Windows Domain Authentication from ColdFusion MX

posted January 5th 2004 at 1632 EST in All, ColdFusion

Following is a snip of code that will give the capability for user authentication to a Windows Domain from ColdFusion MX web application running on a Windows 2000 server.

Reference for the NTLMAuthenticate function used.

<cftry>   
<cflock name="singlesignon" timeout="5" throwontimeout="yes">   
<cfscript>   
// create object to authenticate to NT Domain 
ntauth = createObject ("java", "com.linar.jintegra.NTLMAuthenticate" );   
// call validate function 
ntauth.validate ("Windows Domain Servername", "domain", arguments.userid, arguments.passwd);   
</cfscript>    
</cflock>    
<cfcatch>      
    <!--- if any problems logging in, fail login, give error message --->      
    <cflog application="yes" file="windows200auth" type="warning" text="Login Failure for #arguments.userid#">    
</cfcatch> 
</cftry>

4 Responses

  1. #1 Robert
    5 years, 1 month ago

    I’m trying to find a way to programatically grant ACL rights on Windows 2000 server from ColdFusionMX v6.1.

    The problem is that I need to grant access to some directories that contain HTML, CSS, images and other assets whose assets can’t normally be protected by a ColdFusion login alone. On the other hand, I can’t create Windows NT accounts for each user that needs access to these directories, and each authenticated CF user should have read access to these directories, but no one else on the ‘web.

    What I’d like to do is have their login to my CF app give them ACL access to these specific web directories.

    Any ideas?

  2. #2 jehiah
    5 years, 1 month ago

    It sounds like you could easily write a coldfusion page which acts as a gateway/proxy for those static files; thus allowing you to use your existing coldfusion authentication.

    something like

    http://site/proxy.cfm?file=this

    <cfcontent type="text/plain" deletefile="no" file="c:/path/to/#url.file#">

    Of course you need to work on the mime type, and do alot of authentication of the url.file parameter, to verify that you arn’t alowing open proxy to your whole system, but those are my thoughts.

  3. #3 Sami Hoda
    4 years, 10 months ago

    What about returning the Active Directory groups? Is CFLDAP the only way or does this functionality expose that?

  4. #4 Steve
    4 years, 5 months ago

    The validate method of NTLMAuthenticate returns an error “An AuthInfo object cannot be created in Native Mode”. Some google searchs seem to show that you can’t change the mode of jintegra on the CF server.

    Is there any other way to logon to the domain via ColdFusion?