CF login vs. SQL login

Question

I have built a couple dozen pages in CF with a MS SQL back
end. Everytime I check to see how the pages are working (F12), it
asks me to sign in. The login box says it's for the coldfusion
server, but the username and password that work are my Windows
username and password (they are tied to the SQL security). I have
had four other people try to login to see what they can get to and
two of the four don't even see a login box (the other two get the
same CF login and they use their Windows information). The girl
that handles my server config tells me it has something to do with
what usergroups we are in, whether they have to login or whether it
just automatically pulls their Windows login data.

I don't mind the Windows information being used for now, but
when we go live on the web, I'm going to have to manage outside
usernames and passwords. I originally had set up a CF login page,
but then I had to login to the Application first and then another
login for the SQL security. Is there any way to just have one
login?

Newsgroup_User · Accepted Answer

Replies inlineBlue Chrome wrote:> That sounds about right, because I think the people whoare having to login > each time are using Mozilla and those that don't areusing IE. When we move > the pages to the live server and everyone accesses thesite via the web, then I > presume everyone will have to sign in to the serverauthentication.They can't 'sign in to the server authentication'. Windowsintegrated security uses the Windows Active Directory network domainsecurity. If you continue to use this security all the users would have tobe members of the domain controller of your network.> So is > there a way to "turn off" the web server authenticationso I can set up a > ColdFusion login? Sure, don't use "Windows integrated Security" in the webserver. If you are planning on using ColdFusion security on a public website, one would probably not use security at the web server level. On acorporate intranet network it is common to use web server security asall the users are usually on the same network.And when I do, can that ColdFusion login be used to grant> permissions to tables/views/stored procedures?That is a bit of a weird question. When a ColdFusionapplication access a database, it is not the client user that is accessing thedatabase. It is the user defined in the ColdFusion Data Source Name(DSN) that accesses the database. When you build a web application allthe users are seen by the database as that same DSN user. And that DSNuser should only have the *MINIMUM* permissions required for theapplication.

Newsgroup_User · Answer

If you are getting the login it sounds to me like you are getting, this
is purely between the web server and your browser and has nothing to do
with ColdFusion.

You are getting this login because the web server has been told to use
some type of authentication. If some windows users are not getting the
login, then the type of authentication chosen sounds like "Windows
Integrated Security" on an IIS web server. With "Windows Integrated
Security", if one is using a windows browser on a windows client to talk
over a windows network to a windows server using a windows web server,
then the login can be done behind the scenes without user interaction.

Otherwise a login dialog box is presented to the user. If you do not
want this to happen, then something about the above configuration would
need to be changed.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded