Asking for network password

Question

Since I am running an all-windows environment, people dont need to login to use my site. I assess permissions based on the nework username. Works great and has been adequate for years.

Now I have a project where we want to allow the end user to enter text into a text box, and commit that information to a database. The problem is that we would like to require the end user to enter their network password at the time of submission to validate that this really is the correct end user, and not just somebody jumping on the computer while another user is logged on.

While I am skeptical as to the validity of this "security measure", it is still up to me to implement it.

I tried using CFLDAP, but that does not give me access to the password, due to the permissions that CF logs in under. The political battle it would take to make that happen is not appealing to me.

Is there a way that I can insert a cfinput field with a type of "password" and validate it somehow? Barring that, can I create my submission page on a page that is NOT set up for authentication, thus immediately prompting for a network password?

Using CF8, BTW.

ilssac · Answer

You don't need access to the password to use ldap.

You collect the user name and password with a form from the client. You then use these usename and password values in the <cfldap..> tag. IF ldap returns a record, it was a correct username and password, if it reutrns an empty recordset, it was not.

That is how we do it here at least. Properly combined with ssl, it is quite secure and is about the best you can do on a web application without getting into biometrics like fingerprints or eye scans or physical securty tongles or something like that.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded