I am doing some research on how to authenticate webservices and cfhttp- like functionality WITHOUT storing userid/password in a database or in text in code or properties files. Yeah, I know, keep dreaming. I think the only way to do this is via Java and was hoping there was stuff already out there that would help me get to the goal.
One option is to pass through the logged on user's credentials using data from the cgi scope, and at one time (proir to CFMX 6) you could actually get the NTLM token from the cgi scope. I don't see it anymore, but it may be that it is because the auth method is negotiate instead of NTLM. Any ideas? I can pass through a userid and password if the authentication is basic, (using cgi.auth_password), but not any other way. I'd like to be able to do this eventually using certificates... either certs given to the application via the server, or by capturing the user's cert info. I got a feeing this is waaaay out there for CF, but I know this is being done somewhere. So, if you have done something like this, or have happened across references to doing this, can you post some URLs? Thanks, M --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Houston ColdFusion Users' Group" discussion list. To unsubscribe, send email to [EMAIL PROTECTED] For more options, visit http://groups.google.com/group/houcfug?hl=en -~----------~----~----~----~------~----~------~--~---
