I use LDAP to authenticate users on my app.
<cftry>
<cfldap action="query"
name ="qryAuth"
attributes="cn,displayname,mail"
start ="DC=corp,DC=com"
server ="#LDAPserver#"
filter = "(cn=#arguments.EID#)"
username ="corp\#arguments.EID#"
password ="#arguments.password#">
<cfset this.addlog(arguments.EID, "Success on #LDAPserver#")>
<cfreturn true>
<cfcatch>
<cfset this.addlog(arguments.EID, "#cfcatch.message# on #LDAPserver#")>
<cfif cfcatch.message CONTAINS "error code 49">
Error code 49 is when a user enters a bad password. Every time this is ran an error is logged. Is there a way to check for passwords via LDAP without using try/catch?
Write a pre-parse plugin that performs the BIND before the server performs the operation and sets a well-known condition indicating he BIND would have failed. Professional-quality LDAP server provide the described functionality out of the box.
Related
I’m just trying to get something up and running in Amazon MWS with Coldfusion. Here is the code I’m using… super simple. When I replace the querystring part with an exact query string from the Amazon MWS scratchpad webpage, I get the EXACT same signature… so I know my signature code is working. But despite that, the only response I ever get from amazon is “The request signature we calculated does not match the signature you provided.” So I’m just thinking it's somehow in the way I’m sending it rather than the actual signature. I’ve tried a ton of different things and spent so much time, but I never get any other response even though I can get the signature to exactly match that of an example run on scratchpad.
Here is my code with obviously the relevant private data as variables that I have filled in in my actual code: (note I have to add 5 hours to my server’s time to make amazon happy with the request time so you might have to change that)
<CFSET nowtime = DateAdd(‘h’, 5, Now())>
<CFSET awsaccesskey = “”>
<CFSET sellerid = “”>
<CFSET secretkey = “”>
<CFSET mwsaccess = “”>
<CFSET queryString = “AWSAccessKeyId=#awsaccesskey#&Action=ListAllFulfillmentOrders&MWSAuthToken=#mwsaccess#&QueryStartDateTime=2020-04-12T04%3A00%3A00Z&SellerId=#sellerid#&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=#dateFormat(nowtime, ‘yyyy-mm-dd’)#T#encodeForURL(timeFormat(nowtime, ‘HH:mm:ss’))#Z&Version=2010-10-01”>
<CFSET signaturestring = “POST#chr(10)#mws.amazonservices.com#chr(10)#/FulfillmentOutboundShipment/2010-10-01#chr(10)##listSort(queryString, ‘text’, ‘asc’, ‘&’)#”>
<CFSET signature = encodeForURL(toBase64(binaryDecode(hmac(signaturestring, “#secretkey#”, “HmacSHA256”, “UTF-8”), “hex”)))>
<CFHTTP method=“POST” url=“https://mws.amazonservices.com/FulfillmentOutboundShipment/2010-10-01/?#queryString#&Signature=#signature#” >
<cfhttpparam type=“Header” name=“Content-Type” value=“application/x-www-form-urlencoded; charset=utf-8”/>
<cfhttpparam type=“Header” name=“x-amazon-user-agent” value=“Whatever/test (Language=Coldfusion)”/>
</CFHTTP>
<CFDUMP var="#CFHTTP.FileContent#" />
It’s a super simple request… but I just can’t get anywhere with it. Any help would be appreciated.
sigh. A guy on the Amazon forums figured it out for me. His handle is Autonomoose. Anyway, I have a / in the CFHTTP post line. this one:
<CFHTTP method=“POST” url=“https://mws.amazonservices.com/FulfillmentOutboundShipment/2010-10-01/?#queryString#&Signature=#signature#” >
Where it says 2010-10-01/?... That / there. Delete it and the whole thing works.
I am trying to download the subject of all new mails. The mails are stored in an office365 mail account. So far i have the following:
<cfimap
action ="OPEN"
connection = "Test"
password = "xxxx"
port = "993"
secure = "yes"
server = "outlook.office365.com"
stoponerror = "true"
timeout = "10"
username = "xxxx">
<cfimap
action="getHeaderOnly"
folder="Inbox"
connection="Test"
name="getHeaders"
>
<Cfdump var=#getHeaders#>
<cfimap action="close" connection = "Test">
This is ridiculously slow (several minutes). In my situation I only need to download the subject line of all new mails. I do not need anything else. Any thoughts on how to speed up things.
Update
Came up with an alternative solution. See Convert java code to coldfusion code for an alternative to the cfimap tag.
We have a website integrated with ADFS 3 for authentication. Website allows users to change their usernames, which in turn changes their usernames in AD. If users changes their usernames we log them out using WSFederationAuthenticationModule.FederatedSignOut. However the page redirects to adfs url and throws an error. The event log shows that "either username or password is wrong".
MSIS7066: Authentication failed for the request. ---> System.Security.SecurityException: The user name or password is incorrect.
I wonder it is because of user name change. I tried with both lsalookupcachemaxsize set to 0 in registry and without the key. By the way does ADFS 3 even consider this registry key?
The code used is below -
FormsAuthentication.SignOut();
FederatedAuthentication.SessionAuthenticationModule.SignOut();
FederatedAuthentication.SessionAuthenticationModule.DeleteSessionTokenCookie();
FederatedAuthentication.WSFederationAuthenticationModule.SignOut(false);
Response.Expires = 0;
Session.Abandon();
var authenticationModule = FederatedAuthentication.WSFederationAuthenticationModule;
WSFederationAuthenticationModule.FederatedSignOut(new Uri(authenticationModule.Issuer), new Uri(authenticationModule.Realm));
My user comes from a 3rd party site via http post with login credentials encrypted in the URL.
Once the index.cfm recognizes these variables, it sends the request to:
<cflocation url="login.cfm?vals=#URLEncodedFormat(url.vals)#" addtoken="yes">
The login.cfm builds a session struct if the login credentials are valid.
Session.user.userID = 1;
Session.user.firstName = "jo";
Session.user.lastName = "boo";
Then, it does:
<cflocation url="somepage.cfm" addtoken="yes">
When I dump the session variable in somepage.cfm, I do not see the session.user struct. Also, I keep seeing different cfid, cftoken on somepage.cfm every single I refresh. I am on ColdFusion 10.
Any ideas? How can I keep the session.user?
Edit: application.cfc has
this.name = "My Application";
this.applicationTimeout = createTimeSpan(0,2,0,0);
this.clientManagement = true;
this.loginStorage = "session";
this.sessionManagement = true;
this.sessionTimeout = createTimeSpan(0,0,30,0);
this.setClientCookies = true;
this.setDomainCookies = false;
this.scriptProtect = "all";
this.javaSettings = {LoadPaths = ["#GetDirectoryFromPath(GetCurrentTemplatePath())#java/"], reloadOnChange=true, watchInterval=180};
EDIT: here are the files
http://1drv.ms/1kjnQO2
Unzip them to your C:\ColdFusion10\cfusion\wwwroot\
then go to :
http://localhost:8500/test/call.cfm
EDIT: 19:00 - 10Jun:
Wow, this really sucked! Came home, downloaded the zip, opened it up to localhost. When I run, I can see the session.user variables from call.cfm.
<cfdump var="#server#">
gives me:
coldfusion
struct
InstallKit Native Windows
appserver J2EE
expiration {ts '2012-10-30 10:35:35'}
productlevel Developer
productname ColdFusion Server
productversion 10,0,0,283111
rootdir C:\ColdFusion10\cfusion
I am not sure if this has something to do with the CF server version.
UPDATE: 09:00 11-Jun.
Once I disable "Use J2EE session variables " in CFAdmin, the session variables are visible to call.cfm. Now, I have to make it work with J2EE session variables when they are enabled.
I want to login with gmail/google account and I found this tutorial Gmail Login in Coldfusion. I done All the steps and After login my page redirect then I want to display user Profile information so I dump this
<cfdump var="#session.profilesArray#">
but it gives me an empty array.why I am not getting my profile data after successfully lo-gin.
If I am getting wrong way for fetching my profile then what is correct way. Thanks.
You just add this line into your scope
Open your Application.cfc and then add this code
change scope = "https://www.googleapis.com/auth/analytics.readonly" with scope = "https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile
you can just add scope = "https://www.googleapis.com/auth/userinfo.profile but if u want to access email then add second one as I Post in my answer.
<cfset request.oauthSettings =
{scope = "https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile",
client_id = "Your-id",
client_secret = "your-secret",
redirect_uri = "redirect-page",
state = "optional"} />
Now you can get User Information from function that you can call like this
<cfscript>
public function getProfile(accesstoken) {
var h = new com.adobe.coldfusion.http();
h.setURL("https://www.googleapis.com/oauth2/v1/userinfo");
h.setMethod("get");
h.addParam(type="header",name="Authorization",value="OAuth #accesstoken#");
h.addParam(type="header",name="GData-Version",value="3");
h.setResolveURL(true);
var result = h.send().getPrefix();
return deserializeJSON(result.filecontent.toString());
}
</cfscript>
<cfoutput>
<cfset show = getProfile(session.ga_accessToken)>
<cfdump var="#show#">
</cfoutput>
Hope this will help you.