I am trying to set up a website that will have a login page that will use the persons domain login information. I found some examples to use cfNTauthenticate.
I had it working, but somehow it stopped working after making some changes. I thought I put changes back, but I can't get it to work now.
It gets to the login_action.cfm page but nothing happens. Below is the code that I currently have for all three pages.
In my application.cfm file, I have the following:
Then I have the following in for the login.cfm
Then I have the login_action.cfm page
Although I had this working before, I know it wasn't yet secure and I could get to the index page without logging in. I'm just not sure what I need to put in the application.cfm page to make it secure.
Any help is greatly appreciated.
Thanks,
Scott
I had it working, but somehow it stopped working after making some changes. I thought I put changes back, but I can't get it to work now.
It gets to the login_action.cfm page but nothing happens. Below is the code that I currently have for all three pages.
In my application.cfm file, I have the following:
Code:
<cfapplication name="AppName" sessionmanagement="yes">Then I have the following in for the login.cfm
Code:
<cfform action="login_action.cfm" method="post">
<!--- j_username and j_password are special names that populate cflogin tag
variables. --->
<table width="50%" cellpadding="3" cellspacing="3" border="0" bgcolor="ccccff" align="center">
<tr>
<td>
<table align="center">
<tr><td colspan="2" align="center"><img src="images/Ask_Watson_Logo.gif"></td></tr>
<tr><td colspan="2" align="center"><h3>Please Login</h3></td></tr>
<tr>
<td align="right"><b>Username:</b></td>
<td align="left"><cfinput type="text" name="j_username" value="" required="Yes"></td>
</tr>
<tr>
<td align="right"><b>Password:</b></td>
<td align="left"><cfinput type="password" name="j_password" value="" required="Yes"></td>
</tr>
<tr>
<td align="right"><b>Domain:</b></td>
<td align="left"><cfinput type="text" name="domain" value="" required="Yes"></td>
</tr>
<tr>
<td align="right"></td>
<td align="left"><input type="submit" value=" Login ">
<input type="reset" value=" Reset "></td>
</tr>
</table>
</td>
</tr>
</table>
</cfform>Then I have the login_action.cfm page
Code:
<!--- The cflogin body code runs only if a user is not logged in. --->
<cflogin>
<!--- cflogin variable exists only if login credentials are available. --->
<cfif NOT IsDefined("cflogin")>
<!--- Show a login form that posts back to the page whose request
initiated the login, and do not process the rest of this page. --->
<cfinclude template="login.cfm">
<cfabort>
<cfelse>
<!--- Trim any leading or trailing spaces from the username and password
submitted by the form. --->
<cfset theusername=trim(form.j_username)>
<cfset thepassword=trim(form.j_password)>
<cfset thedomain=trim(form.domain)>
<cfntauthenticate username="#theusername#" password="#thepassword#"
domain="#thedomain#" result="authresult" listgroups="yes">
<!--- authresult.auth is True if the user is authenticated. --->
<cfif authresult.auth>
<!--- Log user in to ColdFusion and set roles to the user's Groups. --->
<cfloginuser name="#theusername#" password="#thepassword#"
roles="#authresult.groups#">
<cflocation url="index.cfm">
<cfelse>
<!--- The user was not authenticated.
Display an error message and the login form. --->
<cfoutput>
<cfif authresult.status IS "AuthenticationFailure">
<!--- The user is valid, but not the password. --->
<h2>The password for #theusername# is not correct<br>
Please Try again</h2>
<cfelse>
<!--- There is one other status value, invalid user name. --->
<H2>The user name #theusername# is not valid<br>
Please Try again</h2>
</cfif>
</cfoutput>
<cfinclude template="login.cfm">
<cfabort>
</cfif>
</cfif>
</cflogin>Although I had this working before, I know it wasn't yet secure and I could get to the index page without logging in. I'm just not sure what I need to put in the application.cfm page to make it secure.
Any help is greatly appreciated.
Thanks,
Scott
