Skip to main content
D
Donald Baert
Inspiring
July 24, 2013
Question

Setting Authentication and SSL Settings by folder/file in ColdFusion 10

  • July 24, 2013
  • 1 reply
  • 2507 views

Am attempting to upgrade to ColdFusion 10 (patched to current level) on our development network.  We are running Windows Server 2008 R2.  On both of the below instances it worked fine with ColdFusion 8 and 9.

On the first instance the entire site is SSL with the exception of one directory.  The entire site is set to Anonymous Authentication Disabled and Windows Authentication Enabled for the entire site except for the one directory that is not SSL.  On ColdFusion 10, that one directory that is not supposed to be SSL and have anonymous authentication will not allow access unless you hit it with an https: and authenticate.  It ignores the settings for that directory and uses the overall site settings.

On another instance the entire site is set to Anonymous Authentication except one file (login.cfm) is set to Windows Authentication.  When you enter that site it hits the login.cfm, if you authenticate it gives you more options.  If you don't you still get in but without the extra options.  The system ignores the Windows Authentication and defaults to the overall site's setting of Anonymous Authentication.  I have tried setting the authentication at the site level to both Anonymous and Windows then going through individual directories and changing them to what they should be, but the settings are ignored and it uses the overall site settings.

Is Tomcat somehow overriding the page/folder specific SSL and or Authentication settings?

This topic has been closed for replies.

1 reply

Charlie Arehart
Community Expert
Charlie ArehartCommunity Expert
Community Expert
August 1, 2013

Donald, you say CF10 is “patched to current level”, but to be clear, did you rebuild the web connector after updating CF10? Many miss that (despite it being indicated on the CF10 update pages).

Here’s how you can check things; if the isapi_redirect.dll (in cf10’s config/wsconfig/nn/ directory) is March or November of last year, it’s not updated. It should show a 2013 date. If it does not, you need to remove and re-add the connection between IIS and CF, using the CF web server config tool.

That may not solve your problem (I don’t know if your issue is one of the many Adobe has fixed with the updates to the connector, made in a few of the different CF 10 updates), but we should rule it out before going further.

/charlie

/Charlie (troubleshooter, carehart. org)
D
Donald BaertAuthor
Inspiring
August 1, 2013

Charlie, The instance I was trying to work with had a date of May 23, 2013.  The main instance had the 2012 date.  I rebuilt both web connectors, checked and they both now have the May 23, 2013 date but I still have the same problem.  I don't know where to go from here, everything else seems to work great, but the authentication and SLL are very important to us.

/don

Charlie Arehart
Community Expert
Charlie ArehartCommunity Expert
Community Expert
August 2, 2013

Thanks for the clarification. I was focused primarily on helping you rule out the connector issue as a possible explanation.

Moving to your specific SSL/auth challenge, perhaps you can help readers better understand your situation. You indicate that you’re trying to do this on CF10 on Server 2008.

Are you saying that it worked for CF8 and 9 on the same machine (running the same Server 2008)? Or was that on another machine? And/or perhaps on server 2003? Is it possible that the difference is there? Or perhaps in a difference in how you configured IIS for that CF8/9 setup compared to CF10?

Also, was that previous setup with IIS 6? Is this new setup on IIS 7? Was the previous on 32-bit? Is the new on 64-bit?

All these variations could be at root of your problem, but I appreciate that they may not be. Again, as with my question about the connector, my goal is as much to lead you to ruling out things it may or cannot be, so you can focus better on what it might/must be.

Let us know, and we can perhaps offer more for you.

/charlie

/Charlie (troubleshooter, carehart. org)
Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices