This content has been marked as final. Show 6 replies
I use integrated Windows Authntication on my intranet. There is a checkbox for it under IIS.
This allows the uername to be visible to CF using the #cgi.auth_user# variable.
As for security, I maintain a data table with each username and appropriate permissions. In my application, I merely confirm that the currently logged in user is authorized for given areas of my site.
Works great. The only real caveat is that some places might aruge that you are not verifying that the person behind the keyboard is really the person currently logged into that particular machine on the network. My defense is that this scenario is the responsibility of the currently logged in user, rather than the web developer. Your environment may dictate more stringent criteria or verification.
BTW: My implementation has passed muster with our security audits in the medical field for the last eight or nine years.
The easirt solution will be to start using <cfntauthenticate> tag as you can verify the login against an NT/AD domain
We have several applications that authenticate against a Windows Server 2003 Active Directory via general LDAP calls. The LDAP bind itself is contained inside a component, and it's boolean return dictates the flow of the cflogin tag to authenticate the user.
Hi guys! All of your responses are really useful. I will continue to research. I will provide more information about my network so you guys have a better idea of what I am dealing with. My network runs on Windows Server 2003. It's a wide area network that connects 8 clinics and 2 main offices in a radius of 75 miles. So I am dealing with doctors, therapists, etc.
My web app runs on Apache Web Server and I am writing the new application in Coldfusion 8. I am using a Microsoft SQL 2005 database. I appreciate more ideas! Thanks a lot guys!
Forget my post about windows authentication if you are using Apache. Looks like CFNTAUTHENTICATE might be the direction to look into.