This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C04AA1.085216F0
Content-Type: text/plain;
charset="iso-8859-1"
If the user is already logged into the network (which is most often the
case), you can use the cgi.auth_user to check the username against a
database table, etc. I understand that you will have to use ASP if you want
to access NT security directly.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 10, 2000 7:00 AM
To: Fusebox
Subject: RE: Passing Windows NT Username & Password from Computer Login
If I where you, I would use NT Challenge and response in IIS for an intranet
application to avoid it being sent as plain text. You would have to use IE
4x + to do this as Netscape doesn't support the encryption. Understand that
this is separate from your CF app, it's handles through the webserver. So if
you wanted to integrate this information into you web application the only
way I know to do it is using ASP. It's only a couple of lines of code so you
might think about using ASP to get the username from the nt security then
uploading into a database or converting it to wddx for access from CF.
Rick
-----Original Message-----
From: Russel Madere [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 09, 2000 12:27 PM
To: Fusebox
Subject: RE: Passing Windows NT Username & Password from Computer Login
To do this, you have to use the basic security in IIS, not the NT Challenge
and Response.
The big short coming of this is that the user name and password are passed
in plain text.
That is a huge no no. Leaves your site wide open to password sniffers.
What I ended up doing at a previous job was user the CF Advanced Security
(in CF Server Enterprise) and a custom form. There was no way to intercept
the NT password except having the user enter it into a form.
Russel
============================================================
Russel Madere, Jr. Senior Web Developer
ICQ: 5446158 http://www.TurboSquid.com
Some days you eat the bear; some days the bear eats you.
============================================================
> -----Original Message-----
> From: Jeff Stone [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, November 09, 2000 13:20
> To: Fusebox
> Subject: Passing Windows NT Username & Password from Computer Login
>
>
> I have a client who wants me to build a security intranet login
> application.
> Instead of having a login screen asking the user to fill in a username and
> password, they want the user's NT username and password to be passed to my
> ColdFusion application automatically. That way, the user will not have to
> login to the online application. I have figured out how to look up the
> Local Users & Groups on a web server and pass that information on once I
> have the NT username and password, but I cannot figure out how to
> automatically pass the username and password from the user's NT login.
>
> I know one possibility is to have the user specify their NT username and
> password in my application the first time they use it. Then, I can store
> this encrypted information in a database and give the user a cookie for
> future easy access, but this is not ideal plan.
>
> Has anyone done this before?
>
>
> Thank you,
>
> Jeff Stone
> [EMAIL PROTECTED]
>
> ------------------------------------------------------------------
> ------------
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fu
> sebox or send a message to [EMAIL PROTECTED] with
> 'unsubscribe' in the body.
>
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
----------------------------------------------------------------------------
--
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------_=_NextPart_001_01C04AA1.085216F0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2650.12">
<TITLE>RE: Passing Windows NT Username & Password from Computer =
Login</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>If the user is already logged into the network (which =
is most often the case), you can use the cgi.auth_user to check the =
username against a database table, etc. I understand that you will have =
to use ASP if you want to access NT security directly.</FONT></P>
<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: [EMAIL PROTECTED] [<A =
HREF=3D"mailto:[EMAIL PROTECTED]">mailto:[EMAIL PROTECTED]</A>]</FON=
T>
<BR><FONT SIZE=3D2>Sent: Friday, November 10, 2000 7:00 AM</FONT>
<BR><FONT SIZE=3D2>To: Fusebox</FONT>
<BR><FONT SIZE=3D2>Subject: RE: Passing Windows NT Username & =
Password from Computer Login</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>If I where you, I would use NT Challenge and response =
in IIS for an intranet</FONT>
<BR><FONT SIZE=3D2>application to avoid it being sent as plain text. =
You would have to use IE</FONT>
<BR><FONT SIZE=3D2>4x + to do this as Netscape doesn't support the =
encryption. Understand that</FONT>
<BR><FONT SIZE=3D2>this is separate from your CF app, it's handles =
through the webserver. So if</FONT>
<BR><FONT SIZE=3D2>you wanted to integrate this information into you =
web application the only</FONT>
<BR><FONT SIZE=3D2>way I know to do it is using ASP. It's only a couple =
of lines of code so you</FONT>
<BR><FONT SIZE=3D2>might think about using ASP to get the username from =
the nt security then</FONT>
<BR><FONT SIZE=3D2>uploading into a database or converting it to wddx =
for access from CF.</FONT>
</P>
<P><FONT SIZE=3D2>Rick</FONT>
</P>
<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: Russel Madere [<A =
HREF=3D"mailto:[EMAIL PROTECTED]">mailto:[EMAIL PROTECTED]</A>]<=
/FONT>
<BR><FONT SIZE=3D2>Sent: Thursday, November 09, 2000 12:27 PM</FONT>
<BR><FONT SIZE=3D2>To: Fusebox</FONT>
<BR><FONT SIZE=3D2>Subject: RE: Passing Windows NT Username & =
Password from Computer Login</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>To do this, you have to use the basic security in =
IIS, not the NT Challenge</FONT>
<BR><FONT SIZE=3D2>and Response.</FONT>
</P>
<P><FONT SIZE=3D2>The big short coming of this is that the user name =
and password are passed</FONT>
<BR><FONT SIZE=3D2>in plain text.</FONT>
</P>
<P><FONT SIZE=3D2>That is a huge no no. Leaves your site wide =
open to password sniffers.</FONT>
</P>
<P><FONT SIZE=3D2>What I ended up doing at a previous job was user the =
CF Advanced Security</FONT>
<BR><FONT SIZE=3D2>(in CF Server Enterprise) and a custom form. =
There was no way to intercept</FONT>
<BR><FONT SIZE=3D2>the NT password except having the user enter it into =
a form.</FONT>
</P>
<P><FONT SIZE=3D2>Russel</FONT>
</P>
<P><FONT =
SIZE=3D2>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</FONT>
<BR><FONT SIZE=3D2> Russel Madere, =
Jr. Senior Web =
Developer</FONT>
<BR><FONT SIZE=3D2> ICQ: =
5446158  =
; <A HREF=3D"http://www.TurboSquid.com" =
TARGET=3D"_blank">http://www.TurboSquid.com</A></FONT>
</P>
<P><FONT SIZE=3D2>Some days you eat the bear; some days the bear eats =
you.</FONT>
<BR><FONT =
SIZE=3D2>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>> -----Original Message-----</FONT>
<BR><FONT SIZE=3D2>> From: Jeff Stone [<A =
HREF=3D"mailto:[EMAIL PROTECTED]">mailto:[EMAIL PROTECTED]</A>]<=
/FONT>
<BR><FONT SIZE=3D2>> Sent: Thursday, November 09, 2000 13:20</FONT>
<BR><FONT SIZE=3D2>> To: Fusebox</FONT>
<BR><FONT SIZE=3D2>> Subject: Passing Windows NT Username & =
Password from Computer Login</FONT>
<BR><FONT SIZE=3D2>></FONT>
<BR><FONT SIZE=3D2>></FONT>
<BR><FONT SIZE=3D2>> I have a client who wants me to build a =
security intranet login</FONT>
<BR><FONT SIZE=3D2>> application.</FONT>
<BR><FONT SIZE=3D2>> Instead of having a login screen asking the =
user to fill in a username and</FONT>
<BR><FONT SIZE=3D2>> password, they want the user's NT username and =
password to be passed to my</FONT>
<BR><FONT SIZE=3D2>> ColdFusion application automatically. =
That way, the user will not have to</FONT>
<BR><FONT SIZE=3D2>> login to the online application. I have =
figured out how to look up the</FONT>
<BR><FONT SIZE=3D2>> Local Users & Groups on a web server and =
pass that information on once I</FONT>
<BR><FONT SIZE=3D2>> have the NT username and password, but I cannot =
figure out how to</FONT>
<BR><FONT SIZE=3D2>> automatically pass the username and password =
from the user's NT login.</FONT>
<BR><FONT SIZE=3D2>></FONT>
<BR><FONT SIZE=3D2>> I know one possibility is to have the user =
specify their NT username and</FONT>
<BR><FONT SIZE=3D2>> password in my application the first time they =
use it. Then, I can store</FONT>
<BR><FONT SIZE=3D2>> this encrypted information in a database and =
give the user a cookie for</FONT>
<BR><FONT SIZE=3D2>> future easy access, but this is not ideal =
plan.</FONT>
<BR><FONT SIZE=3D2>></FONT>
<BR><FONT SIZE=3D2>> Has anyone done this before?</FONT>
<BR><FONT SIZE=3D2>></FONT>
<BR><FONT SIZE=3D2>></FONT>
<BR><FONT SIZE=3D2>> Thank you,</FONT>
<BR><FONT SIZE=3D2>></FONT>
<BR><FONT SIZE=3D2>> Jeff Stone</FONT>
<BR><FONT SIZE=3D2>> [EMAIL PROTECTED]</FONT>
<BR><FONT SIZE=3D2>></FONT>
<BR><FONT SIZE=3D2>> =
------------------------------------------------------------------</FONT=
>
<BR><FONT SIZE=3D2>> ------------</FONT>
<BR><FONT SIZE=3D2>> To Unsubscribe visit</FONT>
<BR><FONT SIZE=3D2>> <A =
HREF=3D"http://www.houseoffusion.com/index.cfm?sidebar=3Dlists&body=3Dli=
sts/fu" =
TARGET=3D"_blank">http://www.houseoffusion.com/index.cfm?sidebar=3Dlists=
&body=3Dlists/fu</A></FONT>
<BR><FONT SIZE=3D2>> sebox or send a message to =
[EMAIL PROTECTED] with</FONT>
<BR><FONT SIZE=3D2>> 'unsubscribe' in the body.</FONT>
<BR><FONT SIZE=3D2>></FONT>
</P>
<P><FONT =
SIZE=3D2>---------------------------------------------------------------=
-------------</FONT>
<BR><FONT SIZE=3D2>--</FONT>
<BR><FONT SIZE=3D2>To Unsubscribe visit</FONT>
<BR><FONT SIZE=3D2><A =
HREF=3D"http://www.houseoffusion.com/index.cfm?sidebar=3Dlists&body=3Dli=
sts/fusebox" =
TARGET=3D"_blank">http://www.houseoffusion.com/index.cfm?sidebar=3Dlists=
&body=3Dlists/fusebox</A> or</FONT>
<BR><FONT SIZE=3D2>send a message to [EMAIL PROTECTED] =
with 'unsubscribe' in</FONT>
<BR><FONT SIZE=3D2>the body.</FONT>
</P>
<P><FONT =
SIZE=3D2>---------------------------------------------------------------=
---------------</FONT>
<BR><FONT SIZE=3D2>To Unsubscribe visit <A =
HREF=3D"http://www.houseoffusion.com/index.cfm?sidebar=3Dlists&body=3Dli=
sts/fusebox" =
TARGET=3D"_blank">http://www.houseoffusion.com/index.cfm?sidebar=3Dlists=
&body=3Dlists/fusebox</A> or send a message to =
[EMAIL PROTECTED] with 'unsubscribe' in the =
body.</FONT></P>
</BODY>
</HTML>
------_=_NextPart_001_01C04AA1.085216F0--
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
