>From what I read, I think that is exactly your problem. Although you are
using the same UserDirectory, the Policy can define a different set of users
for each Context. As I understand it, you need to identify which users have
access under each Policy. Therefore, users might be identified in one
context but not the other. Therefore, when they try to log on, it checks
the policy to see which users are defined. Meaning (if I understand it)
that just because they are identified in the UserDirectory, that does not
mean they will be authenticated. The Rule then determines who (of those who
are authenticated) is authorized to perform a task.
I may be way off base here but that is my understanding.
Dave Cahall
Vice President, Professional Services
Digitaris Technologies, Inc.
Office: 972.690.4131 ext 116
Mobil: 214.914.9947
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 21, 2001 11:57 AM
To: [EMAIL PROTECTED]
Subject: RE: Advanced Security quandry...
Not a dumb question at all! =-) The only differences between the contexts
have to do with Rules and Policies. In the development environment, the
rules and policies that govern access can be monkeyed with, while in
production they're pretty set.
I wouldn't think that the Rules or Policies differences are the problem,
since the thing fails at authentication. Does <cfauthenticate> look at
anything except the User Directories associated with the referenced context,
username and password? And why the heck would it fail with one context and
not with the other when the User Directories associated with each are the
same?
On Tue, 21 August 2001, Dave Cahall wrote:
>
> This may be a dumb question but what is different in the two contexts?
>
> Dave Cahall
> Vice President, Professional Services
> Digitaris Technologies, Inc.
> Office: 972.690.4131 ext 116
> Mobil: 214.914.9947
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, August 21, 2001 6:15 AM
> To: [EMAIL PROTECTED]
> Subject: Advanced Security quandry...
>
>
> Y'all are gonna love this one! ;-)
>
> I've got a client with two applications running on the same CF Server
(4.5).
> Let's call the applications DEV and PROD. The user is taking advantage of
> CF Advanced Security to handle user authentication against an NT domain
when
> the users log into either application. There are separate security
contexts
> for each application (CONTEXT_DEV and CONTEXT_PROD). Both contexts use
the
> same User Directories to authenticate users against.
>
> So here's the dilema. The authentication is working fine for the DEV
> application. The user logs in using NTLoginID and NTPassword,
> authenticating against the CONTEXT_DEV context. However, when I use the
> same code set for the PROD application, the <cfauthenticate> fails every
> time. The only difference in the code set is the application name and the
> security context name. Unfortunately, I can't get any useful information
> from the failure. Has anyone else encountered a problem like this? Does
> anyone know of a good way to debug this kind of issue?
>
> Perplexed,
>
> IronFury
>
>
>
> -------------------------------------------------------------------------
> This email server is running an evaluation copy of the MailShield anti-
> spam software. Please contact your email administrator if you have any
> questions about this message. MailShield product info: www.mailshield.com
>
> -----------------------------------------------
> To post, send email to [EMAIL PROTECTED]
> To subscribe / unsubscribe: http://www.dfwcfug.org
>
> -------------------------------------------------------------------------
> This email server is running an evaluation copy of the MailShield anti-
> spam software. Please contact your email administrator if you have any
> questions about this message. MailShield product info: www.mailshield.com
>
> -----------------------------------------------
> To post, send email to [EMAIL PROTECTED]
> To subscribe / unsubscribe: http://www.dfwcfug.org
-------------------------------------------------------------------------
This email server is running an evaluation copy of the MailShield anti-
spam software. Please contact your email administrator if you have any
questions about this message. MailShield product info: www.mailshield.com
-----------------------------------------------
To post, send email to [EMAIL PROTECTED]
To subscribe / unsubscribe: http://www.dfwcfug.org
-------------------------------------------------------------------------
This email server is running an evaluation copy of the MailShield anti-
spam software. Please contact your email administrator if you have any
questions about this message. MailShield product info: www.mailshield.com
-----------------------------------------------
To post, send email to [EMAIL PROTECTED]
To subscribe / unsubscribe: http://www.dfwcfug.org
