Sounds pretty good, unfortunately some people still have to work with CF 4.5.
-----Original Message----- From: Scott Barnes [mailto:[EMAIL PROTECTED] Sent: Monday, 17 March 2003 10:47 AM To: CFAussie Mailing List Subject: [cfaussie] Re: Intranet Authentication Via Username Phil, Barry and I are using an Intranet environment where we only care if someones logged in via NT Authentication method. As stated earlier, if you do decide to head down the path of using just Active Directory as your application security model, then I really recommend you leverage CFLOGIN for such an excerise. Reason being, is that its so easy to lock down not only your presentation layer, but also you can lock down your CFC's without relying on your presentation layer. I say this, as alot of the examples tip you into using Session or Application variables to handle your overall security in that (ie session.isLoggedIn returns a true/false) value. This would work and in truth is fairly a simple outlet for a "Is User Logged In" handshake. But, if you store a session.variable and you publish information for remote access (ie webservices) then you rely on the fact that a user has come through normal webtraffic! But.. What if you make a standalone flash executable (just using this as an example) that due to it being clientside driven has no access to application.cfm, and instead only makes remote calls to components that are within a shared directory on a server! In order to combat this, like i said earlier, you simply define a global "role" (ie assign a role "IsLoggedIn") and then in your "presentation" layer, do a simple function: <cfscript> function isUserLoggedIn() { return isUserInRole('IsLoggedIn'); } </cfscript> You could store this in a central UDF library and just make calls to the method, if the answer is true (continue on) if its false (do login handshake methods). Then inside your CFC's, for every function that is deemed "members only" or "sensitive" assign each of these methods with a must have role "isLoggedIn" eg. <cffunction ... Roles="IsLoggedIn,Admin,etc"> This will ensure the user must be logged into the server via CFLOGIN, and has all the appropriate roles assigned to it, instead of assuming the person has gone through the standard login routines. And as stated earlier if you CFLOGOUT their butts, it wipes away their roles (but still has getAuthUser() returning a domain/useraccount string) thus if they idle out and hit a CFC it will reject them as quick as i get rejected when asking a girl out in a nightclub. Thats all i have to say, back to work and shit. Scott "Hickman, Matt" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > Scotty, Taco, > > Yep you need IIS "anonymous" turned off. In my case we have NT > authentication on the directory where our files live, for our > 6 known domains who browse the site. > > If they don't match - **game show wrong answer noise** > If they match - **money shot groan** > > Then I run a "log" query at the top of my "contoller.cfm" page for every > user who browses the site. Eg: > > <cfquery name="insertLog" DATASOURCE="#Application.DSN#"> > INSERT INTO #Application.tablePrefix#TABLELOG (PAGEID, STORYID, > DATE, IPADDRESS, USERID ) > VALUES ('#URL.page_id#', #URL.story_id#, GETDATE(), > '#CGI.REMOTE_ADDR#', '#CGI.REMOTE_USER#') > </cfquery> > > Being an INTRANET I'm happy because the directory & NT Authentication is > doing the dirty work for me so all I care is who's viewing what, when etc. > > Is that what you're after?? > > > > > > > > > -----Original Message----- > From: Scott Barnes [mailto:[EMAIL PROTECTED] > Sent: Monday, 17 March 2003 10:34 AM > To: CFAussie Mailing List > Subject: [cfaussie] Re: Intranet Authentication Via Username > > > In truth, i think this relies on IIS anonymous access turned off in order to > work? I don't have IIS to double check this, but can anyone else shed some > light onto this theory of mine :D > > Scott > > > > "Taco Fleur" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > > > OK, got to work today, had a go at it with cgi.remote_user but can't > > find any docos on the correct permissions needed for it to return the > > required info. > > > > Anyone any ides on this? > > > > TIA > > Taco > > > > > Taco all you need to do is retrieve the CGI.AUTH_USER variable > > > (could be > = > > > CGI.REMOTE_USER I'll have to double check that), and in a domain = > > > environment like Active Directory it will always be populated with > > > the = user's domain user account.....e.g "domain\taco" > > > > > > > > --- > You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To > unsubscribe send a blank email to [EMAIL PROTECTED] > > MX Downunder AsiaPac DevCon - http://mxdu.com/ > > > **********************************************************************" > This correspondence is for the named person's use only. It may > contain confidential or legally privileged information or both. " > No confidentiality or privilege is waived or lost by any " > mistransmission. If you receive this correspondence in error, please > immediately delete it from your system and notify the sender. You > must not disclose, copy or rely on any part of this correspondence > if you are not the intended recipient. > > Any views expressed in this message are those of the individual sender, > except where the sender expressly, and with authority, states them to > be the views of Vodafone. > > This email has been checked for viruses. > ********************************************************************** > > > --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MX Downunder AsiaPac DevCon - http://mxdu.com/ ---------------------------------------------------------------------------- This email, together with any attachments, is intended for the named recipient(s) only and may contain privileged and confidential information. If received in error, please inform the sender as quickly as possible and delete this email and any copies from your computer system network. If not an intended recipient of this email, you must not copy, distribute or rely upon it and any form of disclosure, modification, distribution and/or publication of this email is prohibited. Unless stated otherwise, this email represents only the views of the sender and not the views of the Queensland Government. ---------------------------------------------------------------------------- --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MX Downunder AsiaPac DevCon - http://mxdu.com/
