Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ColdFusion 10 Active Directory Authentication

When ColdFusion first was released with the jRun engine, one question at the time among many users was How do we authenticate against our Windows AD environment? At the time (if I recall correctly), a cfc was made freely available by Macromedia that created a Java object using one or more Java class files that were made available along with jRun (the relevant function code of the component appears at the end of this message sans attribution) and performed the "authentication process." I assume our small staff were not the only developers to use that code over the years.

We have been using that code for versions 6-9 of CF server. The code worked well, but with CF 10 and the elimination of jRun as the underlying Java server, the code no longer functions since the class file is not included with the Tomcat server.  Are there others who are or were in a similar situation? If so, how did you effect the transition to CF 10 and continue to authenticate against Microsoft Active Directory?

In our particular business environment, LDAP is not configured for authentication so authenticating against LDAP is not an option for us, and LDAP control is outside the purview of our small department (that is handled by a central IT authority beyond our sphere of influence). As for our local server(s), we run Windows Server 2008 R2, IIS 7.5, JRE 1.7 64 bit, and ColdFusion 10 SE 64 bit.  If anyone has any ideas to share, I would appreciate reading them.

CODE SNIPPET FOLLOWS

    <!--- Authenticates the user and outputs true on success and false on failure. --->
    <CFFUNCTION NAME="authenticateUser" ACCESS="REMOTE" OUTPUT="yes" STATIC="yes" HINT="Authenticates the user.">
            <CFARGUMENT NAME="userid" TYPE="string" REQUIRED="true" />
            <CFARGUMENT NAME="passwd" TYPE="string" REQUIRED="true" />
            <CFARGUMENT NAME="domain" TYPE="string" REQUIRED="true" />

           <CFTRY> 
                    <CFSCRIPT>
                    ntauth = createObject("java", "jrun.security.NTAuth");
                    ntauth.init(arguments.domain);
                    // authenticateUser throws an exception if it fails, 
                    // so we don't have anything specific here
                    ntauth.authenticateUser(arguments.userid, arguments.passwd);
                    auth = true;
                    </CFSCRIPT>

            <CFCATCH>
                    <CFSET auth = false>
            </CFCATCH>
            </CFTRY>

            <CFRETURN AUTH>
    </CFFUNCTION>
like image 298
user3634661 Avatar asked May 16 '14 21:05

user3634661


1 Answers

cfldap can be used for authentication with Active Directory. There are probably better examples out there than this one: http://www.sixfive.com.au/2005/01/cfldap-and-user-authentication-on-active-directory/

As suggested in comments IIS is also capable of authentication against AD.

like image 153
Sn3akyP3t3 Avatar answered Nov 08 '22 05:11

Sn3akyP3t3