Skip to main content
A
Anonymous
July 24, 2007
Question

Pass current login name to coldfusion

  • July 24, 2007
  • 5 replies
  • 5282 views
I am developing an Intranet page for my company, and we are thinking of using coldfusion. We use Active directory to log into the network. How can I log a user into a CFML application using thier NT credentials without giving them a login form? Basiclly, can i use passthrough authentication to send username, password, and domain to the coldfusion server from the users browser?
    This topic has been closed for replies.

    5 replies

    tclaremont
    tclaremont
    Inspiring
    July 31, 2007
    What is your purpose in connecting to the LDAP server? What information are you trying to retrieve?
    D
    Dan_Bracuk
    Inspiring
    July 24, 2007
    quote:
    Originally posted by: Dino-C
    I am developing an Intranet page for my company, and we are thinking of using coldfusion. We use Active directory to log into the network. How can I log a user into a CFML application using thier NT credentials without giving them a login form? Basiclly, can i use passthrough authentication to send username, password, and domain to the coldfusion server from the users browser?

    You can, but it may or may not be a good idea.

    I also work in an intranet environment and we have to contend with situations like:
    User A might be at User B's desk, and wants to access the web app from there. He should be able to.
    We use vpn to work from offsite on occasion, and when we do, we don't log into the domain.
    We have common use computers.

    If you have any of those situations, you might want to re-think automatically logging people in.
    tclaremont
    tclaremont
    Inspiring
    July 24, 2007
    You dont need the password. You just need the name of the user, which is present only because they are authenticated on the domain.

    I keep a simple table with username and what rights they have. When the user hits a page, CF determines what they can and cannot do, and responds accordingly. I am not using CFNTAuthenticate, CFlogin, etc. etc.
    M
    Mattastic
    Inspiring
    July 24, 2007
    If you have integrated authentication enabled in IIS, CGI.AUTH_USER will be set to the DOMAIN\username of the current user.

    You can use this with cfldap to lookup the current user, the syntax can be a bit tricky, but something like this would do:

    <cfset username = RemoveChars(CGI.AUTH_USER,1,10) >
    <cfldap
    action="QUERY"
    name="getinfo"
    attributes="cn, displayname, memberof"
    start="ou=foo,dc=foo,dc=co,dc=uk"
    scope="subtree"
    separator="|"
    server="foo.foo.co.uk"
    username="directorymaster"
    password="xxx"
    filter="(samaccountname=#UserName#)">

    A
    Anonymous
    July 24, 2007
    The CFLdap tag requires a username, and password to look up info in the directory, I could use cgi.auth_user to supply the username, how could I supply the password, and server? is that even possible?
    BKBK
    Community Expert
    BKBKCommunity Expert
    Community Expert
    July 24, 2007
    I am developing an Intranet page for my company, and we are thinking of using coldfusion.
    Wise.

    How can I log a user into a CFML application using thier NT credentials without giving them a login form? Basiclly, can i use passthrough authentication to send username, password, and domain to the coldfusion server from the users browser?
    The solution is to use the tags cfNTauthenticate, cflogin and cfloginuser. They enable you to pass the NT credentials to Coldfusion. The livedocs on cfNTauthenticate include an elaborate example which you can adapt to your needs.


    A
    Anonymous
    July 30, 2007
    quote:
    Originally posted by: BKBK
    I am developing an Intranet page for my company, and we are thinking of using coldfusion.
    Wise.

    How can I log a user into a CFML application using thier NT credentials without giving them a login form? Basiclly, can i use passthrough authentication to send username, password, and domain to the coldfusion server from the users browser?
    The solution is to use the tags cfNTauthenticate, cflogin and cfloginuser. They enable you to pass the NT credentials to Coldfusion. The livedocs on cfNTauthenticate include an elaborate example which you can adapt to your needs.




    BKBK, can't the burden of authentication be put on the web server and if the user was logged into a domain already, can't the web server authenticate the user by looking at the domain/userID. The goal is to make the user log in only once. Is IIS capable of this?

    M
    Michael8
    Participating Frequently
    July 31, 2007
    Enable basic authentication on the web site. Put a SSL certificate on the web site to keep the password secure. Then, the browser will prompt the user for their credentials.

    If you do this, you won't need to use LDAP to authenticate the user.

    If you are building an HTML form-based model, then you can use CFLDAP to check the username and password against Active Directory.
    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices