Re: Using NT user database with CF
On Dec 1, 2005, at 5:26 PM, Matt Robertson wrote: Anyone know of a way that CF can hook into win2k/NT/2k3 user accounts? In other words, someone logs onto Windows when they fire up their desktop and this info is also used to authenticate their CF-based intranet session. What Ian said. Also, see http://www.intrafoundation.com/intrafoundation/products.php? ProductCode=IHTK for some older CFX tools to manage IIS and NT user accounts if that need comes up (with full source). --min -- --mattRobertson-- Janitor, MSB Web Systems mysecretbase.com ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:225936 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Using NT user database with CF
What happened to your Lewis?! -Original Message- From: Lewis Sellers [mailto:[EMAIL PROTECTED] Sent: 02 December 2005 15:27 To: CF-Talk Subject: Re: Using NT user database with CF On Dec 1, 2005, at 5:26 PM, Matt Robertson wrote: Anyone know of a way that CF can hook into win2k/NT/2k3 user accounts? In other words, someone logs onto Windows when they fire up their desktop and this info is also used to authenticate their CF-based intranet session. What Ian said. Also, see http://www.intrafoundation.com/intrafoundation/products.php? ProductCode=IHTK for some older CFX tools to manage IIS and NT user accounts if that need comes up (with full source). --min -- --mattRobertson-- Janitor, MSB Web Systems mysecretbase.com ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:225937 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Using NT user database with CF
I use the same model that Ian does. I then maintain a database within the website that assigns permissions based on the username. The database contains fields for the username, and one field for each directory on the website, with either a simple yes or no value in each field. So, if #username# does not have permissions for a given directory on my website, they are CFLOCATION'd to an access request page where they can request access to the directory in question. On my application.cfm page, I have the following: !--- Remove the domain name from the cgi.auth_user - CFSET VisitorName = #lcase(removeChars(cgi.auth_user, 1, 10))# !--- Determine the current directory - CFSET CurrentDirectory = #removeChars(CF_Template_Path, 1, 19)# CFSET CurrentDirectory = #spanexcluding(currentdirectory, \)# CFIF #CurrentDirectory# NEQ default.cfm !--- The user is not at the home page -- cfquery name=AccessRights datasource=Security dbtype=ODBC SELECT VisitorName FROM tblAccess WHERE VisitorName = '#VisitorName#' AND #CurrentDirectory# = Yes /cfquery CFIF #AccessRights.RecordCount# EQ 0 !--- No username with rights in this dir, send to Access Request Page--- cflocation url=http://#cgi.SERVER_NAME#/security/ARP.cfm; /CFIF /CFIF By placing the code in the application.cfm page, I defeat efforts of users to change the username by using the address line. So, something like this would not allow an end user to impresonate another user: http://website.com?visitorname=jblow; It may not be the fastest or most elegant solution, but it works like a charm for us, and satisfies the security police here at work. ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:225945 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Using NT user database with CF
Thanks guys. This is all very helpful. Sounds simple too. -- --mattRobertson-- Janitor, MSB Web Systems mysecretbase.com ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:225947 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Using NT user database with CF
On Dec 2, 2005, at 10:19 AM, Robertson-Ravo, Neil (RX) wrote: What happened to your Lewis?! Pardon? I'm right here? ... If you mean my name ... it's Lewis, yes, but my nickname has been min since around 1993.. if that's what you mean. Sec. K. An old DOS VGA demo... Notice the screenshots. http://www.intrafoundation.com/intrafoundation/products.php? ProductCode=demob Min is short for minimalist group. Long story... --min er, Lewis. -Original Message- From: Lewis Sellers [mailto:[EMAIL PROTECTED] Sent: 02 December 2005 15:27 To: CF-Talk Subject: Re: Using NT user database with CF On Dec 1, 2005, at 5:26 PM, Matt Robertson wrote: Anyone know of a way that CF can hook into win2k/NT/2k3 user accounts? In other words, someone logs onto Windows when they fire up their desktop and this info is also used to authenticate their CF-based intranet session. What Ian said. Also, see http://www.intrafoundation.com/intrafoundation/products.php? ProductCode=IHTK for some older CFX tools to manage IIS and NT user accounts if that need comes up (with full source). --min -- --mattRobertson-- Janitor, MSB Web Systems mysecretbase.com ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:225980 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Using NT user database with CF
We do that all day, everyday. How far do you want to take it? The short answer is to set directory security in IIS for the website or some portion of it to windows integrated security and disable allow anonymous access. The last part is important. Then access cgi.auth_user in your cf code, it will contain the username of the user who logged in on the client system. This assumes a windows server running IIS web server software, a client running some flavor of relatively modern MS OS software and an MS IE browser or something the understands it, if you don't want a username and password challenge when users access the secured site or section of the site. If you want to know how much father one can take this by accessing java NT and/or LDAP functionality let me know and I can tell you more tomorrow. My day is done here. -- Ian Skinner Web Programmer BloodSource www.BloodSource.org Sacramento, CA C code. C code run. Run code run. Please! - Cynthia Dunning Confidentiality Notice: This message including any attachments is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender and delete any copies of this message. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:225892 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54