User Guide
Using the cfauthenticate tag 359
Using the cfauthenticate tag
The cfauthenticate tag has several required attributes:
•
securityContext Describes which security context to use for authentication
and authorization. This name matches the security context as defined on the
Advanced Security page of the ColdFusion Administrator.
• username The user name required to access the protected resources.
•
password The password required to access the protected resources.
You usually set the
username and password attributes using variables that are passed
in a cookie from form fields on a secure login page for the current session.
In addition,
cfauthenticate has two optional attributes:
• setCookie Indicates whether ColdFusion sets a cookie to contain
authentication information. This cookie is encrypted and includes the user
name, security context, browser remote address, and the HTTP user agent.
Default is Yes.
• throwOnFailure Indicates whether ColdFusion throws an exception of type
Security if authentication fails. Default is Yes.
Example
<cfauthenticate securitycontext="MyAppSecurityContextName"
username=#userID#
password=#pwd#>
If the user is not already defined in the system, ColdFusion throws a Security
exception. You can either reject access to the resource or reroute the user to a login
page. For example, you can display a login form and then, if the user logs in
successfully, display the originally requested page.
For a longer code example, see “Example of User Authentication and Authorization”
on page 363.