| Developing ColdFusion Applications |
|
|
Application Security |
|
| Developing ColdFusion Applications |
|
|
Application Security |
|
The cfauthenticate tag has several required attributes:
securityContext Describes which security context to use for authentication and authorization. This name matches the security context as defined on the Advanced Security page of the ColdFusion Administrator.
username The user name required to access the protected resources.password The password required to access the protected resources.
You usually set the username and password attributes using variables that are passed in a cookie from form fields on a secure login page for the current session.
In addition, cfauthenticate has two optional attributes:
setCookie Indicates whether ColdFusion sets a cookie to contain authentication information. This cookie is encrypted and includes the user name, security context, browser remote address, and the HTTP user agent. Default is Yes.
throwOnFailure Indicates whether ColdFusion throws an exception of type Security if authentication fails. Default is Yes.<cfauthenticate securitycontext="MyAppSecurityContextName"
username=#userID#
password=#pwd#>
If the user is not already defined in the system, ColdFusion throws a Security exception. You can either reject access to the resource or reroute the user to a login page. For example, you can display a login form and then, if the user logs in successfully, display the originally requested page.
For a longer code example, see "Example of User Authentication and Authorization".
| Copyright © 2001, Macromedia Inc. All rights reserved. |
|