I have a web app that is secured in the application.cfc . In OnRequestStart I check for
<cfif not isDefined("session.auth.isLoggedIn")>
and if not logged in present the login form. All is fine and dandy as far as real people are concerned, but I want to facilitate a computer to make an http call and only be allowed if authenticated against my database. I dont use the built in cflogin tag. Is there a way I can include the username and password in an http request?
As long as you pass the parameters through the http call the same way as you would a login form, the application will authenticate the request and set your session variables.
One thing you have to make sure of is that the login authentication happens before you check whether the request is authenticated. You will also not want the login action to redirect the request.
Overall, just review your request lifecycle.
You could do a form post to your login check page something like this:
<cfhttp
method="post"
url="http://127.0.0.1/test/loginCheck.cfm"
port="8500"
throwonerror="Yes">
<cfhttpparam name="username" type="FormField" value="value here">
<cfhttpparam name="password" type="FormField" value="value here">
</cfhttp>
<!--- Form Post results --->
<cfoutput>
#cfhttp.fileContent#
</cfoutput>