Get Method

  • Article

When the Get method is used, the submitted user ID and password are placed in the HTTP header and are available to the AuthFilter when it receives the SF_NOTIFY_PREPROC_HEADERS event. This occurs before the login page processes the request.

The following steps are taken:

  1. The AuthFilter retrieves the submitted user ID and password from the QueryString collection properties, txtUserName and txtPassword.

  2. The AuthFilter checks the local password cache for an entry matching the user ID.

  3. If an entry is found, the password is updated with the submitted password.

  4. If an entry is not found, a new entry is made using the submitted user ID and password.

  5. The AuthFilter returns processing to the login page.

  6. In the login page, the submitted user ID and password are retrieved from the txtUserName and txtPassword properties of the QueryString collection of the Request object.

  7. Using the submitted user ID, the profile of the user is retrieved from the Commerce Server Profiles resource or another profile system.

  8. If the user does not have a profile, the user is redirected to the registration page.

  9. If the user has a profile, but the password associated with the profile does not match the submitted password, the login page is resent to the user.

  10. If the passwords do match, the AuthManager object is used to set the MSCSAuth ticket into a session cookie for the user.

  11. The user is redirected to the original URL, which was previously stored by the AuthFilter in the MSCSFirstRequestedURL property of a separate session cookie.

  12. When the browser resubmits the request, the AuthFilter determines the ticket is valid and returns processing to IIS.

  13. If the user has access rights to the URL, it is returned.


All rights reserved.