Good Afternoon all,
In the search to capture the windows login id on a unix server, I found code
jsp code that captures the pin through the http header using NTLM. With our
servers, we cannot install any additional software, and they strive to keep the
windows/unix environments as separated as possible.
The jsp code posted on JGuru by Chad Skeeters (giving credit where credit is
due), successfully returns the user name, local machine and domain. Now the
trick is trying to get that into cold fusion. From what I can tell, the jsp
needs to be called directly as it doesn't display any output using the
getPageContext() function. I would have liked to put this into a cfc so that I
can use it on multiple pages, not just the first time someone comes into the
app, but would definitely settle for that.
Here is the JSP code...
<%
String auth = request.getHeader("Authorization");
if (auth == null)
{
response.setStatus(response.SC_UNAUTHORIZED);
response.setHeader("WWW-Authenticate", "NTLM");
response.flushBuffer();
return;
}
if (auth.startsWith("NTLM "))
{
byte[] msg = new sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
int off = 0, length, offset;
if (msg[8] == 1)
{
byte z = 0;
byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M', (byte)'S',
(byte)'S', (byte)'P', z,(byte)2, z, z, z, z, z, z, z,(byte)40, z, z, z,
(byte)1, (byte)130, z, z,z, (byte)2, (byte)2, (byte)2, z, z, z, z, z, z, z, z,
z, z, z, z};
response.setHeader("WWW-Authenticate", "NTLM " + new
sun.misc.BASE64Encoder().encodeBuffer(msg1));
response.sendError(response.SC_UNAUTHORIZED);
return;
}
else if (msg[8] == 3)
{
off = 30;
length = msg[off+17]*256 + msg[off+16];
offset = msg[off+19]*256 + msg[off+18];
String remoteHost = new String(msg, offset, length);
length = msg[off+1]*256 + msg[off];
offset = msg[off+3]*256 + msg[off+2];
String domain = new String(msg, offset, length);
length = msg[off+9]*256 + msg[off+8];
offset = msg[off+11]*256 + msg[off+10];
String username = new String(msg, offset, length);
out.println("Username:"+username+"<BR>");
out.println("RemoteHost:"+remoteHost+"<BR>");
out.println("Domain:"+domain+"<BR>");
}
}
%>
The end result I am looking for is to get the username into a request scope
variable.
Any ideas on how to do that, or better yet, some enterprising person converting
this to cfm?
Thanx a bunch!
Bill
On a side note, I know there are holes in this approach concerning the security
level setting of ie, or setting of "prompt for user name" dialog, but here,
that is not to big an issue.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Macromedia ColdFusion MX7
Upgrade to MX7 & experience time-saving features, more productivity.
http://www.adobe.com/products/coldfusion?sdid=RVJW
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:284217
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
