Table of Contents
Advertisement
Securing your web services
You can restrict access to your published web services to control the users allowed to invoke them.
You can use your web server to control access to the directories containing your web services, or
you can use ColdFusion security in the same way that you would to control access to any
ColdFusion page.
Controlling access to component CFC files
To browse the HTML description of a .cfc file, you request the file by specifying a URL to the file
in your browser. By default, ColdFusion secures access to all URLs that directly reference a .cfc
file, and prompts you to enter a password upon the request. Use the ColdFusion RDS password
to view the file.
To disable security on .cfc file browsing, use the ColdFusion MX Administrator to disable the
RDS password.
For more information, see
on page
219.
Using your web server to control access
Most web servers, including IIS and Apache, implement directory access protection using the
basic HTTP authentication mechanism. When a client attempts to access one of the resources
under a protected directory, and has not properly authenticated, the web server automatically
sends back an authentication challenge, typically an HTTP Error 401 Access Denied error.
In response, the client's browser opens a login prompt containing a username and password field.
When the user submits this information, the browser sends it back to the web server. If
authentication passes, the web server allows access to the directory. The browser also caches the
authentication data as long as it is open, so subsequent requests automatically include the
authentication data.
Web service clients can also pass the username and password information as part of the request.
The
tag includes the
cfinvoke
information to a web server using HTTP basic authentication. You can include these attributes
when invoking a web service, as the following example shows:
<cfinvoke
webservice = "http://some.wsdl"
returnVariable = "foo"
...
username="aName"
password="aPassword">
<cfoutput>#foo#</cfoutput>
ColdFusion inserts the username/password string in the
base64 binary encoded string, with a colon separating the username and password. This method
of passing the username/password is compatible with the HTTP basic authentication mechanism
used by web servers.
The ColdFusion MX Administrator lets you predefine web services. As part of defining the web
service, you can specify the username and password that ColdFusion includes as part of the
request to the web service. Therefore, you do not have to encode this information using the
tag. For information on defining a web service in the ColdFusion MX Administrator,
cfinvoke
see
"Configuring web services in the ColdFusion MX Administrator" on page
726
Chapter 32: Using Web Services
Chapter 11, "Building and Using ColdFusion Components,"
and
username
password
attributes that let you pass login
request header as a
authorization
718.
Advertisement
Table of Contents
Troubleshooting
Related Manuals for MACROMEDIA COLDFUSION MX 61-DEVELOPING COLDFUSION MX
Related Products for MACROMEDIA COLDFUSION MX 61-DEVELOPING COLDFUSION MX
- MACROMEDIA COLDFUSION MX 61-CFML
- MACROMEDIA COLDFUSION MX 61-GETTING STARTED BUILDING COLDFUSION MX
- MACROMEDIA COLDFUSION MX 61 - INSTALLING COLDFUSION MX FOR IBM WEBSPHERE APPLICATION SERVER
- MACROMEDIA COLDFUSION MX 61 - CONFIGURING AND ADMINISTERING COLDFUSION MX
- MACROMEDIA COLDFUSION MX 7.0.2-USING COLDFUSION MX WITH FLEX 2
- MACROMEDIA 38000382 - Macromedia JRun - Mac
- MACROMEDIA 38028779 - Macromedia Dreamweaver - Mac
- MACROMEDIA BREEZE
Need help?
Do you have a question about the COLDFUSION MX 61-DEVELOPING COLDFUSION MX and is the answer not in the manual?
Questions and answers