2 Replies Latest reply on Apr 26, 2014 9:52 AM by wannab0133

    Retrieve user from IIS using ISA (TMG)

    wannab0133 Level 1

      I am writing a coldfusion application that is only accessible through a specific windows server.  The users log into the server using citrix.  The windows server is using a proxy server called ISA or TMG (Threat Management Gateway), which includes all of the web authentication.  This allows the ability to pass Active Directory credentials from TMG to the IIS web server for authentication.  This user credentials system is adequate for our client and we are not wanting to have another credential system within our application.  In order to utilize this authentication system, we only need to retrieve the username.  This system already ensures the user is logged in.  Would I try and retrieve the username from IIS?  Or, is there some way to retrieve the windows username?  The apps I write typically have their own authentication system, so I am new to this and looking fro some guidance.

       

      If anyone has some suggestions on how to proceed in retriving the username I would appreciate the help!

        • 1. Re: Retrieve user from IIS using ISA (TMG)
          wannab0133 Level 1

          I am writing a coldfusion application that is accessible through a windows 2003 server with IIS 6. The users log into the server using citrix. The windows server is using a proxy server called ISA or TMG (Threat Management Gateway), which includes all of the web authentication. This allows the ability to pass Active Directory credentials from TMG to the IIS web server for authentication. This user credentials system is adequate for our client and we are not wanting to have another credential system within our application. In order to utilize this authentication system, we only need to retrieve the username. This system already ensures the user is logged in. I have been given the advice below to retrieve the username from IIS and it seemed to work, partially.

          In IIS manager, select the resource(s) [website(s), folder(s) or file(s)] you would like to authenticate users in this manner and under the security tab in properties, edit the authentication method to use "Windows Integrated Authentication" and make user "Anonymous Access" is unchecked. When this is done, cgi.auth_user (or is it cgi.authuser) will be populated with the domain/userID of the logged on user of the client accessing the resource.

          I am thankful for the above steps because they have partially solved my problem. index.cfm is defined in the default documents for this site.

          when I go here:

          localhost/dir

          cgi.auth_user is populated and the page opens normal...success

          But, when I go here:

          localhost/dir/index.cfm

          I get an HTTP Error 401.2

          Basically, it seems the directory level is set up and working, but the file level is not. I double checked that the file level security was set up the same as the directory security(like above) in IIS manager. Anytime I try a file level url, I get the HTTP Error 401.2

          Update:

          when I go here:

          localhost/dir/index.html

          I do NOT get the HTTP Error 401.2

          index.cfm and index.html are identical files but I get the 401.2 error when trying to open the cfm file. Below is the error:

          You are not authorized to view this page

          You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept. Please try the following:

          Contact the Web site administrator if you believe you should be able to view this directory or page. Click the Refresh button to try again with different credentials. HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration. Internet Information Services (IIS)

          Technical Information (for support personnel)

          Go to Microsoft Product Support Services and perform a title search for the words HTTP and 401. Open IIS Help, which is accessible in IIS Manager (inetmgr), and search for topics titled About Security, Authentication, and About Custom Error Messages.

          • 2. Re: Retrieve user from IIS using ISA (TMG)
            wannab0133 Level 1

            This issue has been resolved.  I followed the steps in this thread:

            http://forums.adobe.com/message/4537316

            I had to check windows authentication in the server level, then remove anon in the site level.

            Thanks for everyone's help.