NT Authentication

Steve Letford · Steve Letford

Hi,
If the web service is called via a dotnet class in a windows application and
not via a web browser, do the NT authentication details get passed to IIS?

i.e. if we use web services as the middle layer for an application rather
than remoting do I need to do any extra work to get hold of the users
credentials that have made the call?

Thanks for any help.

Steve

Craig Deelsnyder · Craig Deelsnyder

On Mon, 12 Jul 2004 20:35:58 +1200, Steve Letford <steve@straker.co.nz>
wrote:

> Hi,
> If the web service is called via a dotnet class in a windows application
> and
> not via a web browser, do the NT authentication details get passed to
> IIS?
>
> i.e. if we use web services as the middle layer for an application
> rather
> than remoting do I need to do any extra work to get hold of the users
> credentials that have made the call?
>
> Thanks for any help.
>
> Steve
>
>

[url]http://samples.gotdotnet.com/quickstart/aspplus/doc/secureservices.aspx[/url]

--
Craig Deelsnyder
Microsoft MVP - ASP/ASP.NET

Glitch808 · Glitch808

Goal: To add security to selected pages on my company?s Intranet, preferably
based on the NT user account they are already logged into (so they wont have to
remember a separate login & password).
At minimum I just need to be able to pull the ServerVariables("LOGON_USER")
into the page. Then I could code my ASP page to provide or suppress certain
elements of the page, or bring that username into the SQL statement. But it
seems the NT permissions also need to be properly set.

What I?ve done so far:

IIS Directory Security is set to:
Anonymous Access OFF
Basic Authentication OFF
Digest Authentication for Windows Domain Servers OFF
Integrated Windows Authentication ON

NT Properties on the directory includes all Domain Users with: Read & Execute,
List Folder Contents, and Read permissions.

When I access pages in this directory with a normal user?s account, plane HTML
pages come up fine, but dynamic pages (namely ASP) prompts the for a user with
a log in dialog which brings back the message ?Error: Access Denied?.
When I access the pages with my Admin account the dynamic pages come up fine.

So, what?s? going on here?!
Even if I give the Domain User?s group the same permissions as my admin
account they still get prompted for a log in and ultimately brought to an
Access Denied message.
Is there someplace else I need grant the domain users execute permissions for
this folder?

Glitch808 · Glitch808

Please Help

CMBergin · CMBergin

It seems to me that you're set up properly. Execute (scripts only)
permission on the directory where your site resides should be all that's
needed. Be sure you granted domain users permission, not just local
computer users. Then, if you've granted permission to domain users, you've
still got the problem of users potentially logging into their local computer
account (if they have one) instead of their domain account.
You might try one of Microsoft's newsgroups. The NNTP server is
msnews.microsoft.com, then you can try an appropriate ASP or IIS group to
help.

"Glitch808" <webforumsuser@macromedia.com> wrote in message
news:d0l46r$g4o$1@forums.macromedia.com...

> Goal: To add security to selected pages on my company?s Intranet,

preferably

> based on the NT user account they are already logged into (so they wont

have to

> remember a separate login & password).
> At minimum I just need to be able to pull the

ServerVariables("LOGON_USER")

> into the page. Then I could code my ASP page to provide or suppress

certain

> elements of the page, or bring that username into the SQL statement. But

it

> seems the NT permissions also need to be properly set.
>
> What I?ve done so far:
>
> IIS Directory Security is set to:
> Anonymous Access OFF
> Basic Authentication OFF
> Digest Authentication for Windows Domain Servers OFF
> Integrated Windows Authentication ON
>
> NT Properties on the directory includes all Domain Users with: Read &

Execute,

> List Folder Contents, and Read permissions.
>
> When I access pages in this directory with a normal user?s account, plane

HTML

> pages come up fine, but dynamic pages (namely ASP) prompts the for a user

with

> a log in dialog which brings back the message ?Error: Access Denied?.
> When I access the pages with my Admin account the dynamic pages come up

fine.

>
> So, what?s? going on here?!
> Even if I give the Domain User?s group the same permissions as my admin
> account they still get prompted for a log in and ultimately brought to an
> Access Denied message.
> Is there someplace else I need grant the domain users execute permissions

for

> this folder?
>

Glitch808 · Glitch808

Their was a higher level of permissions (share drive permissions) that was negating my directory permissions.

mathetes · mathetes

I have an LDAP connection that is working. I would like to catch a persons NT
Login '<domain>\<login>' and then use that to query the Ldap information. Thus
removing the need to fill out you name evey time you use some of my forms.

gwgiswebmaster · gwgiswebmaster

#CGI.AUTH_USER#

mathetes · mathetes

I tried that, did not get anything..

gwgiswebmaster · gwgiswebmaster

is the site you are referring to on an intranet on the same NT domain? Also,
is your site set up to allow for domain authentification? if you said no to
both questions, then no, you won't have access to this variable.

cfkw · cfkw

I'm trying to use NT Authentication for one of my applications. Does anyone
know if I have to use IIS web server in order to make NT Authentication work?
Right now, all of our applications are running from ColdFusion's built-in
webserver. If I do have to use IIS, can I continue to have my other
applications run from the build-in web server and just have the ones using NT
Authentication run from IIS?

ke4pym · ke4pym

What version of CF are you using? If it is 6 or 7, you'll need to make LDAP
calls to an AD server to authenticate to your apps.

Now, if you want to control access to the sites, then you'll need IIS and use
NTFS privs. You should be using IIS anyway. The built in web server isn't
meant for production work.

Brian Hogue · Brian Hogue

I have some pages that require a userid / password. I want the password for
staff to be there W2K3 password. Should I be looking at this LDAP solution?

-brian

"ke4pym" <tforrest@carolinas.org> wrote in message
news:e92mmk$ia9$1@forums.macromedia.com...

> What version of CF are you using? If it is 6 or 7, you'll need to make
> LDAP
> calls to an AD server to authenticate to your apps.
>
> Now, if you want to control access to the sites, then you'll need IIS and
> use
> NTFS privs. You should be using IIS anyway. The built in web server
> isn't
> meant for production work.
>

JMGibson3 · JMGibson3

There is a <CFNTAuthenticate> tag that works well supplying it user, pass, and domain. But perhaps CFLDAP would be better. Certainly more emnable to environment changes down the line.

NT Authentication

Thread Tools

Display