Reed, my experience with Advanced Security is not very positive and I think your point re Neo and it's Siteminders apparent none use is a good one. I know that someone re-wrote these facilities for Advanced Security for Spectra in a non-Siteminder environment the URL of the current Spectra open source project is http://spectrasource.macromedia.com/information.cfm you might find something there.
As an alternative and if you use Fusebox there are a couple of tags I have used (app_secure and app_logon.cfm) that work really well in Fusebox. Hope this helps. Mike Brunt Sempra Energy 213.244.5226 "My software never has bugs. It just develops random features." -----Original Message----- From: Reed Powell [mailto:[EMAIL PROTECTED]] Sent: Monday, December 10, 2001 5:41 AM To: CF-Talk Subject: Setting up Advanced Security on Win2K The server that's been hosting my intranet site is finally moving from NT40/WebsitePro to Win2k/IIS. For user authentication against the NT domain, I've been using the Intranet Hosting Toolkit's CFX_USERS function, which has worked flawlessly. However, in testing on the new Win2k/IIS server, I cannot get it to work at all, and the software is now what its author refers to as "abandonware," so it's probably a good idea to move on to something with support. It looks like Advanced Security is the ticket, now that I have more control politically over how the server is being setup and configured. I don't really need all the policy capabilities that come with Advanced Security, just to be able to use <CFAUTHORIZE> to get a yes/no on a specific username/password combination from the NT domain. I've read everything I can find, including notes from both DevCon2000 and DevCon2001, and it doesn't look too hard to setup. The Allaire docs talk about being able to use an Access database for storing the policy data, which is good because we are not (yet) running SQL server (that's another dream for another day and another server). Which is also where the problems start. When I start configuring Advanced Security, the first thing that the Wizard wants is the info on the SQL database that has already been created. No options I can find for using an Access database. How do I do this? I noticed a note in the Allaire docs about problems with SiteMinder and the use of an Access database for the Advanced Security policies. What I cannot find much written on is just when in the scheme of things SiteMinder gets involved. If all I do is to setup a single policy on a single (dummy) resource, so that I can use CFAUTHORIZE as mentioned above, does SiteMinder get involved? Can I eliminate the involvement of SiteMinder completely (since it is going away in Neo anyway, why start using it now?!)? thanks everyone! -reed FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists