Application.cfc, cflogin and not forcing a login

[Hanzelmans]

I am developing an application where I do not want to force users to sign in unless they actually require access to certain portions of the application. How can I use cflogin in my application.cfc without requiring "users" from logging in when they do not need to do so?

I have the admin pages/sections blocked with isUserInRole that will then redirect them to a login page if they need access to that area.

I guess where I'm confused is that whenever I've used application.cfc and the cflogin framework in the past, it required users to sign in prior to doing anything in the application. Now, I only need it for certain pages and am having a problem.

The example that is loaded in cfide\gettingstarted looks to be what I'm looking for, but the application.cfc template is unreadable.

If I put the cflogin in the OnRequestStart function, it will try to force the user to log in even when they are accessing a portion of the template that does not need them to do it.

Thanks for any help,
Steve

Steve Hanzelman
Milton Hershey School

http://www.mhs-pa.org

 

[ecobb]

Create a cflogin file seperate from application.cfm(cfc), then just do as you said, "have the admin pages/sections blocked with isUserInRole that will then redirect them to a login page if they need access to that area."

That way, it's only called when it's needed instead of when every page is executed.

Hope This Helps!

ECAR
ECAR Technologies

http://www.ecartech.com

"My work is a game, a very serious game." - M.C. Escher

 

[Hanzelmans]

ECAR,
Thanks for the response. Here is what I have.

When a user hits a spot that requires authentication, they are directed to a login template. That template, when submitted, is directed to another template that calls a function to perform the authentication against a user database. It performs the cfloginuser function (setting roles, etc.) and returns any error codes to the calling template.

If no error was returned, it then uses a cflocation to head off to the necessary page.

What is odd is that the user, if they were authenticated, is shown as a valid user in the calling template, but is not when they are redirected. It is almost as if the cfloginuser didn't function after leaving the template that called the authentication function.

What could be causing that?

Thanks,
Steve

Steve Hanzelman
Milton Hershey School

http://www.mhs-pa.org

 

[ecobb]

It appears that you have to have the cflogin tag on pages where you want to use authentication, according to this post on livedocs:

The getAuthUser and isUserInRole functions will only work if the CFLOGIN tag was encountered previously within the scope of the same request. In other words, if your CFLOGIN tag is not in your Application.cfm file, and you try to call getAuthUser or isUserInRole during the scope of a request where no CFLOGIN tag was encountered, you get an empty string and false respectively. This is not usually noticed because the CFLOGIN tag is in my Application.cfm file where it was clearly intended to go. Fortunately, a quick <cflogin/> tag before you call getAuthUser or isUserInRole fixes the issue by making the necessary variable scope available.

I've never heard that before, but it does seem to be the case with your situation. To work around this, you'll either have to put cflogin back in application.cfm and use cfif's to work around which pages use it, or drop cflogin and write your own authentication code.

Just to make sure, do you have session variables enabled in your cfapplication tag in your application.cfm file? That's the only other thing I can think of that might be causing this problem.

Hope This Helps!

ECAR
ECAR Technologies

http://www.ecartech.com

"My work is a game, a very serious game." - M.C. Escher