Hi all,
Hoping somebody can provide some assistance...
In our organisation we are starting to deploy web-based applications built
using Flex to our corporate intranet. We are a Microsoft shop and use Windows
Server 2003 and IIS for all web site hosting.
Currently our applications use Forms authentication (user enters
login/password, which is checked against database and verified). What we would
like to do is to have all of our web sites use pass-through authentication
using Windows Domain Authentication. We have the web sites configured to use
Integrated Windows Authentication, however we are not sure how we can use this
level of authentication from within our Flex apps.
What we would like to have happen is something along the lines of:
1. User browses to web site (intranet application): http://someapp.ourdomain
2. The wen site authenticates the user (in IIS) using their logged in Windows
user credentials - domain groups will be used to control authorisation levels
(read-only, sysadmin, etc).
3. If the user is authenticated to use the web site, then their group
membership is returned to the Flex application (or it looks up the details in
Active Directory or equivalent functionality). Ultimately what we would want
is:
* User Name (Domain\User)
* Domain Group Membership(s) - Domain group memberships will control
access to resources in the Flex application - only members of the application's
SysAdmin group will see system admin functions, etc
* Any other relevant details from Windows Active Directory - possibly home
folder location (shared folders), etc.
All this should occur seamlessly without the user having to type user
names/passwords. Our ultimate goal is to have single sign-on across the
organisation.
We currently have points 1 and 2 operating, however it is the Flex part that is
causing some troubles. Mainly - can we retrieve the Logged In user name from
the client (Domain\User) - we only want the name, not the password. We use
ColdFusion (v8) as our middleware, so once we have this we can call CFLDAP tags
to integrate with Active Directory, the main problem at the moment is getting
the client's logged on user name.
Hoping somebody can help.
Owen West M.SysDev (C.Sturt) MCP MCAD MCSD
Computer Programmer
Applications Development Team
Information Technology & Telecommunications
Hunter New England Health
Ph: (02) 4921 4194
Fax: (02) 4921 4191
Email: [EMAIL PROTECTED]