Once the user is logged in they have a session on the app server. You can have Flex call a secure resource in the webapp that could pull the information from session and return it to the Flex app.
How it goes about doing that would depend on the middleware (you said you're using CF, not too familiar with it), but a Servlet has direct access to the Session object and the Principal (user) for that session. How I've done it in the past is have the Flex app makes a [parameterless] call to a secure Servlet in the webapp and the Servlet pulls the Principal from the Session and returns the username. At that point the Servlet could also make a query based on the data it pulled from the session if everything you need is not there. Hope that helps. -Steven --- In flexcoders@yahoogroups.com, "Owen West" <[EMAIL PROTECTED]> wrote: > > Hi all, > > Hoping somebody can provide some assistance... > > In our organisation we are starting to deploy web-based applications built using Flex to our corporate intranet. We are a Microsoft shop and use Windows Server 2003 and IIS for all web site hosting. > > Currently our applications use Forms authentication (user enters login/password, which is checked against database and verified). What we would like to do is to have all of our web sites use pass-through authentication using Windows Domain Authentication. We have the web sites configured to use Integrated Windows Authentication, however we are not sure how we can use this level of authentication from within our Flex apps. > > What we would like to have happen is something along the lines of: > > 1. User browses to web site (intranet application): http://someapp.ourdomain > 2. The wen site authenticates the user (in IIS) using their logged in Windows user credentials - domain groups will be used to control authorisation levels (read-only, sysadmin, etc). > 3. If the user is authenticated to use the web site, then their group membership is returned to the Flex application (or it looks up the details in Active Directory or equivalent functionality). Ultimately what we would want is: > * User Name (Domain\User) > * Domain Group Membership(s) - Domain group memberships will control access to resources in the Flex application - only members of the application's SysAdmin group will see system admin functions, etc > * Any other relevant details from Windows Active Directory - possibly home folder location (shared folders), etc. > > All this should occur seamlessly without the user having to type user names/passwords. Our ultimate goal is to have single sign-on across the organisation. > > We currently have points 1 and 2 operating, however it is the Flex part that is causing some troubles. Mainly - can we retrieve the Logged In user name from the client (Domain\User) - we only want the name, not the password. We use ColdFusion (v8) as our middleware, so once we have this we can call CFLDAP tags to integrate with Active Directory, the main problem at the moment is getting the client's logged on user name. > > Hoping somebody can help. > > > > Owen West M.SysDev (C.Sturt) MCP MCAD MCSD > Computer Programmer > Applications Development Team > Information Technology & Telecommunications > Hunter New England Health > Ph: (02) 4921 4194 > Fax: (02) 4921 4191 > Email: [EMAIL PROTECTED] >
