adrianmak
asked on
Force logon
How do I force users to logon before go further to other web pages ?
currently, I found that if users know the name of other web documents e.g.
http://www.test.com/main.html
Then users can directly type the above url and by pass the logon page e.g.
http://www.test.com/login.cfm
currently, I found that if users know the name of other web documents e.g.
http://www.test.com/main.html
Then users can directly type the above url and by pass the logon page e.g.
http://www.test.com/login.cfm
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
mmmm.. i don't see how you could link the NT user account with
ColdFusion. my answer will be "I don't know" but i doubt it's possible... you may want to look around to find if it is possible.
Maybe on Allaire's board can you get that information.
ColdFusion. my answer will be "I don't know" but i doubt it's possible... you may want to look around to find if it is possible.
Maybe on Allaire's board can you get that information.
>>Do the Cold Fusion Security can be integrated with NT server user account ?<<
The last place I worked we used a tag called NTUSERLOGON to do just that. Try a search for it on Allaire's site. I think that's where we got it.
The last place I worked we used a tag called NTUSERLOGON to do just that. Try a search for it on Allaire's site. I think that's where we got it.
Oh and, you don't have to put the login verification at the top of every page. Just put it in the application.cfm page of the login directory. Application.cfm is automatically included in every page that is called from it's directory.
hehe Punker is right, unless you use access level that can be differente for every page =)
In which case, surround your CFML in an if statement, like so:
<cfif Session.SecLevel GTE "2">
This is the page.
<cfelse>
<script language="javascript">
alert("You aren't allowed to view this page!");
history.go(-1);
</script>
</cfif>
For cleaner code, you can keep all this in the application.cfm file. For example, the Login directory would allow people of security level 1 and above to view all pages, in Login/Reports/ the application.cfm would allow security levels 2 and higher, Login/Admin/ security levels 3 and higher, etc.
I've done it both ways, depending on the scope of the project. It's all in how you want to do it.
<cfif Session.SecLevel GTE "2">
This is the page.
<cfelse>
<script language="javascript">
alert("You aren't allowed to view this page!");
history.go(-1);
</script>
</cfif>
For cleaner code, you can keep all this in the application.cfm file. For example, the Login directory would allow people of security level 1 and above to view all pages, in Login/Reports/ the application.cfm would allow security levels 2 and higher, Login/Admin/ security levels 3 and higher, etc.
I've done it both ways, depending on the scope of the project. It's all in how you want to do it.
ASKER
That's mean I can use NT user account for security check instead of build another database to serve this purpose