For the greater bulk of our intranet, forms-based
authentication suffices. There are, however, certain resources the
access to which is governed by Active Directory memberships and so
we enforece HTTP authentication. I've been trying to discover a way
for the user to have a seamless interaction between the two.
I have been able to connect to a protected resource using
cfhttp & the cfx_http5 custom tag. The problem is that once the
resource is accessed, if the resource itself involves multiple
pages, the secondary pages require the authentication. How can the
u/p credentials be passed along to the actual page?
For example directory A basic authentication turned on and
anonymous access disabled and is NOT on the same server as CF.
Directory A as Page B and Page C. Page B links to Page C. I can
load the contents of Page B using CFHTTP, but when trying to click
the link one Page B to Page C I am required to authenticate as Page
redirect the user to the actual page that cfhttp accessed but all
with no avail. I suspect somehow the headers have to be rewritten,
but have no idea how to do it. Any help would greatly be
To compound the issue, I cannot simply require the HTTP
authentication at the outset, which in a given session might solve
the problem, because there are accounts that are not part of the
active directory that need general access.