Basic Authentication With ColdFusion

Here is an Application.cfc which implements HTTP Basic Authentication:


Sami Hoda's Gravatar Nice
# Posted By Sami Hoda | 8/14/08 12:09 AM
Adam Tuttle's Gravatar Nice work, Nathan. Hopefully I'll remember where to find this when I need to use it. ;)
# Posted By Adam Tuttle | 8/14/08 9:34 AM
Ben Nadel's Gravatar Interesting stuff. Do you have to do anything else to have the credentials passed over? I haven't use this technique, but I remember back when I had to integrate with NT login, we had to set a property in IIS (I think) that would pass login info via CGI. Anything you need to set for this to work?
# Posted By Ben Nadel | 8/14/08 1:03 PM
Nathan Mische's Gravatar @Ben, the client handles sending the credentials to the server via the Authorization header. As far as I know you don't have to do anything on the server for this to work. That being said, if you already have basic, digest, or NTLM authorization set up, this may not work. (The web server will most likely intercept the request before it gets to CF.)
# Posted By Nathan Mische | 8/14/08 1:49 PM
Ben Nadel's Gravatar @Nathan,

Sounds good. I'll have to play around with this stuff.
# Posted By Ben Nadel | 8/14/08 1:52 PM
Paul's Gravatar Hi,

Sorry if this is a dumb question. But does this mean the CF now supports Basic Server Authentication? Its just that when i had to configure barclays payment solution with a few years back with CF6; Basic Server Authentication was not supported by CF. I had to use PERL.
# Posted By Paul | 11/17/08 3:55 AM
david's Gravatar I have site that authentication works.
Then i have test server on local network where I have problem for the exact same site to make authentication.

i know is something silly like variable for the server/location or configuring the CF,or case sensitivity on apache2 linux server vs iis server.

On the apache server where i have problem the login form gets completely skipped and i get unauthorized page.

Please help.

this should be a login form:

<cfset URLTMP="http://"; &"#CGI.Server_name#" & ":" & "#cgi.SERVER_PORT#" & "#CGI.Script_name#">
<cfif CGI.QUERY_STRING is not "">
<H2>Please Log In</H2>
<form action="#urlfin#" method="Post">
<td><input type="text" name="j_username"></td>
<td><input type="password" name="j_password"></td>
<input type="submit" value="Log In">

# Posted By david | 11/30/09 12:07 PM
Adam Tuttle's Gravatar There's a bug in your code samples, Nathan. ;)

Consider someone with this password: gd$#fds:fdsa3!

It has a colon in it, so your use of GetToken(..., 2, ":") will result in the user's password appearing to be "gd$#fds". Instead you should use ListRest() (or some other solution), which returns everything after the first list element has been removed, including the list delimiters.
# Posted By Adam Tuttle | 12/29/12 2:22 PM
BlogCFC was created by Raymond Camden. This blog is running version 5.8.001.