RE: Active Directory - Getting a users Accountname
Hi Mike I have dumped the cgi scope but in the results returned it displays AUTH_USER [empty string] Any ideas why this is happening, I thought this should display my network/login ID? as it is windows domain authentication via a thin client device Ian -Original Message- From: Dawson, Michael [mailto:m...@evansville.edu] Sent: 12 January 2009 17:39 To: cf-talk Subject: RE: Active Directory - Getting a users Accountname Regardless of the device (PC, thin client, phone), if you are using Windows Basic Authentication, it probably brings back a username/password in the CGI scope. Dump the entire CGI scope and see if you can find the username/password values. Are you using a different type of authentication such as NT Challenge/Response or Digest? Mike -Original Message- From: Ian Vaughan [mailto:i.vaug...@neath-porttalbot.gov.uk] Sent: Monday, January 12, 2009 11:09 AM To: cf-talk Subject: RE: Active Directory - Getting a users Accountname Hi Mike It is using Windows authentication security but on a thin client device not an actual PC Then following just brings back a blank page? pcfoutput#cgi.auth_user#/cfoutput/p Ian -Original Message- From: Dawson, Michael [mailto:m...@evansville.edu] Sent: 12 January 2009 16:20 To: cf-talk Subject: RE: Active Directory - Getting a users Accountname If you are using Windows authentication security, it will be available as cgi.auth_user. It may be different, depending on your web server. CFDUMP the cgi scope to be sure. Mike -Original Message- From: Ian Vaughan [mailto:i.vaug...@neath-porttalbot.gov.uk] Sent: Monday, January 12, 2009 9:34 AM To: cf-talk Subject: Active Directory - Getting a users Accountname Hi How do you query a logged in domain users networkID/accountname via Coldfusion. I would like CF to pick up automatically a users domain networkID and then set this as a variable to query against another database, although at the moment I am using a CFDUMP just to see the result. This is what I have at the moment, and I am getting the error below Variable SAMACCOUNTNAME is undefined. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317834 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Active Directory - Getting a users Accountname
Sounds like the authentication on the website may still allow Anonymous Authentication then. In IE at least, the auth_user only gets set when the user is prompted to login to access the site, and that only happens when the site disallows open access. Are you getting a popup prompt for username and password when you first try to access the site pages? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317836 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Active Directory - Getting a users Accountname
No user prompt appears, and I don't want it to. I want it to pick up the users windows login id automatically from when they logged into the windows domain. Can this be done, so for example it would dump a auth_user variable of user544 -Original Message- From: Jason Fisher [mailto:ja...@wanax.com] Sent: 13 January 2009 12:11 To: cf-talk Subject: Re: Active Directory - Getting a users Accountname Sounds like the authentication on the website may still allow Anonymous Authentication then. In IE at least, the auth_user only gets set when the user is prompted to login to access the site, and that only happens when the site disallows open access. Are you getting a popup prompt for username and password when you first try to access the site pages? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317861 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Active Directory - Getting a users Accountname
In IIS, Web Site Properties Directory Security Authentication and access controls. Uncheck Enable anonymous access Check Integrated Windows authentication mike -Original Message- From: Ian Vaughan [mailto:i.vaug...@neath-porttalbot.gov.uk] Sent: Tuesday, January 13, 2009 10:05 AM To: cf-talk Subject: RE: Active Directory - Getting a users Accountname No user prompt appears, and I don't want it to. I want it to pick up the users windows login id automatically from when they logged into the windows domain. Can this be done, so for example it would dump a auth_user variable of user544 -Original Message- From: Jason Fisher [mailto:ja...@wanax.com] Sent: 13 January 2009 12:11 To: cf-talk Subject: Re: Active Directory - Getting a users Accountname Sounds like the authentication on the website may still allow Anonymous Authentication then. In IE at least, the auth_user only gets set when the user is prompted to login to access the site, and that only happens when the site disallows open access. Are you getting a popup prompt for username and password when you first try to access the site pages? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317862 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Active Directory - Getting a users Accountname
Aha, that you cannot do then. The browser is sandboxed away from the operating system, so you would not have access to the workstation credentials without something in between, like an ActiveX component or something. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317880 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Active Directory - Getting a users Accountname
Aha, that you cannot do then. The browser is sandboxed away from the operating system, so you would not have access to the workstation credentials without something in between, like an ActiveX component or something. That's not correct. The browser can pass your Windows login credentials to the server. IE does this automatically, by default, and Firefox can be configured to do this also. The browser doesn't actually pass your Windows password across the wire, though, just the hash that the OS gives it. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317890 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Active Directory - Getting a users Accountname
Dave, If the site is set to allow anonymous access, the browser only ever sees auth_user = , isn't that true? Is there some other parameter where the browser can 'see' the users's Windows login info? Aha, that you cannot do then. The browser is sandboxed away from the operating system, so you would not have access to the workstation credentials without something in between, like an ActiveX component or something. That's not correct. The browser can pass your Windows login credentials to the server. IE does this automatically, by default, and Firefox can be configured to do this also. The browser doesn't actually pass your Windows password across the wire, though, just the hash that the OS gives it. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317901 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Active Directory - Getting a users Accountname
If the site is set to allow anonymous access, the browser only ever sees auth_user = , isn't that true? Is there some other parameter where the browser can 'see' the users's Windows login info? Well, if the site is set to allow anonymous access, I don't think the server will see anything. I'm not sure what the browser sees, but it is running within that user's security context and, like any other piece of software, has complete access to everything that user could see within the OS. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317905 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Active Directory - Getting a users Accountname
SAMACCOUNTNAME is not a variable you can dump in this example. Try cfdump var=#adresult# / and you will see what you are getting back from the server. Adresult should be similar to a query object, with samaccountname as a column. Steve From: Ian Vaughan [i.vaug...@neath-porttalbot.gov.uk] Sent: Monday, January 12, 2009 10:34 AM To: cf-talk Subject: Active Directory - Getting a users Accountname Hi How do you query a logged in domain users networkID/accountname via Coldfusion. I would like CF to pick up automatically a users domain networkID and then set this as a variable to query against another database, although at the moment I am using a CFDUMP just to see the result. This is what I have at the moment, and I am getting the error below Variable SAMACCOUNTNAME is undefined. Any ideas? CODE SNIPPET--- cfset StartOU=dc=domain, dc=co,dc=uk cfldap action=query name=adresult attributes = sAMAccountName,dn, cn,sn,givenName,password, mail,ou start=#StartOU# scope=subtree filter=samaccountName=#samaccountName# server=server port=389 username=username password=password /head body cfdump var=#sAMAccountName# --- Regards, Ian ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317768 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Active Directory - Getting a users Accountname
If you are using Windows authentication security, it will be available as cgi.auth_user. It may be different, depending on your web server. CFDUMP the cgi scope to be sure. Mike -Original Message- From: Ian Vaughan [mailto:i.vaug...@neath-porttalbot.gov.uk] Sent: Monday, January 12, 2009 9:34 AM To: cf-talk Subject: Active Directory - Getting a users Accountname Hi How do you query a logged in domain users networkID/accountname via Coldfusion. I would like CF to pick up automatically a users domain networkID and then set this as a variable to query against another database, although at the moment I am using a CFDUMP just to see the result. This is what I have at the moment, and I am getting the error below Variable SAMACCOUNTNAME is undefined. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317769 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Active Directory - Getting a users Accountname
Also, watch out for possible legal values that users pass in. They can enter: username domain\username domain/username usern...@domain.com You will need to strip off anything that is not the username before you use it in your CFLDAP filter, if you are filtering on sAMAccountName. If they type usern...@domain.com, you can filter on userPrincipalName. However, I usually just strip everything except the username. Mike -Original Message- From: Ian Vaughan [mailto:i.vaug...@neath-porttalbot.gov.uk] Sent: Monday, January 12, 2009 9:34 AM To: cf-talk Subject: Active Directory - Getting a users Accountname Hi How do you query a logged in domain users networkID/accountname via Coldfusion. I would like CF to pick up automatically a users domain networkID and then set this as a variable to query against another database, although at the moment I am using a CFDUMP just to see the result. This is what I have at the moment, and I am getting the error below Variable SAMACCOUNTNAME is undefined. Any ideas? CODE SNIPPET--- cfset StartOU=dc=domain, dc=co,dc=uk cfldap action=query name=adresult attributes = sAMAccountName,dn, cn,sn,givenName,password, mail,ou start=#StartOU# scope=subtree filter=samaccountName=#samaccountName# server=server port=389 username=username password=password /head body cfdump var=#sAMAccountName# --- Regards, Ian ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317770 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Active Directory - Getting a users Accountname
Hi Mike It is using Windows authentication security but on a thin client device not an actual PC Then following just brings back a blank page? pcfoutput#cgi.auth_user#/cfoutput/p Ian -Original Message- From: Dawson, Michael [mailto:m...@evansville.edu] Sent: 12 January 2009 16:20 To: cf-talk Subject: RE: Active Directory - Getting a users Accountname If you are using Windows authentication security, it will be available as cgi.auth_user. It may be different, depending on your web server. CFDUMP the cgi scope to be sure. Mike -Original Message- From: Ian Vaughan [mailto:i.vaug...@neath-porttalbot.gov.uk] Sent: Monday, January 12, 2009 9:34 AM To: cf-talk Subject: Active Directory - Getting a users Accountname Hi How do you query a logged in domain users networkID/accountname via Coldfusion. I would like CF to pick up automatically a users domain networkID and then set this as a variable to query against another database, although at the moment I am using a CFDUMP just to see the result. This is what I have at the moment, and I am getting the error below Variable SAMACCOUNTNAME is undefined. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317772 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Active Directory - Getting a users Accountname
Regardless of the device (PC, thin client, phone), if you are using Windows Basic Authentication, it probably brings back a username/password in the CGI scope. Dump the entire CGI scope and see if you can find the username/password values. Are you using a different type of authentication such as NT Challenge/Response or Digest? Mike -Original Message- From: Ian Vaughan [mailto:i.vaug...@neath-porttalbot.gov.uk] Sent: Monday, January 12, 2009 11:09 AM To: cf-talk Subject: RE: Active Directory - Getting a users Accountname Hi Mike It is using Windows authentication security but on a thin client device not an actual PC Then following just brings back a blank page? pcfoutput#cgi.auth_user#/cfoutput/p Ian -Original Message- From: Dawson, Michael [mailto:m...@evansville.edu] Sent: 12 January 2009 16:20 To: cf-talk Subject: RE: Active Directory - Getting a users Accountname If you are using Windows authentication security, it will be available as cgi.auth_user. It may be different, depending on your web server. CFDUMP the cgi scope to be sure. Mike -Original Message- From: Ian Vaughan [mailto:i.vaug...@neath-porttalbot.gov.uk] Sent: Monday, January 12, 2009 9:34 AM To: cf-talk Subject: Active Directory - Getting a users Accountname Hi How do you query a logged in domain users networkID/accountname via Coldfusion. I would like CF to pick up automatically a users domain networkID and then set this as a variable to query against another database, although at the moment I am using a CFDUMP just to see the result. This is what I have at the moment, and I am getting the error below Variable SAMACCOUNTNAME is undefined. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317779 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4