Skip to main content
A
apocalipsis19
Inspiring
June 25, 2008
Question

Windows Authentication on a Coldfusion Application

  • June 25, 2008
  • 6 replies
  • 6648 views
Hi community!

I am working on a coldfusion application and I had a meeting today to show my client my progress. The IT director asked if they could use Windows Authentication in the new program because the doctors and therapists forget everything. My answer was kind of defensive but they asked me to figure that out.

I have no idea as where to start! Can somebody put some light in my head?
Any thoughts? Any ideas? Any resources?

I work full time in a software development company, this project is part of the jobs I do on the side so I can afford gas! he,he In my primary job we have never created a coldfusion app that works like that. So that's why I am confused.

Thanks fellows!
This topic has been closed for replies.

6 replies

tclaremont
tclaremont
Inspiring
July 2, 2008
Forget my post about windows authentication if you are using Apache. Looks like CFNTAUTHENTICATE might be the direction to look into.
A
apocalipsis19Author
Inspiring
July 1, 2008
Hi guys! All of your responses are really useful. I will continue to research. I will provide more information about my network so you guys have a better idea of what I am dealing with. My network runs on Windows Server 2003. It's a wide area network that connects 8 clinics and 2 main offices in a radius of 75 miles. So I am dealing with doctors, therapists, etc.

My web app runs on Apache Web Server and I am writing the new application in Coldfusion 8. I am using a Microsoft SQL 2005 database. I appreciate more ideas! Thanks a lot guys!
V
Vurcease
Participating Frequently
July 1, 2008
We have several applications that authenticate against a Windows Server 2003 Active Directory via general LDAP calls. The LDAP bind itself is contained inside a component, and it's boolean return dictates the flow of the cflogin tag to authenticate the user.


A
Anonymous
June 30, 2008
The easirt solution will be to start using <cfntauthenticate> tag as you can verify the login against an NT/AD domain
tclaremont
tclaremont
Inspiring
June 26, 2008
I use integrated Windows Authntication on my intranet. There is a checkbox for it under IIS.

This allows the uername to be visible to CF using the #cgi.auth_user# variable.

As for security, I maintain a data table with each username and appropriate permissions. In my application, I merely confirm that the currently logged in user is authorized for given areas of my site.

Works great. The only real caveat is that some places might aruge that you are not verifying that the person behind the keyboard is really the person currently logged into that particular machine on the network. My defense is that this scenario is the responsibility of the currently logged in user, rather than the web developer. Your environment may dictate more stringent criteria or verification.

BTW: My implementation has passed muster with our security audits in the medical field for the last eight or nine years.
    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices