Table of Contents
Advertisement
DEVELOPING COLDFUSION 9 APPLICATIONS
Developing CFML Applications
The following image shows a typical flow of control for user authentication and authorization. Following sections
expand on this diagram to describe how you implement user security in ColdFusion.
No
Use ID and password to
authenticate user and get
user's authorization roles.
Process requested page.
User is authenticated but
not authorized.
No
Do not do secured
operations.
User is authenticated and
Authenticating users
Use either, or both, of the following forms of authentication to secure your ColdFusion application:
• Web server authentication, where the web server authenticates the user and does not allow access to the website by
users without valid login IDs
• Application authentication, where the ColdFusion application authenticates the user and does not allow access to
the application by users without valid login IDs
Web server authentication
All major web servers support basic HTTP authentication. Some web servers also support other authentication
methods, including Digest HTTP authentication and Microsoft NTLM authentication.
User requests a
page.
Is a user
Yes
logged in
No
Display login form.
Is the user
authenticated?
Yes
Log user in.
Is user in role
needed for activity?
Yes
authorized.
Do secured operations.
Last updated 8/5/2010
342
Advertisement
Table of Contents
