954,585 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
1 Year Ago
0

Authentication Using Active Directory

Good Evening:

I am trying to implement session management on a website I am building with coldfusion. Currently, the site authenticates via IIS 7 using the "Requires Authentication" setting that requires users to log into the web server before any page is served. This, however, is not ideal. It appears that the session management does not work when users are automatically logged on by using the IIS 7 authentication.

Currently my CGI variables get set once IIS authenticates, then the user information is set based on the authenticated username. I am halted from ending a session because IIS is still authenticated on that open browser, and until the browser window is closed, the site is still active.

I was trying to make sense of LDAP, but that is new to me (Active Directory is something I have not used much of, but the people who I'm helping love it). I was not sure if I would be able to create a simple login form and then have that check against active directory, for the hopes of not making people memorize yet another password, and just let them use the same password they use on the network.

Any assistance would be greatly appreciated.

phpcode
Newbie Poster
2 posts since Dec 2010
Reputation Points: 10
Solved Threads: 0
 
1 Year Ago
0

In your application.cfc or application.cfm file check for the existance of a client.username, if it doesn't exist redirect to a login form - like:

<cfif not isdefined("client.username")>
    <cflocation url="http://#cgi.server_name#/login/login.cfm"/>
</cfif>

In your login action page (in a seperate login folder with it's own application.cfm or application.cfc so it doesn't create an endless loop), test the user password by doing a ldap connection to your active directory server. Trap any errors as login failure.

<cftry>   
     <CFLDAP
		ACTION="QUERY"
		SERVER="my.ldapserver.local"
		PORT="389"
		START="ou=users,ou=General,dc=MyCompany,dc=local"
		USERNAME="MyDomain\#form.logonName#"
		PASSWORD="#form.password#"
		NAME="checkPassword"
		filter="sAMAccountName=#form.logonName#"
		ATTRIBUTES="*"
		SCOPE="SubTree"
		MAXROWS="1"> 
        <cfset client.username = form.logonName	/>	
     <cfcatch type="any">
	     <cflocation url="login.cfm?msg=Your logon failed please try again"/>
     </cfcatch>
</cftry>

That's the basic idea, you can limit retries, pull active directory info for the user and put it in client variables, etc to add others features.

sdow
Newbie Poster
1 post since Oct 2009
Reputation Points: 10
Solved Threads: 1
 

This question has already been solved

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed