views:

755

answers:

2

I can't seem to get the magic combination of enabling NTLM authentication and still having RDS work. If I leave just anonymous authentication on, RDS works fine - as soon as I enabled it site wide, RDS fails (which is to be expected). Here is what I have done:

  • This is Windows XP SP2 and ColdFusion 8, Eclipse + Adobe plugins
  • In the IIS Manager, Right click on default web site and choose Properties
  • Directory Security tab, click the Edit button for anonymous access and authentication control
  • Authentication Methods popup window, uncheck anonymous access, and check Integrated Windows authentication (all other checks blank as well).
  • Click OK, OK, and override the settings for all child sites as well such that the entire site is "secured" using NTLM authentication.
  • Back in the IIS manager, right click on the CFIDE virtual directory, choose Properties
  • Directory security tab, edit the authentication methods. Uncheck Integrated Windows authentication and check anonymous access. Hit OK, OK and test:
C:\>wget -S -O - http://localhost/CFIDE/administrator/
--2009-01-21 10:11:59--  http://localhost/CFIDE/administrator/
Resolving localhost... 127.0.0.1
Connecting to localhost|127.0.0.1|:80... connected.
HTTP request sent, awaiting response...
  HTTP/1.1 200 OK
  Server: Microsoft-IIS/5.1
  Date: Wed, 21 Jan 2009 17:12:00 GMT
  X-Powered-By: ASP.NET
  Set-Cookie: CFID=712;expires=Fri, 14-Jan-2039 17:12:00 GMT;path=/
  Set-Cookie: CFTOKEN=17139032;expires=Fri, 14-Jan-2039 17:12:00 GMT;path=/
  Set-Cookie: CFAUTHORIZATION_cfadmin=;expires=Mon, 21-Jan-2008 17:12:00 GMT;path=/
  Cache-Control: no-cache
  Content-Type: text/html; charset=UTF-8
Length: unspecified [text/html]
Saving to: `STDOUT'

    ... html output follows ...

And so far so good, the CFIDE directory and at least one child directory appear to be working without NTLM authentication. So I fire up Eclipse and try to establish an RDS connection. Unfortunately I just get an Access Denied message. Investigating a bit further it appears that Eclipse is trying to communicate with /CFIDE/main/ide.cfm - fair enough, pull out trusty wget once again see what IIS is doing:

C:\>wget -S -O - http://localhost/CFIDE/main/ide.cfm
--2009-01-21 10:16:56--  http://localhost/CFIDE/main/ide.cfm
Resolving localhost... 127.0.0.1
Connecting to localhost|127.0.0.1|:80... connected.
HTTP request sent, awaiting response...
  HTTP/1.1 401 Access Denied
  Server: Microsoft-IIS/5.1
  Date: Wed, 21 Jan 2009 17:16:56 GMT
  WWW-Authenticate: Negotiate
  WWW-Authenticate: NTLM
  Content-Length: 4431
  Content-Type: text/html
Authorization failed.

One potential hang up that has been documented elsewhere is that the main directory and ide.cfm page don't actually exist on disk. IIS is configured to hand off all .cfm files to JRun and JRun is configured to map ide.cfm to the RDS servlet. In an attempt to force IIS to be a bit more sensible, I dropped a main directory and empty ide.cfm file on disk hoping it would solve the authentication issue but it didn't make any difference.

What I can do as a work around is leave the entire site as anonymous access and then just enable the specific application folders to use NTLM integrated authentication, but there are quite literally hundreds of possible web applications I would have to do that for. Yuck.

Please Help!!!

+2  A: 

There is something strange about answering your own question, but I did finally get it resolved.

  • NTLM integrated authentication can be enabled for the entire web site
  • Anonymous access must be enabled for the CFIDE virtual directory
  • Anonymous access must be enabled for the JRunScripts virtual directory

Once both CFIDE and JRunScripts had anonymous access enabled, RDS and debugging through Eclipse worked like a charm.

Goyuix
+1  A: 

Worked like a charm.

Thank you