User Guide
Example of User Authentication and Authorization 365
<!--- The login form.
Submitting the form re-requests the originally requested page
using the recreated url --->
<cfoutput>
<form action="#url#" method="Post">
<table>
<tr>
<td>username:</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>password:</td>
<td><input type="password" name="password"></td>
</tr>
</table>
<input type="submit" value="Login">
</form>
</cfoutput>
<cfabort>
</cfif>
</cfif>
Checking for authentication and authorization
Inside application pages, you can use the IsAuthorized function to check whether
an authenticated user is authorized to access the protected resources, and then
display only the authorized resources.
The following sample page appears to users who pass the authentication test in the
previous Application.cfm page. It uses the IsAuthorized function to test whether
authenticated users are allowed to update or select data from a data source.
Example: orders.cfm
<!--- First, check whether a form button was submitted --->
<cfif IsDefined("Form.btnUpdate")>
<!--- Is user is authorized to update or select
information from the Orders data source? --->
<cfif IsAuthorized("DataSource", "Orders", "update")>
<cfquery name="AddItem" datasource="Orders">
INSERT INTO Orders (Customer, OrderID)
VALUES #Customer#, #OrderID#
</cfquery>
<cfoutput query="AddItem">
Authorization Succeeded. Order information added:
#Customer# - #OrderID#<br>
</cfoutput>
<cfelse>
<cfabort showerror="You are not allowed to update order
information.">
</cfif>