tracker issue : CF-3035879

select a category, or use search below
(searches all categories and all time range)
Title:

Bug 72751:Support for NTLM (Microsoft) and Digest Authentication on all CF HTTP operations

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/

Reporter/Name(from Bugbase): Ben Davies / Ben Davies (Ben Davies)

Created: 08/20/2008

Components: Security, General

Versions: 9.0

Failure Type: Unspecified

Found In Build/Fixed In Build: 0000 / 287502

Priority/Frequency: Major / All users will encounter

Locale/System: English / Win All

Vote Count: 45

Problem:

Support for NTLM (Microsoft) and Digest Authentication on all CF HTTP operations.

I would like all CF HTTP requests to be NTLM and Digest security capable. This is a serious issue that is very restrictive in Microsoft environments. The issue is not confined to CFHTTP but also any CF feature making use of the HTTP requests.

A limited list of features impacted by the lack of NTLM / digest support.


    * cfhttp
    * Scheduled Tasks
    * System Probes
    * Cfinvoke for webservices
    * cfexchange
    * cffeed
    * and now cfsharepoint



Can we resolve this? Each release I know I keep asking for it. Sometimes it is not possible to downgrade security on the HTTP resource since it is out of your control, not advisable to do so because of security reasons or when you do a complete pain because you are ’coupling’ the configuration of an external or internal service to the specific requirement.

I would really love this to be fixed so no one can say that CF does not work well in secure or microsoft environments.

This is discussed in forum thread: 
https://prerelease.adobe.com/project/forum/thread.html?cap=87529bda13744b3db718e841890b9240&forid={267A8BEA-8D25-435C-A533-6C830DD686CA}&topid={480C273B-9934-450A-8EB1-48A386F2CD44}


Method:


Result:

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3035879

External Customer Info:
External Company:  
External Customer Name: Ben Davies
External Customer Email: 447227C844C7765A992015A8
External Test Config: 08/20/2008

Attachments:

Comments:

I'm in a government environment; this bug makes the cfsharepoint tag almost entirely useless. Please fix this one.
Vote by External U.
24803 | November 10, 2011 10:39:52 AM GMT
Ok, I fear that this <cfsharepoint /> tag will become a joke, if it only supports Basic Authentication. I guess it's ok to keep it in the language, for the very few of us that will be able to use it :) But seriously, this *really* needs to support Integrated Auth.
Vote by External U.
24804 | November 10, 2011 10:39:53 AM GMT
Agreed. This should be done. +1 vote.
Vote by External U.
24805 | November 10, 2011 10:39:54 AM GMT
this is needed for enterprise and corporate environments.
Vote by External U.
24806 | November 10, 2011 10:39:55 AM GMT
Just another frustrated developer adding my vote. This tag is meaningless for us until it does more than basic authentication.
Vote by External U.
24807 | November 10, 2011 10:39:56 AM GMT
Extremely disturbing that this has been advertised and then released as what amounts to a useless implementation. ...there are no words to describe the frustration. This failure when combined with ColdFusion not supporting WS-Security Username Token Profile with web services has forced me, at least for this project, to revert to the programming language of a previous life, C#.NET.
Vote by External U.
24808 | November 10, 2011 10:39:57 AM GMT
Ageed. This should be done. +1 vote. -- Adam
Vote by External U.
24809 | November 10, 2011 10:39:58 AM GMT
Most CF developers won't be able to access Sharepoint installations if only basic authentication is supported. That's simply off the table in most (if not all) shops. Sending passwords in the clear is simply not acceptable. This makes the value of the new <cfsharepoint> work nil, which is sad, because a whole lot of people would like to develop using Sharepoint services.
Vote by External U.
24810 | November 10, 2011 10:39:58 AM GMT
Please allow NTLM authentication in the cfsharepoint tag!
Vote by External U.
24811 | November 10, 2011 10:39:59 AM GMT
This bug has been voted..
Vote by External U.
24812 | November 10, 2011 10:40:00 AM GMT
This bug has been voted..
Vote by External U.
24813 | November 10, 2011 10:40:01 AM GMT
This bug has been voted..
Vote by External U.
24814 | November 10, 2011 10:40:02 AM GMT
I totally agree... CF without NTLM Auth is pointless.
Vote by External U.
24815 | November 10, 2011 10:40:03 AM GMT
THIS IS A MUST! IS ANYONE AT ADOBE LISTENING?
Vote by External U.
24816 | November 10, 2011 10:40:04 AM GMT
I'd like to see one enterprise shop out there running sharepoint with basic authentication.
Vote by External U.
24817 | November 10, 2011 10:40:05 AM GMT
Ran into this again today. The intended target IIS server is not within our jurisdiction, so the project came to an abrupt halt.
Vote by External U.
24818 | November 10, 2011 10:40:06 AM GMT
I agree with all the comments, without support for NTLM and Digest Authentication the <cfsharepoint> tag is useless. I was actually really excited when I saw the <cfsharepoint> tag because it gave me a reason to convince my supervisor to keep CF around. Having this working will be really helpful, we will be able to keep our current CF apps and integrate them with Sharepoint
Vote by External U.
24819 | November 10, 2011 10:40:07 AM GMT
As my enterprise's Information Architect and director of our SharePoint 2010 based ECM project (as well as a 4-year ColdFusion veteran), I can almost sell ColdFusion Enterprise to my superiors for RAD within our integrated invironment, save this point that cfsharepoint uses basic authentication.
Vote by External U.
24820 | November 10, 2011 10:40:08 AM GMT
This bug has been voted..
Vote by External U.
24821 | November 10, 2011 10:40:09 AM GMT
This bug has been voted..
Vote by External U.
24822 | November 10, 2011 10:40:10 AM GMT
+1 from me. Spent many years having to (regretably) relax security on particular folders because cfhttp and other tags do not support NTLM/Negotiate. I don't use sharepoint but I can undestand how this would be a pain in an environment that you may not have control of.
Vote by External U.
24823 | November 10, 2011 10:40:11 AM GMT
Really? Honestly? We purchased CF9 because we were told that we could access SharePoint with it now. Does Bill Clinton work in your marketing department? Because that's a half-truth. It does work in a VERY insecure environment, but in the real world without NTLM we have NO use for the cfsharepoint tag now until this is fixed. This needs to be resolved and QUICKLY because many government installations I know of using CF are getting ready to jump ship because of the need to integrate with other systems like SP. Go ahead and tell the government that you can do it as long as you send your password in open text. Hello? Isn't that like building the coolest car and forgetting to put in an ignition? No more excuses of "legal" reasons - there are all KINDS of products that do it already. Open source it if you need to, to resolve the legal aspect of it. We need to catch up before its too late!!!!
Vote by External U.
24824 | November 10, 2011 10:40:12 AM GMT
This bug has been voted..
Vote by External U.
24825 | November 10, 2011 10:40:13 AM GMT
ColdFusion's need to suport NTLM authenication be promopted from our development enviroment into production. I can allow basic authenication on my public face sites and application.
Vote by External U.
24826 | November 10, 2011 10:40:14 AM GMT
This bug has been voted..
Vote by External U.
24827 | November 10, 2011 10:40:16 AM GMT
I think this is paramount in order to use the sharepoint integration and other security measures to supply NTLM authentication.
Vote by External U.
24828 | November 10, 2011 10:40:17 AM GMT
This bug has been voted..
Vote by External U.
24829 | November 10, 2011 10:40:18 AM GMT
This bug has been voted..
Vote by External U.
24830 | November 10, 2011 10:40:19 AM GMT
This is an absolute must for the cfsharepoint tag!
Vote by External U.
24831 | November 10, 2011 10:40:20 AM GMT
cfsharepoint without NTLM authentication means the tag if partially complete. Please create hot-fix
Vote by External U.
24832 | November 10, 2011 10:40:22 AM GMT
This bug has been voted..
Vote by External U.
24833 | November 10, 2011 10:40:23 AM GMT
Any progress or thoughs ? It's not 1995 anymore. Our Exchange guy is unlikely to let us send the password and username of an account that can do anything to Exchange/Sharepoint across the network in clear text (i.e. 'basic'). This can't be uncommon, and is likely to seriously curtail the use of cfsharepoint for many people, as well as drop off the usefulness of other things like cfhttp as more and more systems move to more secure defaults. Often these system can not be de-secured just for ColdFusion.
Vote by External U.
24834 | November 10, 2011 10:40:24 AM GMT
What Brian said. I might be able to get this enabled in test, but in the 'real world' ? No chance.
Vote by External U.
24835 | November 10, 2011 10:40:26 AM GMT
Agreed with all. We need this fixed b/c we would like to use the cfsharepoint tag with SharePoint 2010. Please fix.
Vote by External U.
24836 | November 10, 2011 10:40:27 AM GMT
Can't use cfsharepoint without this.
Vote by External U.
24837 | March 21, 2012 11:04:16 AM GMT
This is one that really should be implemented. Also now running into the need for this. NTLM support needs to work across ALL PLATFORMS, not just Windows.
Vote by External U.
24838 | March 24, 2013 05:58:30 PM GMT
NTLM is an IT requirement in my company. CFSharepoint is completly worthless without a Fix.
Vote by External U.
24839 | July 31, 2013 10:53:09 AM GMT
Adobe actually need to start *completing* solutions, not simply releasing things that are basically proofs of concepts (which is basically the current state of affairs with this stuff). MUST be fixed, IMO -- Adam
Vote by External U.
24840 | July 31, 2013 05:26:41 PM GMT
This is a must fix if CF is supposed to be the "glue" that ties systems together. We unfortunately have to integrate with Microsoft products (namely Dynamics NAV) and it pains me to have to write all of that stuff in c#.
Vote by External U.
24841 | August 13, 2013 12:04:08 PM GMT
wow .. 5 years old and counting
Comment by External U.
24801 | August 13, 2013 04:10:35 PM GMT
CF is starting to be looked on in my organization as a security risk. either it gets fixed or we'll be looking to other technology platforms.
Vote by External U.
24842 | August 13, 2013 04:13:57 PM GMT
Absolutely needed. I had just started a project to integrate a mobile app with Sharepoint and was going to use CF's Sharepoint tags to integrate. Unfortunately, Basic Auth is not allowed so it makes using these tags pointless. Lots of other services are going this way as well (DIgest Authentication) and CF needs to catch up with modern security practices.
Vote by External U.
24843 | August 14, 2013 09:38:54 AM GMT
Company is migrating towards Sharepoint integration, we need this functionality for Cf to remain viable.
Vote by External U.
24844 | August 14, 2013 10:27:47 AM GMT
Having to handcode all the digest stuff just seems like one of the things CF should do... in comparison to the things it does do, that it shouldn't :) Vote it up.
Vote by External U.
24845 | August 14, 2013 10:29:53 AM GMT
NTLM is an IT requirement on the secure .gov network I am on.
Vote by External U.
24846 | August 14, 2013 11:56:33 AM GMT
This is a needed feature... all HTTP operations (especially SharePoint) are useless in the real world without properly authentication support.
Vote by External U.
24847 | October 24, 2013 06:11:08 PM GMT
Support for NTLM is added now.. Digest Authentication will be supported in the next CF Version (Comment added from ex-user id:yrr)
Comment by Adobe D.
24802 | April 14, 2014 01:54:04 AM GMT