Paul, We do exactly this using IIS and an ISAPI filter. The ISAPI filter monitors all incoming requests on IIS, decides whether to log them in "behind the scenes", or throw up a basic authentication login box, or reject them outright.
This enables us to have security over not just the CF pages, but the html, gif and all other file types sitting in the webroot. It's a very nice solution in my opinion. When it comes to building the ISAPI filter, it's not too difficult, once you've read some documentation. I'm afraid I don't have any to hand right now, but I'm sure you'll easily find some. Hope that helps, Douglas -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 03 October 2003 14:43 To: [EMAIL PROTECTED] Subject: RE: [ cf-dev ] IIS question er. yes thats the idea. User comes to page. If they are in acceptable ip range they get page if not they must login Thats what I want. Ideally done in IIS (but I don't think this can be done) or CFMX if all else fails I am not IIS techy enough to get this going. I am reading the CFMX manual on this one to see what I can do. Ideally I want to achieve this scenario. Users in schools on our own network will not need to login (acceptable IP Address) Users on the web will need to login (unacceptable IP Adress) Users on the web that use our portal (BGFL+) won't need to login as they already have to gain access to porta and we know who they are. This info then passed to login security for whatever application needs it. The advantage here is that once the user is authenticated to BGFL+ we can use one IIS account to send the username password info. Otherwise its create thousands (I mean thousands) of accounts .... :( Regards - Paul ************************************************************************ ************************* The information contained within this e-mail (and any attachment) sent by Birmingham City Council is confidential and may be legally privileged. It is intended only for the named recipient or entity to whom it is addressed. If you are not the intended recipient please accept our apologies and notify the sender immediately, or telephone +(44) 121 303 6666. Unauthorised access, use, disclosure, storage or copying is not permitted and may be unlawful. Any e-mail including its content may be monitored and used by Birmingham City Council for reasons of security and for monitoring internal compliance with the office policy on staff use. E-mail blocking software may also be used. Any views or opinions presented are solely those of the originator and do not necessarily represent those of Birmingham City Council. We cannot guarantee that this message or any attachment is virus free or has not been intercepted and amended. ************************************************************************ ************************* -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED] -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
