• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

cgi.auth_user not staying set

Explorer ,
Jul 02, 2012 Jul 02, 2012

Copy link to clipboard

Copied

I had CF8 running on iis7 and this used to work fine.  When a user logged into IIS7 with windows authentication, the cgi.auth_user variable would stay set the entire time they were in the particular folder that required authentication.

I just upgraded to CF10 and iis7.5 and now, when a user logs into a folder that requires windows authentication, the cgi.auth_user variable is set for just the page which required authentication, when they travel to the next page(s) via links, the cgi.auth_user variable is changed to NULL.

The entire folder is set to require windows authentication, but no cgi.auth_user value is set...

Can anybody help?

Views

8.0K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Explorer , Jul 02, 2012 Jul 02, 2012

It only took a couple of hours... but eventually I figured out it is an IIS problem.  If Windows Authentication is set on the folder level... it MUST be enabled at the server level before it will populate the CGI variables throughout the application (instead of just the initial page).  So the server level has both anonymous and windows authentication enabled and the folder that is restricted has anonymous disabled and windows authentication enabled.

Votes

Translate

Translate
Explorer ,
Jul 02, 2012 Jul 02, 2012

Copy link to clipboard

Copied

It only took a couple of hours... but eventually I figured out it is an IIS problem.  If Windows Authentication is set on the folder level... it MUST be enabled at the server level before it will populate the CGI variables throughout the application (instead of just the initial page).  So the server level has both anonymous and windows authentication enabled and the folder that is restricted has anonymous disabled and windows authentication enabled.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jan 31, 2014 Jan 31, 2014

Copy link to clipboard

Copied

Hey there, we're running into the same thing.

When you mean Server level, are you talking about the IIS Site itself?

Sites->{site name}->Authentication->Windows Authentication = Enabled

We have that set, and it generally works... but then randomly doesn't and users have to reopen their browser.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jan 31, 2014 Jan 31, 2014

Copy link to clipboard

Copied

Above sites... at the server (whatever the server is named) as well as the site.  Both need to have anonymous enabled as well as windows authentication enabled.  Then the folder you want to protect needs to have anonymous disabled.

Still not perfect though as I find some user installed browsers (with various add-ons) just refused to cooperate.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Jan 31, 2014 Jan 31, 2014

Copy link to clipboard

Copied

LATEST

Has anyone been able to get this to work with CF10 and IIS 8.5 (Win Server 2012 R2)?

When we do this on IIS 8.5 the session still drops.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation