Highlighted

Coldfusion 10 with IIS 7 Windows authenticaiton

New Here ,
Jun 20, 2012

Copy link to clipboard

Copied

I enabled Windows authentication in IIS 7 for a site powered by coldfusion 10. After I logged in, a coldfusion page that dump all the CGI shows REMOTE_USER and AUTH_USER are empty.  The tomcatAuthentication has been set to "false" in server.xml. Does coldfuion10 support IIS Windows authentication? If yes, is there any document on how to configure it? Thanks.

Views

22.7K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Coldfusion 10 with IIS 7 Windows authenticaiton

New Here ,
Jun 20, 2012

Copy link to clipboard

Copied

I enabled Windows authentication in IIS 7 for a site powered by coldfusion 10. After I logged in, a coldfusion page that dump all the CGI shows REMOTE_USER and AUTH_USER are empty.  The tomcatAuthentication has been set to "false" in server.xml. Does coldfuion10 support IIS Windows authentication? If yes, is there any document on how to configure it? Thanks.

Views

22.7K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Jun 20, 2012 0
Explorer ,
Jul 02, 2012

Copy link to clipboard

Copied

Did you ever figure this out?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 02, 2012 0
New Here ,
Jul 06, 2012

Copy link to clipboard

Copied

No.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 06, 2012 0
Most Valuable Participant ,
Jul 03, 2012

Copy link to clipboard

Copied

hust93 wrote:

I enabled Windows authentication in IIS 7 for a site powered by coldfusion 10. After I logged in, a coldfusion page that dump all the CGI shows REMOTE_USER and AUTH_USER are empty.  The tomcatAuthentication has been set to "false" in server.xml. Does coldfuion10 support IIS Windows authentication? If yes, is there any document on how to configure it? Thanks.

Hi hust93,

Please refer to Kevlar's thread (where he posted the solution) here: http://forums.adobe.com/thread/1031711

Thanks,

-Aaron

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 03, 2012 0
New Here ,
Jul 06, 2012

Copy link to clipboard

Copied

Hi Aaron,

Thanks for the instruction. Following the instruction in that thread, I enabled Windows Authentication, set Anonymous Authentication to enabled at root level. Then I disabled anonymous authentication at /sec. When I accessed /sec/dumpCGI.cfm, I was prompted to login, but after I login, dumpCGI.cmf still shows empty REMOTE_USER.

Hong

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 06, 2012 0
Explorer ,
Jul 09, 2012

Copy link to clipboard

Copied

You have windows authentication and anonymous authentication enabled at the server level and then on the folder you enabled windows authentication and disabled anonymous authentication and it still did not populate the CGI.remote_user variable?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 09, 2012 0
New Here ,
Jul 09, 2012

Copy link to clipboard

Copied

Yes. That was exactly what I did. But CGI.remote_user is still empty.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 09, 2012 0
Community Beginner ,
Apr 04, 2013

Copy link to clipboard

Copied

I just encountered the same problem. Did anyone ever find a solution to this? Switching to anonymous authentication and setting the restriction on folder level did not help here either.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Apr 04, 2013 0
Enthusiast ,
Apr 04, 2013

Copy link to clipboard

Copied

What browser are you using?  Some browsers are set to not forward credentials automatically, and instead, need to be configured to do so before the CGI-scoped variables will show up.  A while back when I used Firefox, you had to go into the about:config and search for these keys.

Have a look here:

http://sivel.net/2007/05/firefox-ntlm-sso/

Now that I'm using Chrome, I don't think I had to go through a similar process with it.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Apr 04, 2013 1
Community Beginner ,
Apr 04, 2013

Copy link to clipboard

Copied

MSIE, the same browser that worked with CF 9. Good thought, but this is definitely not a browser-related issue.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Apr 04, 2013 0
Enthusiast ,
Apr 04, 2013

Copy link to clipboard

Copied

Just to confirm, if you click on the site level in IIS 7 and goto AUTHENTICATION, it is enabled there right?  (vs. having maybe just enabled it at the server level, but the site has it disabled still)

I know you said you're using IE, but is it possible to use Chrome and try the request?  Can you install the Web Developer Toolbar and then check under the REQUEST HEADERS to make sure that you see a large entry in the AUTHORIZATION header that is set to NEGOTIATE.

If this entry is empty, then the browser is not sending any credentials to the server.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Apr 04, 2013 0
Community Beginner ,
Apr 05, 2013

Copy link to clipboard

Copied

I think that we have tried every possible combination of authentication settings in IIS. Windows authentication was always activated on all levels and we have experimented with activating anonymous access on server, site and folder level in various combinations - including the one recommended in this thread - all to no avail.

The MSIE browser that is used for testing is a standard browser configuration that is being used for accessing dozens of intranet applications all of which are accessed via integrated Windows authentication, many of them runing on ColdFusion 7/8/9 where cgi.remote_user is working fine but also MS Sharepoint etc. The only server where authentication is not passed through correctly is the one updated to ColdFusion 10. Experimenting with a different browser does not help because it definitely has to work with the standard browser configuration that is used throughout the enterprise.

CF 10 is running on Windows Server 2008 R2/IIS 7.5 here. CF9 was running on the same system and Windows authentication was working fine (same browser, same IIS, same settings).

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Apr 05, 2013 0
Community Beginner ,
Apr 05, 2013

Copy link to clipboard

Copied

just to confirm: I have checked the request header and yes, authorization from the browser is sent correctly

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Apr 05, 2013 0
Enthusiast ,
Apr 05, 2013

Copy link to clipboard

Copied

And the server belongs to the same domain that the client browsing to it is connected to right?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Apr 05, 2013 0
Community Beginner ,
Apr 05, 2013

Copy link to clipboard

Copied

yes. I wish it was that easy to solve The same server was running CF 9 before and everything worked fine until the upgrade to CF 10.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Apr 05, 2013 0
Enthusiast ,
Apr 05, 2013

Copy link to clipboard

Copied

In IIS, if you select the SITE and then AUTHENTICATION and then select WINDOWS AUTHENTICATION, in the right hand side, click on ADVANCED SETTINGS.  Is Kernel-mode authentication enabled?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Apr 05, 2013 0
Community Beginner ,
Apr 05, 2013

Copy link to clipboard

Copied

Yes.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Apr 05, 2013 0
New Here ,
Mar 17, 2015

Copy link to clipboard

Copied

Enable Windows Authentication to the virtual folder "jakarta" (created by CF10) as well.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 17, 2015 0
nak33 LATEST
New Here ,
Mar 11, 2020

Copy link to clipboard

Copied

Ran into the same problem, all the configurations are as discribed buth the cgi.auth_user and cgi.remote_user are blank. 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 11, 2020 0