User security allows ColdFusion developers to authenticate users and match protected resources with authorized users. You can access all the functions required to implement user security on the Advanced Security page.
To implement User Security:
Specify security server settings. For details, see Configure Advanced Security.
Define user directories to authenticate against an NT domain, an LDAP directory, or an ODBC data source. For details, see Connect user directories.
Create a security context for the application. For details, see Register security contexts.
Specify individual resources to protect and set up policies that match secured resources with authorized users and groups. For details, see Secure resources.
After the security framework is in place, developers use the CFAUTHENTICATE tag in individual application pages (or the Application.cfm file) to authenticate users.
The IsAuthenticated and IsAuthorized functions enable developers to offer or deny access based on the established security policies.
Note: Any security components you configure in the ColdFusion Administrator do not take effect until developers enforce the contexts in their applications.