Important Information About AuthFilter for the Retail Solution Site

  • Article
  • If you unpack a site to the root directory on IIS with AuthFilter enabled, you must clear the application level property check box, Set cookie path to application. This property represents the path property set on cookies. By default the Flag is enabled to set this to the virtual directory of the site (for example, /retail). By clearing the check box, the root "/" is set as the path property for your cookies. After updating this property, you must restart IIS. For instructions, see Restarting IIS and Commerce Server Services.
  • Verify that you use Anonymous Access for all include, .gif, or helper files that are used by Login.asp.
  • For Windows Authentication, the default login page uses the GET action in Login-Submit. The POST action is also supported with Login.asp. For information about supporting the POST action, see the comments in Login.asp and follow those instructions.
  • There is a known security issue if you are using GET with Login.asp. When you use GET with Login.asp, it is recommended that you tell users who visit your site to set their browser to automatically clear the browser history after they log off, or have them clear the browser history manually. To avoid this security issue, use the POST method rather than the GET method. For more information about these methods, see Login Page: Get Method and Post Method.
  • In Windows Authentication, the following server variables are not set: AUTH_USER and AUTH_TYPE. The server variable LOGON_USER is set to the User ID that is used for logging in.
  • To use Secure Sockets Layer (SSL), you must set the Login Form property in CS Authentication to the full path. For instructions, see Configuring the CS Authentication Resource.
  • If you decide to enable AuthFilter after you have disabled it, you must manually re-apply Internet Information Services (IIS) 5.0 security settings. For instructions, see the IIS 5.0 Documentation.
  • After you change a CS Authentication property value in Commerce Server Manager, you must unload the commerce application from memory on each Web server for the change to take effect. For instructions, see Unloading an Application from Memory.

See Also

Adding a User Profile

Login.asp Code for the Retail Solution Site

Login.asp Code for the Supplier Solution Site

Unloading an Application from Memory

Configuring the CS Authentication Resource

Copyright © 2005 Microsoft Corporation.
All rights reserved.