Reputation: 5598
IIS/Coldfusion: authentication request on anonymous content
We have an admin site that requires authentication for access. The pages on the site are wrapped in a Coldfusion custom tag, which includes all the styles and JS, as well as a few other pieces of info.
I recently made a copy of the custom tag wrapper. I put the copy in the same directory as the original (which is mapped through the Coldfusion administrator), and renamed the file. I added a few css/js includes in the new custom tag. And I changed the custom tag used in the site from the old one to this new one.
Now when non-admin users go to the site - the same users who had access to the site before and who had no problems when the site had the old custom tag wrapper - they are being asked to login multiple times. They can hit cancel, and some of the CSS styles do not render, but the rest of the page shows up fine.
I automatically assumed the problem was in one of the new CSS or JS files I added to the new custom tag. But, I checked each of these files individually in IIS, and they all have anonymous access turned on. Even removing them from the custom tag doesn't change the fact that the users are being asked to login (typically 3 times every time they go to a page).
Anonymous access is turned on for all the existing CSS and JS files. I checked every one of the files individually (not just at the directory level, which also is set to anonymous access). Could the new custom tag itself have something to do with it. The custom tag is mapped through ColdFusion Administrator, so I'm not sure how I would check it's IIS authentication settings... it doesn't show up there as part of the site.
Anything else I can check???
Upvotes: 3
Views: 519
Answers (1)
Reputation: 9857
This all sounds like a IIS auth issue and not a coldfusion one. If the tag mappings were incorrect you would have a coldfusion error saying the custom tag was not found.
If you have copied files then you will require at least the IUSR to be added to that file or no one will have access.
"IUSR_ComputerName user account is for anonymous access to IIS. By default, when a user accesses a Web site that uses Anonymous authentication, that user is mapped to the IUSR_ComputerName account."
Double check the website entry within IIS also for the 32 bit or 64 bit option is correct for your instance of coldfusion (if you have a 64x box you may have a 32bit instance of coldfusion) and therefore need to set this to 32bit - This has caused permissions related issues for me when Windows based auth & anon auth have been both switched on.
Upvotes: 1
Related Questions
- coldfusion 2016 cfhttp call to authorize.net returning connection failure
- ColdFusion RESTful web service
- asp.net sql authentication in coldfusion
- Getting Basic Authentication to work with ColdFusion
- Cannot authenticate against Windows domain using ColdFusion 10, IIS 7.5, LDAP
- What are the proper permissions for ColdFusion 9 on IIS 7.5 with Windows Authentication
- Coldfusion Cross site authentication
- Make ColdFusion accept ASP.NET credentials
- Unauthorized Sharepoint WSDL from ColdFusion 8
- single sign on coldfusion and .net