Hm. Here is what I'm doing along these lines... Mine is an IIS 4.0 / NT 4.0
setup...
In IIS, for the particular directory that is to be secure, remove anonymous
access and use only NT Challenge/Response.
In NT, at the file level, remove any access for the the IUSR_xxx account. In
its place, grant access to a group that contains the users you want.
At this stage, any visit to the site will be greeted with an NT challenge.
If somebody passes the challenge, to get their NT username, you use
#cgi.http_auth_user#. From there you should be OK. You don't want to mess
with storing passwords in a database. You will, however, need to develop a
policy for dealing with the inevitable username changes.
Alan McCollough
Web Programmer
Allaire Certified ColdFusion Developer
Alaska Native Medical Center
> -----Original Message-----
> From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, November 09, 2000 11:00 AM
> To: Fusebox
> Subject: RE: Passing Windows NT Username & Password from Computer
> Login
>
> If I where you, I would use NT Challenge and response in IIS for an
> intranet
> application to avoid it being sent as plain text. You would have to use IE
> 4x + to do this as Netscape doesn't support the encryption. Understand
> that
> this is separate from your CF app, it's handles through the webserver. So
> if
> you wanted to integrate this information into you web application the only
{redacted}
------------------------------------------------------------------------------
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/fusebox or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
