Custom Authentication Mode

This operating mode of the AuthFilter ISAPI filter allows the site developer to provide custom authentication services while still using the base services of the AuthFilter.

In this mode, the AuthFilter performs the following steps after being notified  that an SF_NOTIFY_PREPROC_HEADERS event has occurred:

  1. Checks for site configuration properties in the local site cache and, if not found, reads the site configuration properties from the Administration database using a SiteConfig object and stores them in the site cache.

  2. Detects whether the requested URL is correct, and automatically corrects for case sensitivity in the URL.

  3. Checks for session-cookie support, and, if unavailable, redirects the user to the Active Server Pages (ASP) page specified in the s_NoCookie_Form ("No-Cookie form" in the Commerce Server Manager user interface) property of the CS Authentication resource. Usually this page notifies the user that cookies are required and that the user should resubmit the request once cookies are enabled.

  4. Checks whether the cookie contains an MSCSAuth ticket, and if not redirects the user to a login page.

  5. If the cookie contains an MSCSAuth ticket, checks the current time against the last login time on the ticket to see if it is within the time window specified in the ticket.

  6. If the current time is past the time window specified in the ticket, the user is redirected to the login page as an non-validated user.

  7. If the current time is within the time window, the ticket is considered valid, and the user is redirected to the login page as a validated user. If the current time is within five minutes of the last login time plus the time window, the last login time on the ticket is changed to the current time so an active user can remain browsing.


All rights reserved.