P.B.T. wrote:
> On my companies intranet, we have IIS configured so that
it uses
integrated
> windows authentication. What I want to do is get a
list of groups the
> current logged in user belongs too.
>
> I have looked at
cfNTauthenticate, but for that to work, you need to
> provide the users windows password within the web
application and I do not want
> used to have to enter a password - I just what to grant
or deny access based on
> the currently logged on user and a specific set of
groups?
>
> Any ideas....?
> Thanks, Paul.
>
If you have integrated windows authentication turned on AND
anonymous
access turned off, cgi.auth_user will be populated the the
domain\userID
of the user logged into the client accessing the web
resource. You can
use this value in a <cfldap ...> call to get the users
data from Active
Directory.
Here is how we do it on our intranet.
<cfldap
name="Entity" username="xxx" password="xxx"
server="xxx"
action="query"
attributes="displayname,mail,sn,cn,givenName,memberOf,..."
scope="subtree" start="DC=smfbc,DC=org"
filter =
"(&(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=smfbc,DC=org)(samAccountName=#arguments.userid#))">