1

I'm trying to setup Forms Based Authentication in IIS 7.5 with ColdFusion 10. It's somewhat working but not prompting for ColdFusion pages. Yes, I did enable the Integrated Pipeline to force auth on all files. Then, I disabled auth on the two ColdFusion Virtual Directories. Not doing so caused a redirect to /jakarta/isapi_redirect.dll instead of the real/calling page.

So the interesting thing is that ColdFusion files (.cfm .cfc) seem to get past the authentication because they are processed by the un-authenticated Virtual Directories.?. (even though the requested page is still the called page..)

Any thoughts would be appreciated. Thanks!

Improve this question

2 Answers 2

Reset to default
0

Well, I've found a workaround but I'm not sure it is the right/best solution. Basically disable Anonymous Authentication EXCEPT for the ColdFusion Virtual Directories and the folder that contains the login page. Open to any other ideas anyone might have.

Now, to get Forms Based Authentication using ColdFusion with .NET objects... :)

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I found that the FormAuthentication iis module was not being called for isapi_redirect.dll(jakarta pages) probably because of the precondition preCondition="managedHandler" that's default on FormAuthentication module. Adding 

<modules runAllManagedModulesForAllRequests="true" >;

in web.config allowed things to work as intended.

Enabling Trace Logging for Failed Requests were indispensable in figuring this out. This was with win2016/cf2016/iis10.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.