When ColdFusion first was released with the jRun engine, one question at the time among many users was How do we authenticate against our Windows AD environment? At the time (if I recall correctly), a cfc was made freely available by Macromedia that created a Java object using one or more Java class files that were made available along with jRun (the relevant function code of the component appears at the end of this message sans attribution) and performed the "authentication process." I assume our small staff were not the only developers to use that code over the years.
We have been using that code for versions 6-9 of CF server. The code worked well, but with CF 10 and the elimination of jRun as the underlying Java server, the code no longer functions since the class file is not included with the Tomcat server. Are there others who are or were in a similar situation? If so, how did you effect the transition to CF 10 and continue to authenticate against Microsoft Active Directory?
In our particular business environment, LDAP is not configured for authentication so authenticating against LDAP is not an option for us, and LDAP control is outside the purview of our small department (that is handled by a central IT authority beyond our sphere of influence). As for our local server(s), we run Windows Server 2008 R2, IIS 7.5, JRE 1.7 64 bit, and ColdFusion 10 SE 64 bit. If anyone has any ideas to share, I would appreciate reading them.
CODE SNIPPET FOLLOWS
<!--- Authenticates the user and outputs true on success and false on failure. --->
<CFFUNCTION NAME="authenticateUser" ACCESS="REMOTE" OUTPUT="yes" STATIC="yes" HINT="Authenticates the user.">
<CFARGUMENT NAME="userid" TYPE="string" REQUIRED="true" />
<CFARGUMENT NAME="passwd" TYPE="string" REQUIRED="true" />
<CFARGUMENT NAME="domain" TYPE="string" REQUIRED="true" />
<CFTRY>
<CFSCRIPT>
ntauth = createObject("java", "jrun.security.NTAuth");
ntauth.init(arguments.domain);
// authenticateUser throws an exception if it fails,
// so we don't have anything specific here
ntauth.authenticateUser(arguments.userid, arguments.passwd);
auth = true;
</CFSCRIPT>
<CFCATCH>
<CFSET auth = false>
</CFCATCH>
</CFTRY>
<CFRETURN AUTH>
</CFFUNCTION>
cfldap can be used for authentication with Active Directory. There are probably better examples out there than this one: http://www.sixfive.com.au/2005/01/cfldap-and-user-authentication-on-active-directory/
As suggested in comments IIS is also capable of authentication against AD.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With