I have some questions for anyone who has handled selective access to CFC's.
And yes I have read up on remoting, as well as from the Macromedia site
Securing Access to Cold Fusion from Flash Remoting MX.
This is the process as I understand it:
1. The flash movie sends a userid and password to the remote host (in this
case a Cold fusion server that holds my CFC as well as an application.cfm)
as well as the call for whatever function it needs results from.
2. The application.cfm captures the userid and password and performs some
authentication process (obviously designed by the developer) at that point
if the login to the db(where we store the userid and password) is
successful, the cfloginuser tag executes and gives the user certain rights
based upon their profile.
3. The CFc loads and when the cffunction tag being called attempts to
execute, it checks the right of the user to see if they match the logged in
users.
4. If the user has been authenticated, the function executes normally, if
not it sends an error to flash which can be viewed which states "Current
user was not authorized to invoke this method".
This is what I dont understand:
1. What exactly does cold fusion see when it gets the header information
from flash? (ie, name and scope of passed params). I have a feeling that I
am not referring correctly to the object in my application.cfm code, which
is why it does not authenticate the user.
My code is below.
My flash movie does the following:
NetServices.setDefaultGatewayUrl("http://localhost:8500/flashservices/gatewa
y");
gatewayConnnection = NetServices.createGatewayConnection();
gatewayConnnection.setCredentials("bob","password");
TrackIT= gatewayConnnection.getService("devCenter.TrackIT", this);
TrackIt.getLoginList();
my application.cfm does the following:
<cfsilent>
<cflogin>
<cfif isDefined("cflogin")>
<cfif cflogin.name eq "bob">
<cfloginuser name="#cflogin.userid#" password="#cflogin.password#"
roles="admin">
</cfif>
</cfif>
</cflogin>
</cfsilent>
my cfc does the following:
<cffunction name="getLoginList" access="remote" returnType="query"
roles="admin">
<cfquery name="get_Employees" datasource="TrackIT">
Select Distinct(Request) from Tasks
</cfquery>
<cfreturn get_Employees>
</cffunction>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Signup for the Fusion Authority news alert and keep up with the latest news in
ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
