Determine cffunction access method?

Question

I have a .cfc which can be called either locally or remotely. When I call it locally, there's no need to determine whether the function should be allowed to run since all local calls can be trusted. However, when called as a web service, I would like to require two paramaters (username and password) so I can determine whether the function can be permitted to execute, or if I should return an "Access denied" message. (The verifyClient attribute of the cffunction tag is not what I'm after. I need to verify the username and password against a collection of account credentials.)

What I really need (in pseudo-code) is something like:

IF (requested_as_a_web_service = "true")

{check username and password against account credentials}

ELSE {stop processing and return an "Access denied" message}

So, is there a way to determine the access method?

David

Adam Cameron. · Accepted Answer

But returning the CFC path doesn't help me determine whether the calling page is local or remote. Now if the CFC could reliably conclude the path of the calling page, that'd help, but I don't see any way that's possible.

Yeah, but think about it... if the path is the CFC, then it's a remote call. If it's anything else: it's not a remote call.

--

Adam

Dan_Bracuk · Answer

My suggestion is to keep that function public so it can't be called as a web service. Then write another one in the same cfc that can be called as a webservice. Make sure it has all the same arguments, plus username and password. This function will process the username and password and if they pass muster, call the public function.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded