Friday, January 27, 2006

Coldfusion and Windows Integrated Security

The project I'm currently working on resides in two locations. One inside our corporate firewall for users to setup a survey and a second outside our firewall for users to actually take the survey. For the internal piece we wanted to be able to identify the user based on their Windows login information so they did not have to log-in a second time.

It took a little searching but once I found what I was looking for it was actually quite simple to implement. First off you need to disable anonymous access to the directory containing you web site in IIS and then enable Windows Integrated Security. Once that is in place you you can use the CGI environment variable AUTH_USER to grab the username of the user currently logged into the machine in the domain\username format.

4 comments:

Anonymous said...

I'm currently looking at a similar problem. Only, we need to be able to allow anonymous access too.

It's for a commonspot site and if the connection comes from a chosen IP then we want to get the Windows Username so that we can automatically log them into the site. But if not then we need them to still be able to see the site!

Is it possible to get the username without using IIS with Windows Integrated Security? I've been googling for an hour and not yet found anything, so figured it time to start asking people :o)

tt said...

You could have people from the designated IP address login but I'm assuming you want something more seemless so that probably isn't an option. You could always ask them to login once, store that info in a cookie and it becomes seemless after that.

Other than that I'm not aware of any way to grab the user id without using Windows Integrated Security.

Anonymous said...

The hope is for something seemless but it's looking to be impossible!

In IE with ActiveX I can grab the Username and then post it back to a Coldfusion page. Obviously this is browser limited, and pops up the nasty ActiveX prompt.

I could get the username if I made every user who wants to auto-login download a batch file to run which would grab username and then load webpage.

Neither solution is very neat, nor browser/platform independant. Either I'll figure it out soon or declate it impossible ;o)

Anonymous said...

Just tried it and it works as advertised. I had an active x control which is now being hammered by microsoft security hacks. Thanx for the post.