Its
not really a thing of what I WANT TO DO, its more what they want me to do
;-)
--------Original Message-----
From: gary menzel [mailto:[EMAIL PROTECTED]
Sent: Monday, 17 March 2003 12:05 PM
To: CFAussie Mailing List
Subject: [cfaussie] Re: Intranet Authentication Via Username
Just noticed he was at Premiers and have emailed him privately.
But - for the masses....
NBTSTAT is the only thing that will be able to do what he wants to do in that environment.
Gary Menzel
IT Operations Brisbane -+- ABN AMRO Morgans Limited
Level 29, 123 Eagle Street BRISBANE QLD 4000
PH: 07 333 44 828 FX: 07 3834 0828
[EMAIL PROTECTED] wrote on 03/17/2003 12:00:20 PM:
> Curse the government :D *Watches a flag goes up in ASIO*
>
> 4.5 and on Netscape server! *gasp* do they know lynx is no longer a standard
> browser yet? just asking as since we are in the darkages and all :D
>
> Gary would prob be the man to help ya on this one, as from memory he was an
> ex-Premiers Dept employee/contractor *watches as he cringes* and would know
> the layout better then anyone but you, thus enabling a more helpful
> solution.
>
> Worse case scenario, you dust off your old fashion session variable security
> management concept, and ask them for login details upon initialization of
> the application..
>
> Poor Taco, 4.5 *shakes head*
>
> Scott
>
>
>
>
> "Taco Fleur" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
>
>
> Sounds pretty good, unfortunately some people still have to work with CF
> 4.5.
>
>
> -----Original Message-----
> From: Scott Barnes [mailto:[EMAIL PROTECTED]
> Sent: Monday, 17 March 2003 10:47 AM
> To: CFAussie Mailing List
> Subject: [cfaussie] Re: Intranet Authentication Via Username
>
>
> Phil, Barry and I are using an Intranet environment where we only care
> if
> someones logged in via NT Authentication method.
>
> As stated earlier, if you do decide to head down the path of using just
> Active Directory as your application security model, then I really
> recommend
> you leverage CFLOGIN for such an excerise.
>
> Reason being, is that its so easy to lock down not only your
> presentation
> layer, but also you can lock down your CFC's without relying on your
> presentation layer.
>
> I say this, as alot of the examples tip you into using Session or
> Application variables to handle your overall security in that (ie
> session.isLoggedIn returns a true/false) value. This would work and in
> truth
> is fairly a simple outlet for a "Is User Logged In" handshake.
>
> But, if you store a session.variable and you publish information for
> remote
> access (ie webservices) then you rely on the fact that a user has come
> through normal webtraffic! But.. What if you make a standalone flash
> executable (just using this as an example) that due to it being
> clientside
> driven has no access to application.cfm, and instead only makes remote
> calls
> to components that are within a shared directory on a server!
>
> In order to combat this, like i said earlier, you simply define a global
> "role" (ie assign a role "IsLoggedIn") and then in your "presentation"
> layer, do a simple function:
>
> <cfscript>
> function isUserLoggedIn() {
> return isUserInRole('IsLoggedIn');
> }
> </cfscript>
>
> You could store this in a central UDF library and just make calls to the
> method, if the answer is true (continue on) if its false (do login
> handshake
> methods).
>
> Then inside your CFC's, for every function that is deemed "members only"
> or
> "sensitive" assign each of these methods with a must have role
> "isLoggedIn"
> eg.
> <cffunction ... Roles="IsLoggedIn,Admin,etc">
>
> This will ensure the user must be logged into the server via CFLOGIN,
> and
> has all the appropriate roles assigned to it, instead of assuming the
> person
> has gone through the standard login routines.
>
> And as stated earlier if you CFLOGOUT their butts, it wipes away their
> roles
> (but still has getAuthUser() returning a domain/useraccount string) thus
> if
> they idle out and hit a CFC it will reject them as quick as i get
> rejected
> when asking a girl out in a nightclub.
>
> Thats all i have to say, back to work and shit.
>
> Scott
>
>
>
>
>
> "Hickman, Matt" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> >
> > Scotty, Taco,
> >
> > Yep you need IIS "anonymous" turned off. In my case we have NT
> > authentication on the directory where our files live, for our
> > 6 known domains who browse the site.
> >
> > If they don't match - **game show wrong answer noise**
> > If they match - **money shot groan**
> >
> > Then I run a "log" query at the top of my "contoller.cfm" page for
> every
> > user who browses the site. Eg:
> >
> > <cfquery name="insertLog" DATASOURCE="#Application.DSN#">
> > INSERT INTO #Application.tablePrefix#TABLELOG (PAGEID, STORYID,
> > DATE, IPADDRESS, USERID )
> > VALUES ('#URL.page_id#', #URL.story_id#, GETDATE(),
> > '#CGI.REMOTE_ADDR#', '#CGI.REMOTE_USER#')
> > </cfquery>
> >
> > Being an INTRANET I'm happy because the directory & NT Authentication
> is
> > doing the dirty work for me so all I care is who's viewing what, when
> etc.
> >
> > Is that what you're after??
> >
> >
> >
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: Scott Barnes [mailto:[EMAIL PROTECTED]
> > Sent: Monday, 17 March 2003 10:34 AM
> > To: CFAussie Mailing List
> > Subject: [cfaussie] Re: Intranet Authentication Via Username
> >
> >
> > In truth, i think this relies on IIS anonymous access turned off in
> order
> to
> > work? I don't have IIS to double check this, but can anyone else shed
> some
> > light onto this theory of mine :D
> >
> > Scott
> >
> >
> >
> > "Taco Fleur" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]
> > >
> > > OK, got to work today, had a go at it with cgi.remote_user but can't
> > > find any docos on the correct permissions needed for it to return
> the
> > > required info.
> > >
> > > Anyone any ides on this?
> > >
> > > TIA
> > > Taco
> > >
> > > > Taco all you need to do is retrieve the CGI.AUTH_USER variable
> > > > (could be
> > =
> > > > CGI.REMOTE_USER I'll have to double check that), and in a domain =
> > > > environment like Active Directory it will always be populated with
> > > > the = user's domain user account.....e.g "domain\taco"
> > >
> > >
> >
> >
> >
> > ---
> > You are currently subscribed to cfaussie as:
> [EMAIL PROTECTED]
> To
> > unsubscribe send a blank email to
> [EMAIL PROTECTED]
> >
> > MX Downunder AsiaPac DevCon - http://mxdu.com/
> >
> >
> >
> **********************************************************************"
> > This correspondence is for the named person's use only. It may
> > contain confidential or legally privileged information or both. "
> > No confidentiality or privilege is waived or lost by any "
> > mistransmission. If you receive this correspondence in error, please
> > immediately delete it from your system and notify the sender. You
> > must not disclose, copy or rely on any part of this correspondence
> > if you are not the intended recipient.
> >
> > Any views expressed in this message are those of the individual
> sender,
> > except where the sender expressly, and with authority, states them to
> > be the views of Vodafone.
> >
> > This email has been checked for viruses.
> > **********************************************************************
> >
> >
> >
>
>
>
> ---
> You are currently subscribed to cfaussie as:
> [EMAIL PROTECTED]
> To unsubscribe send a blank email to
> [EMAIL PROTECTED]
>
> MX Downunder AsiaPac DevCon - http://mxdu.com/
>
> ----------------------------------------------------------------------------
> This email, together with any attachments, is intended for the named
> recipient(s) only and may contain privileged and confidential information.
> If
> received in error, please inform the sender as quickly as possible and
> delete
> this email and any copies from your computer system network.
>
> If not an intended recipient of this email, you must not copy, distribute or
> rely upon it and any form of disclosure, modification, distribution and/or
> publication of this email is prohibited.
>
> Unless stated otherwise, this email represents only the views of the sender
> and
> not the views of the Queensland Government.
> ----------------------------------------------------------------------------
>
>
>
>
>
> ---
> You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
> To unsubscribe send a blank email to [EMAIL PROTECTED]
>
> MX Downunder AsiaPac DevCon - http://mxdu.com/
****************************************************************************
If this communication is not intended for you and you are not an authorised
recipient of this email you are prohibited by law from dealing with or
relying on the email or any file attachments. This prohibition includes
reading, printing, copying, re-transmitting, disseminating, storing or in
any other way dealing or acting in reliance on the information. If you
have received this email in error, we request you contact ABN AMRO Morgans
Limited immediately by returning the email to [EMAIL PROTECTED]
and destroy the original. We will refund any reasonable costs associated
with notifying ABN AMRO Morgans. This email is confidential and may contain
privileged client information. ABN AMRO Morgans has taken reasonable steps
to ensure the accuracy and integrity of all its communications, including
electronic communications, but accepts no liability for materials
transmitted. Materials may also be transmitted without the knowledge of ABN
AMRO Morgans. ABN AMRO Morgans Limited its directors and employees do not
accept liability for the results of any actions taken or not on the basis
of the information in this report. ABN AMRO Morgans Limited and its
associates hold or may hold securities in the companies/trusts mentioned
herein. Any recommendation is made on the basis of our research of the
investment and may not suit the specific requirements of clients.
Assessments of suitability to an individual's portfolio can only be made
after an examination of the particular client's investments, financial
circumstances and requirements.
****************************************************************************
--- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MX Downunder AsiaPac DevCon - http://mxdu.com/
You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]
MX Downunder AsiaPac DevCon - http://mxdu.com/
---------------------------------------------------------------------------- This email, together with any attachments, is intended for the named recipient(s) only and may contain privileged and confidential information. If received in error, please inform the sender as quickly as possible and delete this email and any copies from your computer system network. If not an intended recipient of this email, you must not copy, distribute or rely upon it and any form of disclosure, modification, distribution and/or publication of this email is prohibited. Unless stated otherwise, this email represents only the views of the sender and not the views of the Queensland Government. ---------------------------------------------------------------------------- |
