Developing Web Applications with ColdFusion
|
|
Chapter 17 : Application Security
|
Using the CFAUTHENTICATE tag
The CFAUTHENTICATE tag has several required attributes:
- SECURITYCONTEXT-- Describes which security context to use for authentication and authorization. This name matches the security context as defined in the Advanced Security page of the ColdFusion Administrator.
- USERNAME -- The username required to access the protected resources.
- PASSWORD -- The password required to access the protected resources.
The USERNAME and PASSWORD are usually variables passed in a cookie from form fields on a secure login page for the current session.
In addition, CFAUTHENTICATE has two optional attributes:
- SETCOOKIE -- Indicates whether ColdFusion sets a cookie to contain authentication information. This cookie is encrypted and includes the user name, security context, browser remote address, and the http user agent. Default is Yes.
- THROWONFAILURE -- Indicates whether ColdFusion throws an exception of type Security if authentication fails. Default is Yes.
Example
<CFAUTHENTICATE SECURITYCONTEXT="SecurityContextName"
USERNAME=#userID#
PASSWORD=#pwd#>
If the user has not already been defined in the system, ColdFusion throws a SECURITY exception. You can either reject access to the resource or re-route the user to a login page. For example, you can display a login form and then, if the user logs in successfully, display the originally-requested page.
Go to the section "Example of User Authentication and Authorization" to see a longer code example.
Copyright © 1999, Allaire Corporation. All rights reserved.
|
|