The cfauthenticate
tag has several required attributes:
securityContext
Describes which security context to use for authentication and authorization. This name matches the security context as defined on the Advanced Security page of the ColdFusion Administrator.
username
The user name required to access the protected resources.password
The password required to access the protected resources.
You usually set the username
and password
attributes using variables that are passed in a cookie from form fields on a secure login page for the current session.
In addition, cfauthenticate
has two optional attributes:
setCookie
Indicates whether ColdFusion sets a cookie to contain authentication information. This cookie is encrypted and includes the user name, security context, browser remote address, and the HTTP user agent. Default is Yes.
throwOnFailure
Indicates whether ColdFusion throws an exception of type Security if authentication fails. Default is Yes.<cfauthenticate
securitycontext="MyAppSecurityContextName"
username=#userID#
password=#pwd#>
If the user is not already defined in the system, ColdFusion throws a Security exception. You can either reject access to the resource or reroute the user to a login page. For example, you can display a login form and then, if the user logs in successfully, display the originally requested page.
For a longer code example, see "Example of User Authentication and Authorization".