AuthFilter is an ISAPI filter provided with Commerce Server 2002. AuthFilter alters the default behavior of IIS and affects how HTTP requests and responses are handled.
By default, when AuthFilter is used, it is installed at the IIS site level with low priority. This means that if other ISAPI filters are running in IIS, they will process requests before AuthFilter does. If ISAPI filters from other applications, or custom ISAPI filters, are installed on your Web server, you can configure these ISAPI filters at a higher priority if you want those filters to process requests before AuthFilter does.
AuthFilter can be used in different authentication modes. For information about the AuthFilter modes, see Overview of AuthFilter Authentication Modes.
Regardless of the authentication mode, when AuthFilter is notified of an incoming request, it automatically does the following:
- Detects whether the requested URL is correct. AuthFilter automatically corrects for the case sensitivity of the Internet Information Services (IIS) virtual directory roots.
- AuthFilter issues a redirect to correct the case in the requested URL. Any Post data in the requested URL is lost.
- Checks whether the browser supports cookies. If the client browser does not support cookies, AuthFilter redirects the user to a no cookie page. AuthFilter requires that browsers support cookies.
- AuthFilter issues a redirect when it verifies if the browser supports cookies. This verification is done for only the very first request, that is made during the session. Any Post data in the requested URL is lost.
- Checks that the user has a valid ticket. For Windows and Custom Authentication modes, if the request does not contain a valid MSCSAuth ticket, then the request is redirected to the Login.asp page. For Autocookie mode, if the request does not have a valid MSCSProfile ticket, then the request is redirected to the autocookie.asp page.
After performing these tasks, AuthFilter performs additional tasks, depending on the authentication mode.
This section contains:
- Overview of AuthFilter Authentication Modes
- AuthFilter Initialization
- How AuthFilter Verifies Cookies
- AuthFilter and IIS Event Notifications
- AuthFilter Single Sign-on Support
- Enabling AuthFilter for the Retail Solution Site
- Important Information about AuthFilter for the Retail Solution Site
- Enabling AuthFilter for the Supplier Solution Site
- Important Information about AuthFilter for the Supplier Solution Site
- Login.asp Code for the Retail Solution Site
- Login.asp Code for the Supplier Solution Site
- Using AuthFilter on a .NET-based Site
- Disabling AuthFilter
All rights reserved.