3 Replies Latest reply on Feb 7, 2008 11:34 AM by newportri

    CFLDAP Basic Question


      This is a basic question, but hard to find an answer for - This is a simple phone/info directory DB in which users logged on the network (Windows 2003, Active Directory) would see more granular information than the public view outside the network.

      Once a user has logged on to the network, already authenticated against Active Directory, is there a server variable that CF can check for that can be used to allow varying data views depending on their user viewing permissions?

      Just simply "if logged into the network, show them internal data view, if not, only allow public view" (without the need for a double log-in).

      Thanks in advance...


        • 1. Re: CFLDAP Basic Question
          Level 7
          If your users are using Microsoft Browsers on Microsoft Desktops
          connecting to a Microsoft Server, you can configure the web site in IIS
          to use 'Integrated Windows Security'. Make sure you enable Integrated
          Security and disable Anonymous Security. If all these parameters are
          met then the web server will populate the cgi.auth_user with the user
          name the user used to log into the domain from the desktop. You can
          access this in ColdFusion with #cgi.auth_user#.

          • 2. Re: CFLDAP Basic Question
            newportri Level 1
            Thank you for your help- yes, all the above is true, and I have one question about the settings. The Website lives on another box separate from the Win2003 server, if that is an issue.

            I don't want to bring the Website down because of a mistake editing the settings...

            In IIS- I go the Websites/default Website /properties/directory security/ authentication and access control/ authentication methods - uncheck enable anonymous access and choose Integrated Windows Authentication?

            This looks like I'm going to require a UN & PW for access to the entire Website- should I be doing this just to the directory in which the app itself lives?

            Thanks again for your help.

            • 3. Re: CFLDAP Basic Question
              newportri Level 1

              I think the fact that the Active Directory resides on the Domain controller (named DC1) will be an issue.

              The #cgi.auth_user# works on my local IIS/CF development environment because I'm logged into my local machine, but not when its on the production server, which would need to get through a firewall to see DC1.

              Any possibility of still avoiding a second log-in?