ColdFusion Security: Authenticating Users
It is possible to associate a particular NetConnection instance with a username and password combination that allows you to secure both ColdFusion page services and ColdFusion Components. You can secure services by user, role, or application.
Client-Side Security Implementation
The required client-side ActionScript code is straightforward. Simply call the setCredentials( ) method on the NetConnection instance from which you will get your secured services:
NetServices.setDefaultGatewayURL("http://localhost/flashservices/gateway");
var my_conn = NetServices.createGatewayConnection( );
my_conn.setCredentials("someUsername", "somePassword");
var someService = my_conn.getService("com.oreilly.util.someService", this);
someService.execute( );To properly implement an authentication scheme, the services being called have to be properly protected (a process we will review shortly). The username and password are sent to the server in the same request that actually invokes the remote function. If authentication is successful, the service will process normally; upon failure to authenticate, execution halts and an error is returned to the client through the onStatus( ) function of your responder object. It is perfectly acceptable to call setCredentials( ) on a NetConnection instance more than once if different credentials are being used for different functions.
The username and password arguments passed into setCredentials( ) can be the username and ...
Get Flash Remoting: The Definitive Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
