Skip to main content
E
emmim44
Inspiring
September 15, 2009
Question

Single Sign on Coldfusin App

  • September 15, 2009
  • 1 reply
  • 4577 views

hi all, I am trying to login to my application using my network user/pass, is there way to pass those values to my application? I heard of #cgi_user# but I need to pass the password as well...Thank u all.

This topic has been closed for replies.

1 reply

ilssac
ilssac
Inspiring
September 15, 2009

No the browser does not pass the password to the web server to pass on the the ColdFusion applicaiton server.

At least I have never heard of this, and I am not sure I would want to live in a world where it does.

I have frequently used the Windows Integrated Security feature of the IIS web server to pass the Domain\UserName string to ColdFusion in the cgi.auth-user parameter.  There is a lot that can be done with the infomation combined with the <CFLDAP...> tag to retreive the rest of the user record from the active directory depository.

But no password.

E
emmim44Author
Inspiring
September 15, 2009

Same idea as MS Outlook...currently once i logged into windows, I dont have to enter the same credentials to the outlook...it just opens it...so there is no way to retrieve nt username and pass?

ilssac
ilssac
Inspiring
September 15, 2009

Not that I know of, but why do you think you need the user's password?

NTLM authentication, aka 'Windows Integrated Security' works by saying, this user is authenticated on the client machine.  Here is their domain/userName value.  Use it as necessary.  I have never needed to have the password passed in behind the scenes to authorize users to a web site, or portion there of.  And honestly that sounds like a bad idea to me.

When I have need a password to authenticate a user, I have asked for it with a form, at the moment the authentication is required.  Because any earlier authentication may no longer be valid.  I.E. the user has left their desk and somebody else has sat down at their computer.

Remember there are two parts to security:

Authentication:  Prove you are you.

Authorization:  Here is that access you are allowed.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices