Participant

Answered

Enabling CAC authentication using IIS7 and CF10

Forum|Forum|12 years ago
October 2, 2013
2 replies
3513 views

I am currently working on a web application written in CF running on IIS7 and CF10 server. We need to replace our login page where our users supply username and password w/ CAC login. The goial being for users to be prompted to enter thier 6 digit PIN assciated w/ their CAC to login to the application as opposed to the username and password thery are currently using. If anyone has any suggestions on how to accomplish it would be much appreciated.

This topic has been closed for replies.

Correct answer Donald Baert

The first step in being able to login with a CAC is making sure that the correct certificates are loaded on your web server. If the right certs are there and the server can read the card it will store the users last name, first name and a unique user ID off of the card at the end of the CGI.cert_subject variable. We added a field to our user database to store this number. We then strip the name and number out of the CGI.cert_subject and compare it to the database. But the key is getting the right certificates on your server, require SSL and Require (or accept) certificate on the SSL Settings. Also, you must disable anonymous authentication and enable windows authentication if you require everyone to login.

Hope this gets you started, if not let me know and I can provide some of our code snippets.

D

Donald BaertCorrect answer

Inspiring

The first step in being able to login with a CAC is making sure that the correct certificates are loaded on your web server. If the right certs are there and the server can read the card it will store the users last name, first name and a unique user ID off of the card at the end of the CGI.cert_subject variable. We added a field to our user database to store this number. We then strip the name and number out of the CGI.cert_subject and compare it to the database. But the key is getting the right certificates on your server, require SSL and Require (or accept) certificate on the SSL Settings. Also, you must disable anonymous authentication and enable windows authentication if you require everyone to login.

Hope this gets you started, if not let me know and I can provide some of our code snippets.

C

cbowie75Author

Participant

Thanks Donald!

We were thinking that was the way to go. Any pieces of code you'd be willing to share would be great. Are you on GitHub?

D

Donald Baert

Inspiring

Sorry, not on github but this snippet should get you the unique user number, their first name and last name.

</cfif>

</cfif>

A

Aegis_Kleais

Inspiring

I thought CAC was just the card number + pin, right?

The CAC is scanned and the user enters a pin number. Since CF cannot interact with the CAC, can the hardware be programmed to send the information to a CFC via an HTTP request?

Like //server/folder/file.cfc?method=authenticateCACRequest&cardID=XXXXXXXXXXXXXXXXXXXXXXXXXXX&pin=YYYYYY

Then just write the code to check against the database and process the response.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded