Hey Jochem, The idea is that this will only control access over secure areas of my site, so to answer your questions:
> Can a user have more then one profile? Does every user have a profile? Each user will only have one profile, you could in theory register for two accounts using different email address's, but each account would have its own set of credentials. Every user that is registered on the system will have a minimal profile, which includes contact details. >Can a user have more than one set of credentials? Does every user have credentials? Is a user authenticated, or are credentials authenticated? Each user has one set of credentials assigned to them, the credentials consist of a Username and Password. The username and password is authenticated against the database, if authentication is successful the user use is then 'logged in' and their entitlements loaded. > So a user always has one entitlement? That's correct, every user would have at least one entitlement. Hope that helps, Rob -----Original Message----- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: 07 March 2007 12:04 To: CF-Talk Subject: Re: User Authentication Robert Rawlins - Think Blue said: > Wanted to run a couple of ideas past you with regards to a > comprehensive user authentication system. Basically the system needs > to be a 'role' or 'entitlements' based security system, so all users > can login using the same process, they are then offered access to > particular tasks dependant on their entitlements or roles. > > Now my thoughts are to have 4 CFC's that control this my user. The > first of which is my User.cfc which contains the most basic of > information, and almost acts as a container for my other user > related cfc's, this would sit in the session scope and could be > accessed via something like 'session.user'. > > The user.cfc then has instances of my 3 other user beans, the first > of which being Profile.cfc which contains the general non security > related information for my user, such as their name, postal and email > address and suchlike. So if you wanted to access the users profile > information you can do Session.User.getProfile().getName() and it > would return the users name for output. Can a user have more then one profile? Does every user have a profile? > The next bean is what I would call 'credentials' and this contains > the core security data, such as the 'Username', 'Password' and > 'IsAuthenticated' settings, then at any point if I require that > information I can access it through 'session.user.getCredentials()' > This way once the user has logged in for the first time, I can set > the value of that bean > VARIABLE.isAuthenticated = true, then for future references I could > simply pull on 'Session.User.getCredentials().isAuthenticated()' and > it would return true or false if the user is logged in or not. Can a user have more then one set of credentials? Does every user have credentials? Is a user authenticated, or are credentials authenticated? > Finally I plan to have an 'Entitlements.cfc' which basically > contains an array of 'entitlements' that are built when the user > logs in from a table in the database. So if I need to authorize a > user for a specific task I can go > 'Session.User.getEntitlements().IsEntitled("DeleteUser")' and it > would search the array for that entitlement and return true or false > if they are entitled or not. So a user always has one entitlement? Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 The most significant release in over 10 years. Upgrade & see new features. http://www.adobe.com/products/coldfusion Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:271855 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
