EasyCFM.COM ColdFusion Forums / Coding Help! / NT User Authentication

   Reply to Discussion | New Discussion << previous || next >> 
Posted By Discussion Topic: NT User Authentication

book mark this topic Printer-friendly Version  send this discussion to a friend  new posts last

somayajula
12-09-2002 @ 5:59 PM
Reply
Edit
Profile
Send P.M.
My Gravatar!
Powered by Gravatar
New Member
Posts: 5
Joined: Dec 2002

I want to provide a login screen, which will evaluate the username and password with NT Domain...basically..I want to have a network user login using CF. Please help me out.

Justice
12-10-2002 @ 8:27 AM
Reply
Edit
Profile
Send P.M.
My Gravatar!
Powered by Gravatar
New Member
Posts: 36
Joined: Oct 2002

Taken from   http://www.peachekeen.com/articles/ntsec.cfm:

Authenticating users against the Windows NT domain
Amit Yathirajadasan [09|01|02]


Precursor
The code in the following article uses a COM component(s) that was tested on the following platforms:

Microsoft Windows 2000 w/ IIS 5.0
The component(s) may have errors and produce unexpected results. Your use of the following code and any dependent software component is entirely at your own risk. You will need the following files:
VB6 runtime redistribution
CFNTSec.dll
To learn how to register the component on your machine, click here



Writing intranet applications have many advantages over one intended for use on the internet. You have a definite (or close) idea of your user base. You get, in most cases, a good picture of the platform and the browser(s), your target audience is bound to use. With any luck, you might have to design for only one browser on one platform. This cuts down time and effort, you would have spent on designing for multiple browsers on multiple platforms.

If your application is on the Windows NT/2000/.NET platform, user management is one less thing you may have to worry about. You can authenticate users with their Windows user account. You can skip the whole registration process and/or the pain of populating a whole user database. Since security is the concern here, you won’t have to worry about disgruntled employees using your application as a Trojan horse to wreck havoc. When a user account is removed from NT/2000/.NET, they lose access to your application by default.

The CFNTSec component provides you with a list of domains available on the network and then authenticates a user against their NT credentials. Once you have downloaded the component, extract CFNTSec.dll to your system directory (usually C:\WINNT\SYSTEM32). Click on Start and then click on Run. Type in the following and click OK.

regsvr32 CFNTSec.dll

You should receive a message like, “DllRegisterServer in CFNTSec.dll succeeded”. There are 2 methods to the component. The first returns the domains available to authenticate the user. The other is the one we will use for the actual authentication. To use the component in ColdFusion, the first step is to instantiate the component.

<cfobject type="COM" name="sec" class="CFNTSec.Logon" action="CREATE">

To get a list of the domains available to authenticate, use the GetDomainList method. The method returns the domains as a list, separated by commas.

<cfset domlst = sec.GetDomainList>
<cfloop list="#domlst#" index="dom">
     <cfoutput>#dom#</cfoutput><br>
</cfloop>

Now that you have the list of domains, you can allow the user to select the domain and provide his/her NT username and password. Pass the 3 parameters to the VerifyLogin method to authenticate the user.

<cfset success = sec.VerifyLogin("username", "domain", "password")>

Replace the above information with the information you have gathered and the VerifyLogin method returns a true value if the user was successfully authenticated. The domain parameter is optional, but when you use the method without a domain, remember to pass a blank string.

<cfset success = sec.VerifyLogin("username", "", "password")>

In a few quick steps you were able to verify users credentials, but I would like to advise a word of caution here. Remember you are passing users NT account information. Extreme caution has to be used in how you implement the solution. I would recommend using SSL, but that’s not always possible. To learn more about authenticating against Windows NT domains, read Rob Rusher’s article on Macromedia’s ColdFusion MX Application Development Center, Security best practices: Authenticating and authorizing against NT domains with ColdFusion MX.


Some mistakes are just too much fun to make only once...

somayajula
12-11-2002 @ 7:26 AM
Reply
Edit
Profile
Send P.M.
My Gravatar!
Powered by Gravatar
New Member
Posts: 5
Joined: Dec 2002

Hi,

     Thanks for the solution. I tried it and I have a strange problem. It worked well on one machine and it didn't work on another machine....I mean....I've one development server and one production server. It did work on Dev Server, but didn't work on Pro Server. I've the same code in those 2 systems and I registered the same DLL......still I don't understand why it's not working. What could be the problem? Please help me out.

Thanks

Mouli

Justice
12-11-2002 @ 7:31 AM
Reply
Edit
Profile
Send P.M.
My Gravatar!
Powered by Gravatar
New Member
Posts: 36
Joined: Oct 2002

Just a few idea's right off the top of my head..

Compare the version numbers / modification dates of the registered DLL files, are they the same??

What OS versions / ColdFusion versions are you running on each server?  Do you have the same patches for coldfusion and Windows on each PC also?  Also, did you get any errors registering those .dll files?  Try doing a regsvr32 <whatever>.dll /u to unregister and then re-register them.  As 1 more Q, were you able to reboot your production server after setting this up to test it or not?  Smile

Hope I can help some more!  

Some mistakes are just too much fun to make only once...

somayajula
12-11-2002 @ 8:23 AM
Reply
Edit
Profile
Send P.M.
My Gravatar!
Powered by Gravatar
New Member
Posts: 5
Joined: Dec 2002

Thanks for the suggestions, I did everything what I could....but still not working....it's not even giving any error message in Event Log....


Website Designed and Developed by Pablo Varando.