Proxy Accounts
When accessing a site using a proxy account, the steps in the login page happen the same as with the Post method. However, the user ID is used to retrieve a proxy account ID and password, and these credentials are set into the URL query string and stored in the password cache instead of the user ID and password. On subsequent visits to the site, the proxy account ID, instead of the user ID, is used to access the password cache.
The proxy account credentials can be stored in an extended property of the default profile schema or by some other means. Extending the profile schema must be performed through the Profile Designer in Commerce Server Business Desk. For information about this procedure, see Adding Properties to a Profile Definition.
To track individual users when using proxy accounts, add the custom guid property to the ticket using the AuthManager object. Once set, the AuthFilter uses the guid property to access the password cache instead of the proxy account ID. For more information about this technique, see Distributed Denial of Service Attacks.