Hi, I have found a way to do this - I have wrapped the Flex page in a CFM page (just changed the standard wrapper html page's extension to cfm) and then passed in the CGI.REMOTE_USER variable value as a flahvar into the Flex application.
Inside the Flex app I then parse the value to determine the domain (we have several possible domains that a user can be a member of) and the User Name. I then use these to call a CFC which does an CFLDAP query to the AD domain controller to retrieve the user's details. Thanks for all of the advice, it was most helpful. --- In flexcoders@yahoogroups.com, "Eric Fickes" <[EMAIL PROTECTED]> wrote: > > Flex will need to call a server side script that returns it to you. I > haven't done this in CF in a long time, but I know it's possible to get. > > I'd start by looking at these CF tags > > cfNTauthenticate > http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=Tags_m > -o_07.html > > GetAuthUser > http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=functi > ons_e-g_28.html#4046631 > > Good luck. > > EF > > ________________________________ > > From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On > Behalf Of Owen West > Sent: Tuesday, June 24, 2008 4:58 PM > To: flexcoders@yahoogroups.com > Subject: [flexcoders] Flex Web Sites Using Windows Authentication > > > > Hi all, > > Hoping somebody can provide some assistance... > > In our organisation we are starting to deploy web-based applications > built using Flex to our corporate intranet. We are a Microsoft shop and > use Windows Server 2003 and IIS for all web site hosting. > > Currently our applications use Forms authentication (user enters > login/password, which is checked against database and verified). What we > would like to do is to have all of our web sites use pass-through > authentication using Windows Domain Authentication. We have the web > sites configured to use Integrated Windows Authentication, however we > are not sure how we can use this level of authentication from within our > Flex apps. > > What we would like to have happen is something along the lines of: > > 1. User browses to web site (intranet application): > http://someapp.ourdomain <http://someapp.ourdomain> > 2. The wen site authenticates the user (in IIS) using their logged in > Windows user credentials - domain groups will be used to control > authorisation levels (read-only, sysadmin, etc). > 3. If the user is authenticated to use the web site, then their group > membership is returned to the Flex application (or it looks up the > details in Active Directory or equivalent functionality). Ultimately > what we would want is: > * User Name (Domain\User) > * Domain Group Membership(s) - Domain group memberships will > control access to resources in the Flex application - only members of > the application's SysAdmin group will see system admin functions, etc > * Any other relevant details from Windows Active Directory - > possibly home folder location (shared folders), etc. > > All this should occur seamlessly without the user having to type user > names/passwords. Our ultimate goal is to have single sign-on across the > organisation. > > We currently have points 1 and 2 operating, however it is the Flex part > that is causing some troubles. Mainly - can we retrieve the Logged In > user name from the client (Domain\User) - we only want the name, not the > password. We use ColdFusion (v8) as our middleware, so once we have this > we can call CFLDAP tags to integrate with Active Directory, the main > problem at the moment is getting the client's logged on user name. > > Hoping somebody can help. > > > > Owen West M.SysDev (C.Sturt) MCP MCAD MCSD > Computer Programmer > Applications Development Team > Information Technology & Telecommunications > Hunter New England Health > Ph: (02) 4921 4194 > Fax: (02) 4921 4191 > Email: [EMAIL PROTECTED] >
