Using ColdFusion security tags and functions

cflogin

A container for user authentication and login code. The body of the tag runs only if the user is not logged in. When using application-based security, you place code in the body of the cflogin tag to check the user-provided ID and password against a data source, LDAP directory, or other repository of login identification. The body of the tag includes a cfloginuser tag (or a ColdFusion page that contains a cfloginuser tag) to establish the authenticated user’s identity in ColdFusion.

cfloginuser

Identifies (logs in) a user to ColdFusion. Specifies the user’s ID, password, and roles. This tag is typically used inside a cflogin tag.

The cfloginuser tag requires three attributes, name, password, and roles, and does not have a body. The roles attribute is a comma-delimited list of role identifiers to which the logged-in user belongs. All spaces in the list are treated as part of the role names, so you should not follow commas with spaces.

While the user is logged-in to ColdFusion, security functions access the user ID and role information.

cflogout

Logs out the current user. Removes knowledge of the user ID and roles from the server. If you do not use this tag, the user is automatically logged out as described in Logging out users.

The cflogout tag does not take any attributes, and does not have a body.

cfNTauthenticate

Authenticates a user name and password against the NT domain on which ColdFusion server is running, and optionally retrieves the user’s groups.

cffunction

If you include a roles attribute, the function executes only when there is a logged-in user who belongs to one of the specified roles.

IsUserInAnyRole

Returns True if the current user is a member of the specified role.

GetAuthUser

Returns the ID of the currently logged-in user.

This tag first checks for a login made with cfloginuser tag. If none exists, it checks for a web server login (cgi.remote_user.