Hello, I have an app that needs to be accessible to (and only accessible to) users from two different NT domains. Of course, with users in a single NT domain you can just use challenge/response authentication on the directory in question. But this application calls for authenticating users from two entirely separate domains. I see a lot of possible solutions to this, but am having a hard time sorting them out.
The goal is to allow the users to still use their NT domain username/passwords to log in. Here is my favorite idea, but I'm not sure it'll work: Have users them log in on their own respective server so challenge/response authentication for each separate domain can be used. They would login to a page like "www.domainXXXX.com/authenticate/login.cfm". If successfully authenticated, login.cfm would redirect the user to a page in the actual application's domain/directory like "www.ApplicationDomain.com/app/firstTime.cfm". firstTime.cfm would set up some session variables to ensure the security for the remainder of the user's session. The problem is that firstTime.cfm has to somehow recognise whether the user was logged in and properly redirected from domainXXXX.com/authenticate/login.cfm. I'm not sure what would be passed from login.cfm to firstTime.cfm, or how it would be securely passed. I'm thinking of things like checking #CGI.HTTP_REFERRER# for a list of valid URLs (remember there are multiple servers people are logging in from), or passing some sort of encrypted url variable when redirecting to firstTime.cfm. How can firstTime.cfm tell that the user was actually authenticated and redirected from login.cfm? Also, knowledge of the specific username is not necessary. Just the fact that they're logged in or not is sufficient. Can anyone make sense of this issue? Or say that it can't work? Thanks Mike Mertsock Alfred University Web Team ________________________________________________________ Outgrown your current e-mail service? Get a 25MB Inbox, POP3 Access, No Ads and No Taglines with LYCOS MAIL PLUS. http://login.mail.lycos.com/brandPage.shtml?pageId=plus FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
