ColdFusion provides the following tags and functions for user security:
Tag or function |
Purpose |
---|---|
A container for user authentication and login code. The body of the tag runs only if the user is not logged in. When using application-based security, you put code in the body of the cflogin tag to check the user-provided ID and password against a data source, LDAP directory, or other repository of login identification. The body of the tag includes a cfloginuser tag (or a ColdFusion page that contains a cfloginuser tag) to establish the authenticated user's identity in ColdFusion. |
|
Identifies (logs in) a user to ColdFusion. Specifies the user's ID, password, and roles. This tag is typically used inside a cflogin tag. The cfloginuser tag requires three attributes, name, password, and roles, and does not have a body. The roles attribute is a comma-delimited list of role identifiers to which the logged-in user belongs. All spaces in the list are treated as part of the role names, so you should not follow commas with spaces. While the user is logged-in to ColdFusion, security functions can access the user ID and role information. |
|
Logs out the current user. Removes knowledge of the user ID and roles from the server. If you do not use this tag, the user is automatically logged out as described in Logging out users. The cflogout tag does not take any attributes, and does not have a body. |
|
Authenticates a user name and password against the NT domain on which ColdFusion server is running, and optionally retrieves the user's groups. |
|
If you include a roles attribute, the function executes only when there is a logged-in user who belongs to one of the specified roles. |
|
Returns True if the current user is a member of the specified role. |
|
Returns the ID of the currently logged-in user. This tag first checks for a login made with cfloginuser tag. If none exists, it checks for a web server login (cgi.remote_user. |