CFLogin

How about a show of hands of people using CFLogin? I've been trying to get my head around it for a few days now. I did a tutorial on EasyCFM and got MORE confused. Anyone like it? Anyone want to take a shot at explaining it? I'm still not sure what MM gave us. A "container"? We still have to provide tables to store the username/pw and the roles? HELP!

Use it, like it, etc. As for explaining it in general, I'd rather just focus on specific questions. For example, you mention at the end, "we still have to provide tables to store username/pw and the roles" - not at all! In fact, cflogin could care less where usernames/pw/roles come from. In Lighthouse (the Bug Tracker application I wrote for DRK5), the user names and passwords are all stored in an XML file. Basically, you do whatever authentication you want (via query, ldap, etc) and just use <cfloginuser> when you want to log the user in. Have any specific questions?

Use it, love it, have a CFC suite that it is incorporated into. I'll second Ray's request for specific questions. Mike How about a show of hands of people using CFLogin? I've been trying to get my head around it for a few days now. I did a tutorial on EasyCFM and got MORE confused. Anyone like it? Anyone want to take a shot at explaining it? I'm still not sure what MM gave us. A "container"? We still have to provide tables to store the username/pw and the roles? HELP!   _____  

I got the following source code from Brandon Purcell, dont know if you already have it, and it works fine. But you are right about the roles thing, because we are going to store the roles in the db for the application users, so they will be different than their network roles. The only code you should have to change is the request.mydomain variable located on line 4 of the application.cfm to the name of your domain, and then add the db functionality in the cfc for your specific application(this is for roles, or whatever) if you are just using nt authentication, then you only need to change the domain name. Application.cfm |||||||||||||||||||||||||||||||||||||||||||||||||||| <cfapplication name="example2" sessionmanagement="Yes"> <!--- Application.cfm ---> <!--- CFMX will check for authentication with each page request. ---> <cfset Request.myDomain="yipgroup"> <cfif isdefined("url.logout")> <CFLOGOUT> </cfif> <cflogin> <cfif not IsDefined("cflogin")>       <cfinclude template="loginform.cfm">       <cfabort>    <cfelse>       <!---Invoke NTSecurity CFC --->    <cfinvoke component = "NTSecurity" method = "authenticateAndGetGroups"    returnVariable = "userRoles" domain = "#Request.myDomain#"    userid = "#cflogin.name#" passwd = "#cflogin.password#">   <cfif userRoles NEQ "">    <cfloginuser name = "#cflogin.name#" password = "#cflogin.password#" roles="#stripSpacesfromList(userRoles)#">    <!--- <cfset session.displayroles=stripSpacesfromList(userRoles)><!--- for displaying roles only ---> --->   <cfelse>    <cfset loginmessage="Invalid Login">    <cfinclude template="loginform.cfm">    <cfabort>   </cfif>    </cfif> </cflogin> <!--- strips leading & trailing spaces from the list of roles that was returned ---> <cffunction name="stripSpacesfromList"> <cfargument name="myList"> <cfset myArray=listtoarray(arguments.myList)> <cfloop index="i" from="1" to="#arraylen(myArray)#" step="1">   <!--- <cfset myArray[i]=replace(trim(myArray[i]), " ", "_")>   out<br>--->   <cfset myArray[i]=trim(myArray[i])> </cfloop> <cfset newList=arrayToList(myArray)> <cfreturn newList> </cffunction> |||||||||||||||||||||||||||||||||||||||||||||||||||| ntSecurity.cfc |||||||||||||||||||||||||||||||||||||||||||||||||||| <!--- This component implements methods for use for NT Authentication and Authorization. $Log: NTSecurity.cfc,v $ Revision 1.1  2002/03/08 22:40:41  jking Revision 1.2  2002/06/26 22:46  Brandon Purcell component for authentication and authorization ---> <cfcomponent name="NTSecurity" >         <!---  Authenticates the user and outputs true on success and false on failure. --->         <cffunction name="authenticateUser" access="REMOTE" output="no" static="yes" hint="Authenticates the user." returntype="boolean">                 <cfargument name="userid" type="string" required="true" />                 <cfargument name="passwd" type="string" required="true" />                 <cfargument name="domain" type="string" required="true" />                 <cftry>                         <cfscript>                         ntauth = createObject("java", "jrun.security.NTAuth");                         ntauth.init(arguments.domain);                         // authenticateUser throws an exception if it fails,                         ntauth.authenticateUser(arguments.userid, arguments.passwd);                         </cfscript>                                          <cfreturn true>                 <cfcatch>     <cfreturn false>                 </cfcatch>                 </cftry>           </cffunction>                  <!---                 Authenticates the user and outputs true on success and false on failure.         --->         <cffunction access="remote" name="getUserGroups" output="false" returntype="string" hint="Gets user groups." static="yes">                 <cfargument name="userid" type="string" required="true" />                 <cfargument name="domain" type="string" required="true" />                                   <cftry>                         <cfscript>                         ntauth = createObject("java", "jrun.security.NTAuth");                         ntauth.init(arguments.domain);                         groups = ntauth.GetUserGroups(arguments.userid);                         // note that groups is a java.util.list, which should be                         // equiv to a CF array, but it's not right now???                         groups = trim(groups.toString());                         groups = mid(groups,2,len(groups)-2);                         </cfscript>                        <cfreturn groups>                 <cfcatch>       <cflog text="Error in ntsecurity.cfc method getUserGroups - Error: #cfcatch.message#" type="Error" log="authentication" file="authentication" thread="yes" date="yes" time="yes" application="no">                         <cfreturn "">         </cfcatch>                 </cftry>                            </cffunction>               <!---                 This method combines the functionality of authenticateUser and getUserGroups.         --->         <cffunction access="remote" name="authenticateAndGetGroups" output="false" returntype="string" hint="Authenticates the user and gets user groups if it returns nothing the user is not authticated" static="yes">                 <cfargument name="userid" type="string" required="true" />                 <cfargument name="passwd" type="string" required="true" />                 <cfargument name="domain" type="string" required="true" />                    <cftry>                           <cfscript>                         ntauth = createObject("java", "jrun.security.NTAuth");                         ntauth.init(arguments.domain);                         // authenticateUser throws an exception if it fails,                         // so we don't have anything specific here                         ntauth.authenticateUser(arguments.userid, arguments.passwd);                         groups = ntauth.GetUserGroups(arguments.userid);                                                          // note that groups is a java.util.list, which should be                         // equiv to a CF array, but it's not right now                         groups = trim(groups.toString());                         groups = mid(groups,2,len(groups)-2);                         </cfscript>                     <cfreturn groups>                 <cfcatch>      <cfreturn "">         </cfcatch>                 </cftry>                            </cffunction> </cfcomponent> |||||||||||||||||||||||||||||||||||||||||||||||||||| index.cfm |||||||||||||||||||||||||||||||||||||||||||||||||||| <html> <head> <title>NT Domain Authentication</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <link href="../site.css" rel="stylesheet" type="text/css"> </head> <body> <cfoutput> <p>   <b>Welcome, #GetAuthUser()#!</b>   <cfoutput><br>You were logged into the following Roles- <!--- #session.displayroles# ---></cfoutput> </p> </cfoutput> <p>Based on your user name, your security credentials let you access the following tasks:<br /> (These links are for display purposes only.)</p> <p> <b>Task Menu</b><br /> <!--- Check roles for permission to view ---> <cfif isUserInRole("TECHSUPPORT")>   <a href="index.cfm">Product Support HomePage</a><br> </cfif> <cfif isUserInRole("Domain Users")>   <a href="index.cfm">Domain Users Page</a><br> </cfif> <cfif isUserInRole("Administrators")>   <a href="index.cfm">Administrators</a><br> </cfif> <cfif isUserInRole("AUSER")>   <a href="index.cfm">Basic User Tasks</a><br> </cfif> </p> <p> <a href="index.cfm?logout=1">Log out</a><br> </p> </body> </html> |||||||||||||||||||||||||||||||||||||||||||||||||||| loginform.cfm ||||||||||||||||||||||||||||||||||||||||||||||||||| <html> <head> <title>Login Form</title> <link href="../site.css" rel="stylesheet" type="text/css"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body> <H2>Please Log In <cfif isdefined("loginmessage")>(Invalid Login)</cfif></H2> <cfoutput>     <form action="#CGI.script_name#" method="Post">        <table>           <tr>              <td>username:</td>              <td><input type="text" name="j_username"></td>           </tr>           <tr>              <td>password:</td>              <td><input type="password" name="j_password"></td>           </tr>        </table>        <br>        <input type="submit" value="Log In">     </form>     <p> </p> </cfoutput> <cfinvoke component = "NTSecurity" method = "getNTUser"    returnVariable = "user" domain = "#Request.myDomain#"> <cfoutput>#user#</cfoutput> <p><a href="../index.cfm">Home</a></p> </body> </html> ||||||||||||||||||||||||||||||||||||||||||||||||||| How about a show of hands of people using CFLogin? I've been trying to get my head around it for a few days now. I did a tutorial on EasyCFM and got MORE confused. Anyone like it? Anyone want to take a shot at explaining it? I'm still not sure what MM gave us. A "container"? We still have to provide tables to store the username/pw and the roles? HELP!   _____  

Just as a warning, I've seen wierd issues when I used <cflogout> above my <cflogin> block. This never had any issues in 6.0, but I noticed an oddity under 6.1 with it where (I believe) getAuthUser was NOT returning "" after the cflogout. I don't remember the exact details, but I solved it by moving my logout _after_ the cflogin block, and just using a cflocation to reload the current page and force the login.

I guess I was expecting more from cflogin. I thought it was going to do everything for you. You'd think there would be built-in security tables if there are built in functions to validate users. ----- Excess quoted text cut - see Original Post for more -----

There is always a fine line between doing too little and doing too much. I think cflogin hits the sweet spot myself. By NOT forcing you to use a db, it allows you to easily switch your authentication methods without having to update your entire site. Also do not forget that the security system can be tied to CFCs as well with the use of the roles attribute.

My only problem with CFLOGIN is that you can't query out who is currently logged in.  It seems like if you need this feature, you may as well store the sessions in a table and just store a sessionID cookie (or use a session) to associate the user with the row in the table.  I just like to have a little more control and options than what CFLOGIN gives you.  Granted, it makes it very easy for simple login, logout and rights and roles checks, but it doesn't give me everything I need. John Burns There is always a fine line between doing too little and doing too much. I think cflogin hits the sweet spot myself. By NOT forcing you to use a db, it allows you to easily switch your authentication methods without having to update your entire site. Also do not forget that the security system can be tied to CFCs as well with the use of the roles attribute.   _____  

I agree with this - have you used the macromedia wish form thing-a-ma-bob to request it? Other things missing - getAllRoles() - would return all assigned roles for the current user. isAuthenticated() - this is easy to write though - you just return true if getAuthUser() neq "" HOWEVER - there is an funny bug with isAuthenticated(). Back in the old days, when CF had Advanced Security, isAuthenticated() was the function that told you if the current user was logged on. When MACR removed Advanced Security, they didn't just remove the functions, they actually left "hooks" in there. So even if you write your own UDF for isAuthenticated(), you will get an error saying it doesn't exist. Solution? Just use a different name, like isLoggedIn() or something else like that.

No, where's the wish-list "thing-a-ma-bob" (sounds like that should be a code name for a new Macromedia project) ? John Burns I agree with this - have you used the macromedia wish form thing-a-ma-bob to request it? Other things missing - getAllRoles() - would return all assigned roles for the current user. isAuthenticated() - this is easy to write though - you just return true if getAuthUser() neq "" HOWEVER - there is an funny bug with isAuthenticated(). Back in the old days, when CF had Advanced Security, isAuthenticated() was the function that told you if the current user was logged on. When MACR removed Advanced Security, they didn't just remove the functions, they actually left "hooks" in there. So even if you write your own UDF for isAuthenticated(), you will get an error saying it doesn't exist. Solution? Just use a different name, like isLoggedIn() or something else like that.   _____  

It should be www.macromedia.com/go/wish

You must be looking for the tag <CFLoginWithTheReallyNeatFlashBasedLoginScreenBackedByAUniversalDatabase> marlon man, that really wasn't constructive at all... CF Lists wrote: ----- Excess quoted text cut - see Original Post for more -----

[raises hand] I use it....think it's great. Using cflogin and multiple roles in an extranet application. Again, like Ray said, it can be pretty much anything to reference user/pwd - DB, XML, LDAP. The CFDocs are what I used to wrap my head around it. How about a show of hands of people using CFLogin? I've been trying to get my head around it for a few days now. I did a tutorial on EasyCFM and got MORE confused. Anyone like it? Anyone want to take a shot at explaining it? I'm still not sure what MM gave us. A "container"? We still have to provide tables to store the username/pw and the roles? HELP!

In my opinion that would not be a feature at all. The way cflogin is structured now allows you to use a variety of storage options for login/security/roles/permission/etc.. info. Tying that stuff into CF itself would be too restrictive and I doubt anyone would use it... Mike I guess I was expecting more from cflogin. I thought it was going to do everything for you. You'd think there would be built-in security tables if there are built in functions to validate users. ----- Excess quoted text cut - see Original Post for more -----   _____  

> I guess I was expecting more from cflogin. I thought it was > going to do everything for you. You'd think there would be > built-in security tables if there are built in functions to > validate users. The nice thing about CFLOGIN, etc, is that it doesn't do this for you - it simply provides a common framework that can be used with any authentication scheme - web server basic authentication, database queries, LDAP, and so on. In fact, you could use one authentication scheme during development, and another in production, and you'd have very little code to change within your application. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444

Okay, this is going to sound dumb to some of you but how can you do this WITHOUT using a DB? Greg ----- Excess quoted text cut - see Original Post for more -----

Remember, you can run cfloginuser whenever you want. Lets say your security system is so simple, you only need to worry about one user. You can easily hard code in your authentication:   <cfif username is "admin" and password is "noonewillguessthisiswear">     <cfloginuser name="admin" password="etc" roles="supreme chancellor">   </cfif> Hell, you could do: <cfloginuser name="guest" password="guest" roles="guest"> This would allow you to define a guest role that would apply to anyone on your site.

I thought cfloginuser could only be run inside cflogin tags? Were you just omitting them for brevity Ray? Mike Remember, you can run cfloginuser whenever you want. Lets say your security system is so simple, you only need to worry about one user. You can easily hard code in your authentication: <cfif username is "admin" and password is "noonewillguessthisiswear"> <cfloginuser name="admin" password="etc" roles="supreme chancellor"> </cfif> Hell, you could do: <cfloginuser name="guest" password="guest" roles="guest"> This would allow you to define a guest role that would apply to anyone on your site.   _____  

I didn't leave it out for brevity, I left it out because I'm lazy. ;) Yes, you should wrap that code with cflogin tags.