
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now