This is on a ColdFusion 10 install on Windows 2008 R2 with IIS 7.5. We have an additional authentication module, Cosign, installed for single sign-on.
If I make a request for https://[servername]/test/ and dump the CGI variables, cgi.auth_type is set to Cosign and cgi.auth_user and cgi.remote_user are both set to my username.
If I make a request for https://[servername]/test/index.cfm and dump the CGI variables, cgi.auth_type, cgi.auth_user, and cgi.remote_user are all set to [empty string].
Some of the things we've tried (largely based on the posts Coldfusion 10 with IIS 7 Windows authenticaiton and cgi.auth_user not staying set):
- Moving the Cosign module to the top of the modules list in IIS
- Enabling Windows auth at the server level in IIS (index.cfm then required additional authorization beyond Cosign)
- Enabling Windows auth at the directory level in IIS (no change--remote_user not populated)
- Disabling Anonymous auth at the server level in IIS (index.cfm then returned a 401 Unauthorized message)
It's strange because the cgi.script_name value is set to /test/index.cfm in both cases, but the credentials are passed for /test/ and not /test/index.cfm.
It's a longshot that anyone here is using Cosign, but just wondering if anyone has other ideas for what might be causing this.