• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

SQL Server 2005 Windows Authentication

Explorer ,
May 07, 2008 May 07, 2008

Copy link to clipboard

Copied

Hi all,

I have a situation whereby I want to authenticate an application user to the SQL Server 2005 database through my ColdFusion 8.0.1 application. I have the following config:

SQL server Authentication Mode: Mixed
ColdFusion Service Account: DOMAIN\ColdFusion
DOMAIN\ColdFusion windows account has access to SQL Server and the database ("public" database role - low privs)
DSN configured in CF using no user name/pwd - uses Windows Authentication - works fine, connection is OK
IIS 6 (Windows 2003 R2) configured to use Integrated Security

What I want to do is to have the CF application and IIS essentially "pass through" the remote user's domain login (eg. DOMAIN\JBloggs) and have the application run all SQL queries using this user's credentials, not the credentials of the CF domain account. I want to authenticate based on the remote domain user, not the user running the ColdFusion server. Is this possible? I can see the remote user's domain user id in the CGI.REMOTE_AUTH (or REMOTE_USER or whatever it is) CGI variable, but how can I get IIS and CF to pass this value throgh to SQL Server 2005 for use qith queries?

Any assistance much appreciated.
TOPICS
Database access

Views

1.8K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Explorer , May 12, 2008 May 12, 2008
Ken,

That is what I thought. I have also looked through various blogs, forums, web sites and so on devoted to Flex/ColdFusion and I suspect that the best option will be to use the Flex setRemoteCredentials() function and the ColdFusion cflogin/cfloginuser functionality in some manner. I will work on this (unless you have any better options).

Thanks for the info.

Votes

Translate

Translate
Contributor ,
May 08, 2008 May 08, 2008

Copy link to clipboard

Copied

you can't do it I'm afraid - CF only supports SQL authentication, not windows based authenticatio. Unless you plan on using BlueDragon.Net.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
May 08, 2008 May 08, 2008

Copy link to clipboard

Copied

johnab wrote:
> you can't do it I'm afraid - CF only supports SQL authentication, not windows based authenticatio. Unless you plan on using BlueDragon.Net.

the jTDS sql server driver handles windows authentication & it's pretty fast to
boot. so will cf but not in this scenario (ie run the cf server service under a
windows account w/sql server access instead of "system").

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Enthusiast ,
May 09, 2008 May 09, 2008

Copy link to clipboard

Copied

Not exactly correct. You can use windows authentication with the DataDirect jdbc drivers supplied or with Microsoft's 2005 driver. However, the authenticated user will be that of the CF appserver login. You cannot pass any other user credentials.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
May 12, 2008 May 12, 2008

Copy link to clipboard

Copied

Ken,

That is what I thought. I have also looked through various blogs, forums, web sites and so on devoted to Flex/ColdFusion and I suspect that the best option will be to use the Flex setRemoteCredentials() function and the ColdFusion cflogin/cfloginuser functionality in some manner. I will work on this (unless you have any better options).

Thanks for the info.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 13, 2008 May 13, 2008

Copy link to clipboard

Copied

LATEST
How timely. I need to do this as well. Certainly, if there is some way to pass the remote user's credentials, it'd be fantastic.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation