cfimpersonate

Description

Lets you impersonate a user defined in a security context that is defined in Advanced Security. ColdFusion Server enforces the privileges and restrictions configured for the user with the Advanced Security rules.

Syntax


<cfimpersonate 

  securityContext = "SecurityContext"

  username = "Name"

  password = "Password"

  type = "CF" or "OS">

  ...

  HTML or CFML code to execute

  ...

</cfimpersonate>

Attributes

Attribute

Description

securityContext
Required. The security context in which to authenticate the user. If the impersonation type is "CF," specify a security context that is defined using the ColdFusion Administrator. If the impersonation type is "OS," specify an NT domain as the security context.

username
Required. The user name of the user to impersonate. You can create a rule within ColdFusion Advanced Security to restrict a user from being impersonated within a security context.

password
Required. The password of the user to impersonate.

type
Required. The type of impersonation. This attribute can have the value "CF" for impersonation at the application level or "OS" for impersonation at the operating system level. OS means that the impersonation is of a user known to the operating system. Currently, this is available only for Windows. When this type is in effect, the operating system automatically performs access control for access to any resources managed by the operating system, such as files and directories. This is fast, since ColdFusion is not doing any extra checking, but is limited because only resources that are protected by the operating system are protected. For example, the operating system cannot check for resource types such as Application or data sources.

Attribute	Description
securityContext	Required. The security context in which to authenticate the user. If the impersonation type is "CF," specify a security context that is defined using the ColdFusion Administrator. If the impersonation type is "OS," specify an NT domain as the security context.
username	Required. The user name of the user to impersonate. You can create a rule within ColdFusion Advanced Security to restrict a user from being impersonated within a security context.
password	Required. The password of the user to impersonate.
type	Required. The type of impersonation. This attribute can have the value "CF" for impersonation at the application level or "OS" for impersonation at the operating system level. OS means that the impersonation is of a user known to the operating system. Currently, this is available only for Windows. When this type is in effect, the operating system automatically performs access control for access to any resources managed by the operating system, such as files and directories. This is fast, since ColdFusion is not doing any extra checking, but is limited because only resources that are protected by the operating system are protected. For example, the operating system cannot check for resource types such as Application or data sources.

Usage

cfimpersonate is typically used to run a block of code in a secure mode. For impersonation of type "CF," there is automatic enforcement of access control of ColdFusion resources such as files, data sources, and collections between the start and end tags of cfimpersonate. If CF type impersonation is turned on, ColdFusion enforces the rules and policies specified for the user in the Advanced Security section of the ColdFusion Administrator. Therefore, there is no need to make multiple isAuthorized calls in the code to protect each resource.

For more information, see Advanced ColdFusion Administration.

Example

<!--- This example shows the use of cfimpersonate to impersonate

a person with the user name Bill and the password BJ4YE.--->

<html>

<head>

  <title>cfimpersonate Example</title>

</head>



<body>

<cfimpersonate securityContext = "testContext"

  username = "Bill" 

  password = "BJ4YE"

  type = "CF">

...

</cfimpersonate>

</body>

</html>