ColdFusion RDS 和 NTLM 集成身份验证问题
我似乎无法实现启用 NTLM 身份验证并仍然使 RDS 工作的神奇组合。 如果我只启用匿名身份验证,RDS 工作正常 - 一旦我在站点范围内启用它,RDS 就会失败(这是预期的)。 这是我所做的:
- 这是Windows XP SP2和ColdFusion 8,Eclipse + Adobe插件
- 在IIS管理器中,右键单击默认网站并选择属性目录
- 安全选项卡,单击编辑按钮进行匿名访问和身份验证控制
- 身份验证方法弹出窗口,取消选中匿名访问,然后选中集成 Windows 身份验证(所有其他选中也为空白)。
- 单击“确定”,然后覆盖所有子站点的设置,以便使用 NTLM 身份验证“保护”整个站点。
- 返回IIS管理器,右键单击CFIDE虚拟目录,选择属性
- 目录安全选项卡,编辑身份验证方法。 取消选中集成 Windows 身份验证并选中匿名访问。 单击“确定”、“确定”并进行测试:
C:\>wget -S -O - http://localhost/CFIDE/administrator/ --2009-01-21 10:11:59-- http://localhost/CFIDE/administrator/ Resolving localhost... 127.0.0.1 Connecting to localhost|127.0.0.1|:80... connected. HTTP request sent, awaiting response... HTTP/1.1 200 OK Server: Microsoft-IIS/5.1 Date: Wed, 21 Jan 2009 17:12:00 GMT X-Powered-By: ASP.NET Set-Cookie: CFID=712;expires=Fri, 14-Jan-2039 17:12:00 GMT;path=/ Set-Cookie: CFTOKEN=17139032;expires=Fri, 14-Jan-2039 17:12:00 GMT;path=/ Set-Cookie: CFAUTHORIZATION_cfadmin=;expires=Mon, 21-Jan-2008 17:12:00 GMT;path=/ Cache-Control: no-cache Content-Type: text/html; charset=UTF-8 Length: unspecified [text/html] Saving to: `STDOUT' ... html output follows ...
到目前为止一切顺利,CFIDE 目录和至少一个子目录似乎无需 NTLM 身份验证即可工作。 因此,我启动 Eclipse 并尝试建立 RDS 连接。 不幸的是我刚刚收到一条拒绝访问的消息。 进一步调查一下,Eclipse 似乎正在尝试与 /CFIDE/main/ide.cfm 进行通信 - 很公平,再次拉出可信的 wget 看看 IIS 正在做什么:
C:\>wget -S -O - http://localhost/CFIDE/main/ide.cfm --2009-01-21 10:16:56-- http://localhost/CFIDE/main/ide.cfm Resolving localhost... 127.0.0.1 Connecting to localhost|127.0.0.1|:80... connected. HTTP request sent, awaiting response... HTTP/1.1 401 Access Denied Server: Microsoft-IIS/5.1 Date: Wed, 21 Jan 2009 17:16:56 GMT WWW-Authenticate: Negotiate WWW-Authenticate: NTLM Content-Length: 4431 Content-Type: text/html Authorization failed.
其他地方已记录的一个潜在的挂起是主要的目录和 ide.cfm 页面实际上并不存在于磁盘上。 IIS 配置为将所有 .cfm 文件移交给 JRun,并且 JRun 配置为将 ide.cfm 映射到 RDS servlet。 为了强制 IIS 变得更加明智,我在磁盘上删除了一个主目录和空的 ide.cfm 文件,希望它能解决身份验证问题,但它没有任何区别。
我可以做的解决方案是将整个站点保留为匿名访问,然后仅启用特定应用程序文件夹以使用 NTLM 集成身份验证,但实际上有数百个可能的 Web 应用程序我必须这样做。 恶心。
请帮忙!!!
I can't seem to get the magic combination of enabling NTLM authentication and still having RDS work. If I leave just anonymous authentication on, RDS works fine - as soon as I enabled it site wide, RDS fails (which is to be expected). Here is what I have done:
- This is Windows XP SP2 and ColdFusion 8, Eclipse + Adobe plugins
- In the IIS Manager, Right click on default web site and choose Properties
- Directory Security tab, click the Edit button for anonymous access and authentication control
- Authentication Methods popup window, uncheck anonymous access, and check Integrated Windows authentication (all other checks blank as well).
- Click OK, OK, and override the settings for all child sites as well such that the entire site is "secured" using NTLM authentication.
- Back in the IIS manager, right click on the CFIDE virtual directory, choose Properties
- Directory security tab, edit the authentication methods. Uncheck Integrated Windows authentication and check anonymous access. Hit OK, OK and test:
C:\>wget -S -O - http://localhost/CFIDE/administrator/ --2009-01-21 10:11:59-- http://localhost/CFIDE/administrator/ Resolving localhost... 127.0.0.1 Connecting to localhost|127.0.0.1|:80... connected. HTTP request sent, awaiting response... HTTP/1.1 200 OK Server: Microsoft-IIS/5.1 Date: Wed, 21 Jan 2009 17:12:00 GMT X-Powered-By: ASP.NET Set-Cookie: CFID=712;expires=Fri, 14-Jan-2039 17:12:00 GMT;path=/ Set-Cookie: CFTOKEN=17139032;expires=Fri, 14-Jan-2039 17:12:00 GMT;path=/ Set-Cookie: CFAUTHORIZATION_cfadmin=;expires=Mon, 21-Jan-2008 17:12:00 GMT;path=/ Cache-Control: no-cache Content-Type: text/html; charset=UTF-8 Length: unspecified [text/html] Saving to: `STDOUT' ... html output follows ...
And so far so good, the CFIDE directory and at least one child directory appear to be working without NTLM authentication. So I fire up Eclipse and try to establish an RDS connection. Unfortunately I just get an Access Denied message. Investigating a bit further it appears that Eclipse is trying to communicate with /CFIDE/main/ide.cfm - fair enough, pull out trusty wget once again see what IIS is doing:
C:\>wget -S -O - http://localhost/CFIDE/main/ide.cfm --2009-01-21 10:16:56-- http://localhost/CFIDE/main/ide.cfm Resolving localhost... 127.0.0.1 Connecting to localhost|127.0.0.1|:80... connected. HTTP request sent, awaiting response... HTTP/1.1 401 Access Denied Server: Microsoft-IIS/5.1 Date: Wed, 21 Jan 2009 17:16:56 GMT WWW-Authenticate: Negotiate WWW-Authenticate: NTLM Content-Length: 4431 Content-Type: text/html Authorization failed.
One potential hang up that has been documented elsewhere is that the main directory and ide.cfm page don't actually exist on disk. IIS is configured to hand off all .cfm files to JRun and JRun is configured to map ide.cfm to the RDS servlet. In an attempt to force IIS to be a bit more sensible, I dropped a main directory and empty ide.cfm file on disk hoping it would solve the authentication issue but it didn't make any difference.
What I can do as a work around is leave the entire site as anonymous access and then just enable the specific application folders to use NTLM integrated authentication, but there are quite literally hundreds of possible web applications I would have to do that for. Yuck.
Please Help!!!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
回答你自己的问题有点奇怪,但我终于解决了。
一旦 CFIDE 和 JRunScripts 启用了匿名访问,RDS 和通过 Eclipse 进行的调试非常有效。
There is something strange about answering your own question, but I did finally get it resolved.
Once both CFIDE and JRunScripts had anonymous access enabled, RDS and debugging through Eclipse worked like a charm.