Single Sign-on - Using Coldfusion - ( External users and Intranet User )

Question

Hello Everyone,

Currently, I am working on Single sign-on project using Coldfusion 8 and SQL Server 2005.

Current system allows internal and external users to log-in and authenticate against SQL Server 2005 database, however I need to change the process.

1. Internal User: What I would like to do here, Use Active Directory to authenticate internal user and bypass user login screen
2. External User: Need to go to Login screen to login into system.

what is best way to implement? what are the steps that I need to take to enable Active Directory authenticat under IIS.

Any sample example good help.

thanks A

Answer 1

Note: I've not tried to use IIS/IE/AD integration before.

My understanding of IIS/IE/AD built-in authorization is that it won't work here. It requires that you turn on IIS authentication for the directory and/or site, only clients using Internet Explorer will be able to use it, and it does not pass those credentials on to CF. That is, if you want to allow anonymous access to this it won't be easy. You might work out something using a reverse proxy, but it would not be simple.

If you want to still use AD to authenticate users, I'd do this:

• present login screen
• check credentials against AD using CFLDAP
• if AD login fails, check against SQL as you do now

This allows you to keep internal users on AD, and external users on SQL. Also, it gives you a very clear way to determine which type of user they are.

Answer 2

You can also use cfheader to do your dirty work.

<cfheader statuscode="401">
<cfheader name="www-Authenticate" value="Basic realm=""My Web Application""">

You can capture the submitted values and pass them through cfntauthenticate.