help with windows user login

i am asked to develop an application similar to a project management tool. there will be a form on the intranet where users will go and check some of the tasks they have completed. since everybody uses their windows login to use their machine, i am asked to retrieve the login information and submit to the page without them entering it manually.
is there a way to get the user login information to a machine by using some cf tags ?
thanks for the help in advance

No, because you have to hook into Active Directory and that's almost impossible because of security issues.
The easiest way to do this is on the server side. Uncheck inherit permissions, pull "Everyone" off read permission on the files you want protected and then manually put the people you want back on with read permission.

Hope that helps.

The only way this might work is if you use IIS as the web server and enable NTLM authentication. But even then I think it still asks you to log in. Beyond that you could look into using .NET passport or something similar.

Actually, you might be able to get the user name of the logged in user with #cgi.auth_user#. Of course you can't get their password this way, but at least you know that Windows user account was logged in and you could go from there.

Another approach alltogether would be to force them to log in once, but then set a cookie that lets the application "remember" them for future visits.

thanks a lot guys. unfortunately, there won't be any login to the form. ideally, the user turns on his/her pc, logs into the Windows OS, launches the IE, locates the form, checks the checkbox next to his/her division and then hits submit. we do have IIS as the web server
but i am not sure what 'enable NTLM authentication' means.
i think they want to keep track of who is working hard in certain divisions. that's why they don't want to display a seperate login page instead go with the windows OS user login. so, what i understand so far is it's impossible to get the windows login. am i correct?

Correct, I don't think it's possible. Note that it's not possible with ANY applicaiton server, this isn't specific to CF.

The best you could hope for would be a system where they only log in one time - ever - and then a permanent cookie is placed in their browser that allows them to get into the app without having to log in and keep track of who they are that way.

thank u sir!

Assuming that your users are logging into a server you can use a batch program to create a file to verify login. Then use ColdFusion to read the file.

Create a file somewhere on your server (IE logins.txt).
Give users write permissions to that file.

Then run a batch program with the following commands:

ipconfig|find "IP Address">>drive:\path\logins.txt
echo %USERNAME%">>drive:\path\logins.txt

With ColdFustion, use CGI.REMOTE_ADDR to get the workstation IP and cffile to read the file, find the IP and get the username.

With a little more batch file work, you can even create a file with the workstation IP as the name so parsing ligins.txt is not required.

If this solution will not work for you or you need additional info, please email me.

The only problem with that is that it requires that people always connect from the same computer (with the same IP address). It also isn't really authentication because anyone else using the computer or spoofing the IP address would be granted access as if they were the real user. This may or may not be a concern depending on the app and on the environment. In a DHCP environment, for example, this wouldn't work.

If you want to take this route you don't even have to parse a text file if you don't want to, you could store the IP addresses and the corresponding users in a database and query it when people access the application.