Once you've used CFAUTHENTICATE to check if the user is defined for a particular security context, you can use the following security functions throughout your applications any time you need to authenticate or authorize a user:
The IsAuthenticated function checks whether a CFAUTHENTICATE tag has been successfully executed for the current request. If not, it looks for the CFAUTH cookie to determine if the user is authenticated or not. If you don't set a CFAUTH cookie with CFAUTHENTICATE, you must call CFAUTHENTICATE for every request in the application.
The IsAuthenticated function returns TRUE if the user has been authenticated for the current request; otherwise, it returns FALSE.
If you enter an optional security context parameter for IsAuthenticated, then it returns true if the user is authenticated in the named security context; otherwise it returns false.
IsAuthenticated("security_context_name")
Once a user is authenticated, you can use the IsAuthorized function to check which resources the user is allowed to access. You define d authorization levels when you create security policies on the Advanced Security page of the ColdFusion Administrator.
IsAuthorized returns TRUE if the user is authorized to perform the specified action on the specified ColdFusion resource. IsAuthorized takes three parameters:
IsAuthorized(ResourceType, ResourceName, [ResourceAction])
For example, to check whether the authenticated user is authorized to update a data source resource called orders, use this syntax:
IsAuthorized("Datasource", "orders", "update")
In this example, the IsAuthorized function returns TRUE if the user is authorized for the named Datasource, or if the Datasource is not protected in the security context.
Note | The ColdFusion server does not check user authorization unless a developer specifically requests it with the IsAuthorized function. It is up to the developer to decide what action to take based on the results of the IsAuthorized call. |