After you use cfauthenticate
to check whether the user is defined for a particular security context, you can use the following security functions throughout your applications any time you need to authenticate or authorize a user:
IsAuthenticated
checks whether the current session was authenticated by the cfauthenticate
tag.
IsAuthorized
checks whether the authenticated user has access to the named resource, based on rules defined in the security context for which the user is authenticated.
The IsAuthenticated
function checks whether a cfauthenticate
tag successfully executed for the current request. If not, it looks for the cfauth
cookie to determine whether the user is authenticated. If you do not set a cfauth
cookie with cfauthenticate
, you must call cfauthenticate
for every request in the application.
The IsAuthenticated
function returns True if the user is authenticated for the current request; otherwise, it returns False.
If you call IsAuthenticated with
the optional security_context_name parameter, the function returns True if the user is authenticated in the named security context; otherwise it returns False. The IsAuthenticated
function has the following form:
IsAuthenticated("security_context_name")
After a user is authenticated, you can use the IsAuthorized
function to check which resources the user is allowed to access. You define authorization levels when you create security policies on the Advanced Security page of the ColdFusion Administrator.
IsAuthorized
returns True if the user is authorized to perform the specified action on the specified ColdFusion resource. IsAuthorized
takes three parameters, as follows:
IsAuthorized(ResourceType, ResourceName, [ResourceAction])
For example, to check whether the authenticated user is authorized to update a data source resource called orders, use this syntax:
IsAuthorized("Datasource", "orders", "update")
In this example, the IsAuthorized
function returns True if the user is authorized to update the named data source, or if the data source is not protected in the security context.
Note The ColdFusion Server does not check user authorization unless you specifically request it with the |