[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

How to authenticate against Windows Authentication from CFINVOKE

Posted on 2004-10-27
15
Medium Priority
?
1,286 Views
Last Modified: 2013-12-24
Question:

Using cfinvoke to call a MS SQL 2K web service that is behind Windows Authentication in IIS.

The username and password attributes do not work as they are in clear text.  I tried doing this and it didnt work:

<cfinvoke
  webservice = "http://localhost/mywebservice?wsdl"
  method = "myMethod"
  mytext = "SOAP Test"
  username = "username@NTdomain"
  password = "password"
  returnVariable = "foo"/>

How do I authenticate it?
0
Comment
Question by:PSLLC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 4
15 Comments
 
LVL 21

Assisted Solution

by:pinaldave
pinaldave earned 75 total points
ID: 12428107
Hi PSLLC,
!--- Invoke NTSecurity CFC as if it were in the same directory as your calling CFML page. If it is not, you can use dot notation to refer to its location. Read the ColdFusion MX documentation for more details. --->
<cfinvoke
component = "NTSecurity"
method = "authenticateAndGetGroups"
domain = "#Request.myDomain#"
userid = "#Form.UserID#"
passwd = "#Form.Passwd#"
returnVariable = "GetUsers">

http://www.macromedia.com/devnet/mx/coldfusion/articles/ntdomain_1.html


Regards,
---Pinal
0
 
LVL 8

Expert Comment

by:sigmacon
ID: 12429671
I think pinaldave may have misunderstood your question. You are trying to figure out how to authenticate against a MS SQL 2K Webservice, correct? The first guess I would make is proper syntax for the nt login name, which should be:

\\domain\user.name

<cfinvoke
  webservice = "http://localhost/mywebservice?wsdl"
  method = "myMethod"
  mytext = "SOAP Test"
  username = "\\domain\user.name"
  password = "password"
  returnVariable = "foo"/>

If that does not work, please post the most detailed error message you can come up with here.
0
 

Author Comment

by:PSLLC
ID: 12437426
Thanks to both of you - Pinal - hello from your ol' pals in LA.

Yes, I think Pinal misundertood. The web service is on a serparate machine and we need to authenticate against that, not on the same machine.

sigmacon - i dont think your suggestion works because the username password combo of cfinvoke is sent as clear text (Basic Authentication), which is a different authentication method than the web service is behind (Windows Integrated Authentication).  I tried the \\domain\user.name and receieved a 401 error, which is just access denied.  So the question remains how to authenticate :

 Error Occurred While Processing Request
Could not perform web service invocation "mysp_test" because AxisFault faultCode: {http://xml.apache.org/axis/}HTTP faultSubcode: faultString: (401)Access Denied faultActor: faultNode: faultDetail: {}string: return code: 401 &lt;!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML 3.2 Final//EN&quot;&gt; &lt;html dir=ltr&gt; &lt;head&gt; &lt;style&gt; a:link {font:8pt/11pt verdana; color:FF0000} a:visited {font:8pt/11pt verdana; color:#4e4e4e} &lt;/style&gt; &lt;META NAME=&quot;ROBOTS&quot; CONTENT=&quot;NOINDEX&quot;&gt; &lt;title&gt;You are not authorized to view this page&lt;/title&gt; &lt;META HTTP-EQUIV=&quot;Content-Type&quot; Content=&quot;text-html; charset=Windows-1252&quot;&gt; &lt;/head&gt; &lt;script&gt; function Homepage(){ &lt;!-- // in real bits, urls get returned to our script like this: // res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm //For testing use DocURL = &quot;res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"; DocURL=document.URL; /...
 
The error occurred in D:\...mysoap.cfm: line 17

15 :   webservice = "http://mydomain/soap/soap?wsdl"
16 :   method = "mysp_test"
17 :   mytext = "SOAP Test"
18 :   username = "\\mydomain\username"
19 :   password = "password"

Please try the following:

    * Check the ColdFusion documentation to verify that you are using the correct syntax.
    * Search the Knowledge Base to find a solution to your problem.

Browser         Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1
Remote Address         68.123.90.162
Referrer         
Date/Time         28-Oct-04 11:33 AM
Stack Trace
at cfmysoap2ecfm1545139204.runPage(D:\...mysoap.cfm:17)

coldfusion.xml.rpc.ServiceProxy$ServiceInvocationException: Could not perform web service invocation "mysp_test" because AxisFault
 faultCode: {http://xml.apache.org/axis/}HTTP
 faultSubcode:
 faultString: (401)Access Denied
 faultActor:
 faultNode:
 faultDetail:
      {}string: return code:  401
&lt;!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML 3.2 Final//EN&quot;&gt;
&lt;html dir=ltr&gt;

&lt;head&gt;
&lt;style&gt;
a:link                  {font:8pt/11pt verdana; color:FF0000}
a:visited               {font:8pt/11pt verdana; color:#4e4e4e}
&lt;/style&gt;

&lt;META NAME=&quot;ROBOTS&quot; CONTENT=&quot;NOINDEX&quot;&gt;

&lt;title&gt;You are not authorized to view this page&lt;/title&gt;

&lt;META HTTP-EQUIV=&quot;Content-Type&quot; Content=&quot;text-html; charset=Windows-1252&quot;&gt;
&lt;/head&gt;

&lt;script&gt;
function Homepage(){
&lt;!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm

      //For testing use DocURL = &quot;res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm";
      DocURL=document.URL;
      
      /...
      at coldfusion.xml.rpc.ServiceProxy.invokeImpl(Unknown Source)
      at coldfusion.xml.rpc.ServiceProxy.invoke(Unknown Source)
      at coldfusion.runtime.CfJspPage._invoke(CfJspPage.java:1582)
      at coldfusion.tagext.lang.InvokeTag.doEndTag(InvokeTag.java:372)
      at coldfusion.runtime.CfJspPage._emptyTag(CfJspPage.java:1872)
      at cfmysoap2ecfm1545139204.runPage(D:\...mysoap.cfm:17)
      at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:147)
      at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:357)
      at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:62)
      at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:107)
      at coldfusion.filter.PathFilter.invoke(PathFilter.java:80)
      at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:47)
      at coldfusion.filter.BrowserDebugFilter.invoke(BrowserDebugFilter.java:52)
      at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
      at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:35)
      at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:43)
      at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
      at coldfusion.CfmServlet.service(CfmServlet.java:105)
      at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:91)
      at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
      at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:252)
      at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:527)
      at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:192)
      at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:348)
      at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:451)
      at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:294)
      at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)

0
Understanding Web Applications

Without even knowing it, most of us are using web applications on a daily basis. Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We often confuse these web applications tools for websites.  So, what is the difference?

 
LVL 8

Expert Comment

by:sigmacon
ID: 12437500
Sorry about my idea not working. Did you cut of the beginning of the stack trace?

You said the service is on a different computer, but you are using localhost?

Please try this:

<cfinvoke
  webservice = "http://user:password@localhost/mywebservice?wsdl"
  ...

the user name and password in the invocation I think are for the service itself, not for the transport layer authentication. Got my suggestion from:

http://cookbook.soaplite.com/#accessing%20service%20with%20basic%20authentication
0
 
LVL 21

Expert Comment

by:pinaldave
ID: 12437533
>>>  Thanks to both of you - Pinal - hello from your ol' pals in LA.
Well, I do not have to teach to my teachers. I will be quitely subscribed to this thread and listen and learn.
Now, I figured it out who is PSLLC. :=))
Regards,
---Pinal
0
 
LVL 8

Expert Comment

by:sigmacon
ID: 12437758
Well, Pinal, who is PSLLC - and what did you learn from him or her ??
0
 

Author Comment

by:PSLLC
ID: 12437776
Pinal is being very gracious - we worked together when he lived in Los Angeles.  Pinal began his ColdFusion career with us.
0
 
LVL 21

Expert Comment

by:pinaldave
ID: 12437793
Who is PSLLC -
>>> The gang of smartest ColdFusion Programmer I ever knew in my life.

What did you learn from him or her ??
>>> They tought me ColdFusion from scratch. ( I think from them I have first time heard the word CF)
Where ever I am due to them.

Regards,
---Pinal
0
 
LVL 21

Expert Comment

by:pinaldave
ID: 12437807
I am so happy to put this in writing. That PSLLC have started my career in real world.
Regards,
---Pinal
0
 
LVL 8

Expert Comment

by:sigmacon
ID: 12437849
Well, pretty cool. Back to the question: Did anything help so far?
0
 

Author Comment

by:PSLLC
ID: 12438197
hmm.  Not yet.  Again, the username and password

I think this may not be possible.  I found some documentation on CFHTTP's use of username and password, and they are also sent as clear text and the documentation says that those attributes cannot be used to authenticate a Windows Domain.  Basically, we're this is leaving me is this - we probably have to create a SSL connection, and then send the username/password via that using clear text, so that way it'd be encrypted.

BUT - I'd still rather be able to authenticate the webservice using cfinvoke!!!  Argh!!

0
 
LVL 8

Accepted Solution

by:
sigmacon earned 300 total points
ID: 12438305
You are right, for basic authentication, the password is in clear text and SSL is preferred.

What are the settings in IIS that is serving the request for the web service? If it's Basic Authentication, the method I suggested should work. If it is integrated authentication, then the whole thing looks a lot more complicated. In that case, I believe, the user with which the CF service is running needs to be added to the list of allowed users in the security settings on the remote IIS server. Again, you say the servers is remote, but you are testing against localhost?
0
 
LVL 8

Expert Comment

by:sigmacon
ID: 12438350
My assumption about when username / password come into play was wrong - they ARE used for basic authenticaton - but what is your webserver configured to? I am pretty confident that it doesn't work with Integrated Windows Authentication using username / password. The documentation specifically mentions http headers.
0
 

Author Comment

by:PSLLC
ID: 12448212
Here's the final tally I think.

I had the web server set to Windows Authentication, but not by accident, I wanted to see if we could authenticate against a Windows Domain, which we cannot.

Its been changed to basic authentication, and what we'll be doing is just creating an SSL connection to the destination server to ensure the transaction is secure/encrypted.

Thanks for all of your help.
0
 
LVL 21

Expert Comment

by:pinaldave
ID: 12448248
Thank you. =))
PSLLC rocks!
Hello to J&J, B&B and brothers.
0

Featured Post

Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever sent email via ColdFusion and thought of tracking this mail to capture the exact date and time when the message was opened ?  If yes, then this article is for you ! First we need a table user_email with columns user_id , email , sub…
One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question