Flex will need to call a server side script that returns it to you. I haven't done this in CF in a long time, but I know it's possible to get. I'd start by looking at these CF tags cfNTauthenticate http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=Tags_m -o_07.html GetAuthUser http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=functi ons_e-g_28.html#4046631 Good luck. EF
________________________________ From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Owen West Sent: Tuesday, June 24, 2008 4:58 PM To: flexcoders@yahoogroups.com Subject: [flexcoders] Flex Web Sites Using Windows Authentication Hi all, Hoping somebody can provide some assistance... In our organisation we are starting to deploy web-based applications built using Flex to our corporate intranet. We are a Microsoft shop and use Windows Server 2003 and IIS for all web site hosting. Currently our applications use Forms authentication (user enters login/password, which is checked against database and verified). What we would like to do is to have all of our web sites use pass-through authentication using Windows Domain Authentication. We have the web sites configured to use Integrated Windows Authentication, however we are not sure how we can use this level of authentication from within our Flex apps. What we would like to have happen is something along the lines of: 1. User browses to web site (intranet application): http://someapp.ourdomain <http://someapp.ourdomain> 2. The wen site authenticates the user (in IIS) using their logged in Windows user credentials - domain groups will be used to control authorisation levels (read-only, sysadmin, etc). 3. If the user is authenticated to use the web site, then their group membership is returned to the Flex application (or it looks up the details in Active Directory or equivalent functionality). Ultimately what we would want is: * User Name (Domain\User) * Domain Group Membership(s) - Domain group memberships will control access to resources in the Flex application - only members of the application's SysAdmin group will see system admin functions, etc * Any other relevant details from Windows Active Directory - possibly home folder location (shared folders), etc. All this should occur seamlessly without the user having to type user names/passwords. Our ultimate goal is to have single sign-on across the organisation. We currently have points 1 and 2 operating, however it is the Flex part that is causing some troubles. Mainly - can we retrieve the Logged In user name from the client (Domain\User) - we only want the name, not the password. We use ColdFusion (v8) as our middleware, so once we have this we can call CFLDAP tags to integrate with Active Directory, the main problem at the moment is getting the client's logged on user name. Hoping somebody can help. Owen West M.SysDev (C.Sturt) MCP MCAD MCSD Computer Programmer Applications Development Team Information Technology & Telecommunications Hunter New England Health Ph: (02) 4921 4194 Fax: (02) 4921 4191 Email: [EMAIL PROTECTED]