Solved

cflogin example not working...

Posted on 2004-10-25
401 Views
Last Modified: 2013-12-24
i am trying to get the first example in this link to work:

http://tinyurl.com/3rl6p

i have added code to application.cfm file and created the sample page securitytest.cfm.

problem is that when i test the securitytest page, all i get is this displayed:

Authentication data is missing.
Try to reload the page or contact the site administrator.

where am i supposed to login? running on IIS 5.1 w/ CF MX 6.1.

please advise on how to get this thing to work... thanks!
0
Question by:loyaliser
    10 Comments
     
    LVL 8

    Expert Comment

    by:sigmacon
    Please post your code. The page you are referring to has lots of code on it, which part did you use?
    0
     
    LVL 1

    Author Comment

    by:loyaliser
    i used the first 2 example code blocks:

    Example: Application.cfm
    and
    Example: securitytest.cfm

    thanks!
    0
     
    LVL 5

    Expert Comment

    by:kkhipple
    loyaliser...

    have you tried to do some debugging in the form of <CFOUTPUT>   http://tinyurl.com/6k3ky   tags... and in btw each one, print all the variables... also, you can have <CFDUMP>  http://tinyurl.com/4o3g3  statements

    <cfapplication name="Orders">

    <cflogin>
      <cfif IsDefined( "cflogin" )>

       <CFOUTPUT><CFDUMP var = #cflogin#></CFOUTPUT>

        <cfif cflogin.name eq "admin">
          <cfset roles = "user,admin">
        <cfelse>
            <cfset roles = "user">
          </cfif>

       <CFOUTPUT> #cflogin.name#   #cflogin.password# </CFOUTPUT>
       
        <cfloginuser name = "#cflogin.name#" password = "#cflogin.password#"
          roles = "#roles#" />
      <cfelse>
        <!--- this should never happen --->
        <h4>Authentication data is missing.</h4>
          Try to reload the page or contact the site administrator.
      <cfabort>
      </cfif>
    </cflogin>



    somethign along those lines...
    0
     
    LVL 35

    Expert Comment

    by:mrichmon
    I would try a simpler example such as :

    http://cfhub.com/examples/secure/

    to get you started.
    0
     
    LVL 1

    Author Comment

    by:loyaliser
    the code is fine... i just don't know how to get it to work. how and where does cflogin get populated w/ the username and password?

    do i have to set something on the server so the user is prompted for login information?
    0
     
    LVL 8

    Expert Comment

    by:sigmacon
    The first two example code blocks rely on basic web server authentication. You have to enable that in whichever webserver you are using, otherwise, no authentication data is available ... which is what the error message states.
    0
     
    LVL 35

    Expert Comment

    by:mrichmon
    >>do i have to set something on the server so the user is prompted for login information?

    Not in the administrator - but yes in your code.  Usually this is done in the application.cfm file.

    >>how and where does cflogin get populated w/ the username and password?

    You have to do this in your code yourself.


    I think you either need to read the rest of the example you are using (although it basically is showwing snippets of code on how the theory works - it is not really a good tutorial to follow nor is it helpful in learning) or you should look at a tutorial like the other one I posted.

    I would guess - since you did not post code - that you only have the snippets shown in the first two example sections of that document - these are incomplete and only shown to show how the framework works.  

    The actual methods to log people in are in the longer examples later in that same page (loginform.cfm)

    0
     
    LVL 1

    Author Comment

    by:loyaliser
    sigmacon:

    exactly... how do i enable web server authentication on IIS 5.1 to get this code working?

    thanks!
    0
     
    LVL 35

    Expert Comment

    by:mrichmon
    It is not a setting in IIS.

    The reason the code is commented "This should never happen" is that your application.cfm file should catch that a user is not logged in and then present them with a login form.

    You should try using the application.cfm example page further down in the url you posted.

    Here is the code:
    <cfapplication name="Orders" sessionmanagement="Yes">

    <cfif IsDefined("Form.logout")>
      <cflogout>
    </cfif>

    <cflogin>
      <cfif NOT IsDefined("cflogin")>
        <cfinclude template="loginform.cfm">
        <cfabort>
      <cfelse>
        <cfif cflogin.name IS "" OR cflogin.password IS "">
          <cfoutput>
            <H2>You must enter text in both the User Name and Password fields</H2>
          </cfoutput>
          <cfinclude template="loginform.cfm">
          <cfabort>
        <cfelse>
          <cfquery name="loginQuery" dataSource="CompanyInfo">
          SELECT UserID, Roles
          FROM LoginInfo
          WHERE
            UserID = '#cflogin.name#'
            AND Password = '#cflogin.password#'
          </cfquery>
          <cfif loginQuery.Roles NEQ "">
            <cfloginuser name="#cflogin.name#" Password = "#cflogin.password#"
              roles="#loginQuery.Roles#">
          <cfelse>
            <cfoutput>
              <H2>Your login information is not valid.<br>
              Please Try again</H2>
            </cfoutput>  
            <cfinclude template="loginform.cfm">
            <cfabort>
          </cfif>
        </cfif>  
      </cfif>
    </cflogin>


    <cfif GetAuthUser() NEQ "">
      <cfoutput>
         <form action=MyApp/index.cfm" method="Post">
          <input type="submit" Name="Logout" value="Logout">
        </form>
      </cfoutput>
    </cfif>


    Note how it includes a login form so that in the even that authentication data is missing the user is prompted to enter that data and authenticate.
    0
     
    LVL 8

    Accepted Solution

    by:
    Start > Programs > Administrative > IIS > Select a website > select a folder which you want to protect by authentication (you really should not do this for the entire site that way) > RIght Click > Properties > Directory Security > Check Basis Authentication.

    Users that you want to give access to your site will have to be users on your windows computer / domain with the rights to access that folder. Using this type of authentication is only useful for intranets. You should really use an external data-source for user registration, as shown in the other examples on the page you where reading.

    See whether this get's you further.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
    If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
    Want to pick and choose which updates you receive? Feel free to check out this quick video on how to manage your email notifications.
    This video is in connection to the article "The case of a missing mobile phone (https://www.experts-exchange.com/articles/28474/The-Case-of-a-Missing-Mobile-Phone.html)". It will help one to understand clearly the steps to track a lost android phone.

    934 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now