Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

NTLM Authentication in ColdFusion

Is there a recommended (and preferably free) way in ColdFusion to access a remote file that is protected by NTLM authentication? The cfhttp tag appears to only support Basic authentication.

like image 565
Soldarnal Avatar asked May 21 '09 21:05

Soldarnal


3 Answers

Here is some code I found in:

http://www.bpurcell.org/downloads/presentations/securing_cfapps_examples.zip

There are also examples for ldap, webservices, and more.. I'll paste 2 files here so you can have an idea, code looks like it should still work.

<cfapplication name="example2" sessionmanagement="Yes" loginStorage="Session">
<!-- Application.cfm -->
<!-- CFMX will check for authentication with each page request. -->
<cfset Request.myDomain="allaire">

<cfif isdefined("url.logout")>
    <CFLOGOUT>
</cfif>


<cflogin>
   <cfif not IsDefined("cflogin")>
      <cfinclude template="loginform.cfm">
      <cfabort>
   <cfelse>
      <!--Invoke NTSecurity CFC -->
        <cfinvoke component = "NTSecurity" method = "authenticateAndGetGroups"
            returnVariable = "userRoles" domain = "#Request.myDomain#"
            userid = "#cflogin.name#" passwd = "#cflogin.password#">
        <cfif userRoles NEQ "">
            <cfloginuser name = "#cflogin.name#" password = "#cflogin.password#" roles="#stripSpacesfromList(userRoles)#">
            <cfset session.displayroles=stripSpacesfromList(userRoles)><!--- for displaying roles only --->
        <cfelse>
            <cfset loginmessage="Invalid Login">
            <cfinclude template="loginform.cfm">
            <cfabort>
        </cfif>
   </cfif>
</cflogin>

<!-- strips leading & trailing spaces from the list of roles that was returned -->
<cffunction name="stripSpacesfromList">
    <cfargument name="myList">
    <cfset myArray=listtoarray(arguments.myList)>
    <cfloop index="i" from="1" to="#arraylen(myArray)#" step="1">
        <!--- <cfset myArray[i]=replace(trim(myArray[i]), " ", "_")> 
        out<br>--->
        <cfset myArray[i]=trim(myArray[i])>
    </cfloop>
    <cfset newList=arrayToList(myArray)>
    <cfreturn newList>
</cffunction>

This is the cfc that might be of interest to you:

<!--- 
This component implements methods for use for NT Authentication and Authorization.

$Log: NTSecurity.cfc,v $
Revision 1.1  2002/03/08 22:40:41  jking
Revision 1.2  2002/06/26 22:46  Brandon Purcell
component for authentication and authorization
--->

<cfcomponent name="NTSecurity" >

        <!---  Authenticates the user and outputs true on success and false on failure. --->
        <cffunction name="authenticateUser" access="REMOTE" output="no" static="yes" hint="Authenticates the user." returntype="boolean">
                <cfargument name="userid" type="string" required="true" />
                <cfargument name="passwd" type="string" required="true" />
                <cfargument name="domain" type="string" required="true" />
                <cftry> 
                        <cfscript>
                        ntauth = createObject("java", "jrun.security.NTAuth");
                        ntauth.init(arguments.domain);
                        // authenticateUser throws an exception if it fails, 
                        ntauth.authenticateUser(arguments.userid, arguments.passwd);
                        </cfscript>

                <cfreturn true>
                <cfcatch>
                <cfreturn false>
                </cfcatch>
                </cftry>  
        </cffunction>

        <!--- 
                Authenticates the user and outputs true on success and false on failure.
        --->
        <cffunction access="remote" name="getUserGroups" output="false" returntype="string" hint="Gets user groups." static="yes">
                <cfargument name="userid" type="string" required="true" />
                <cfargument name="domain" type="string" required="true" />

                 <cftry>
                        <cfscript>
                        ntauth = createObject("java", "jrun.security.NTAuth");
                        ntauth.init(arguments.domain);
                        groups = ntauth.GetUserGroups(arguments.userid); 
                        // note that groups is a java.util.list, which should be 
                        // equiv to a CF array, but it's not right now???
                        groups = trim(groups.toString());
                        groups = mid(groups,2,len(groups)-2);
                        </cfscript>
                       <cfreturn groups>
                <cfcatch>
                        <cflog text="Error in ntsecurity.cfc method getUserGroups - Error: #cfcatch.message#" type="Error" log="authentication" file="authentication" thread="yes" date="yes" time="yes" application="no"> 
                        <cfreturn "">
                 </cfcatch>
                </cftry>  

        </cffunction>

        <!--- 
                This method combines the functionality of authenticateUser and getUserGroups. 
        --->
        <cffunction access="remote" name="authenticateAndGetGroups" output="false" returntype="string" hint="Authenticates the user and gets user groups if it returns nothing the user is not authticated" static="yes">
                <cfargument name="userid" type="string" required="true" />
                <cfargument name="passwd" type="string" required="true" />
                <cfargument name="domain" type="string" required="true" />  
                 <cftry>  
                        <cfscript>
                        ntauth = createObject("java", "jrun.security.NTAuth");
                        ntauth.init(arguments.domain);
                        // authenticateUser throws an exception if it fails, 
                        // so we don't have anything specific here
                        ntauth.authenticateUser(arguments.userid, arguments.passwd);
                        groups = ntauth.GetUserGroups(arguments.userid);

                        // note that groups is a java.util.list, which should be 
                        // equiv to a CF array, but it's not right now
                        groups = trim(groups.toString());
                        groups = mid(groups,2,len(groups)-2);
                        </cfscript>     
                <cfreturn groups>
                <cfcatch>
                        <cfreturn "">
                 </cfcatch>
                </cftry>   

        </cffunction>

</cfcomponent>
like image 23
Jas Panesar Avatar answered Nov 11 '22 09:11

Jas Panesar


This CFX Tag - CFX_HTTP5 - should do what you need. It does cost $50, but perhaps it's worth the cost? Seems like a small price to pay.

like image 84
Adam Tuttle Avatar answered Nov 11 '22 11:11

Adam Tuttle


If the code from Brandon Purcell that uses the jrun.security.NTauth class doesn't work for you in cf9 (it didn't for me) the fix is to use the coldfusion.security.NTAuthentication class instead. Everything worked fine for me.

like image 1
Jon Briccetti Avatar answered Nov 11 '22 09:11

Jon Briccetti