Disabling AuthFilter

  • Article

If you do not want AuthFilter to be applied to your site at the site level, you must do the following:

  • Select No Filter mode in the Commerce Authentication Filter section on the General Properties tab for an application.
  • Remove Autocookie generation for the site.

When you select the No Filter mode, AuthFilter is not applied to the Web site; however, the filter still exists in IIS because another site may be using it. If you want to remove it altogether, use Internet Services Manager to remove the filter.

If you select No Filter and Autocookie generation is enabled, AuthFilter is still applied to the site.

In No Filter mode, the site developer can apply authentication to individual Active Server Pages (ASP) by invoking methods exposed by the AuthManager object. AuthManager is a Component Object Model (COM) object that exposes methods for identifying users and controlling access to dynamically generated content. For example, a site developer could invoke the GetUserID method of AuthManager to identify a user based on a cookie or a query string.

By default, the Solution Sites for Commerce Server 2002 uses the No Filter mode and has implemented an authentication scheme based on AuthManager. If you want to change the sites to take advantage of AuthFilter, you will need to make some changes to the Login.asp and other helper pages for the sites. For more information, see Enabling AuthFilter for the Retail Solution Site and Enabling AuthFilter for the Supplier Solution Site.

To disable AuthFilter

  1. Expand Commerce Server Manager, expand Commerce Sites, and then click the site you want to administer.
  2. Expand Applications, right-click the application you want to configure, and then click Properties.
  3. In the Properties dialog box, on the General tab, in the Authentication filter box, select No Filter.
  4. Clear the Autocookie box if it is selected, and then click OK.

Ee783746.note(en-US,CS.20).gifNotes

  • After you change a property value in Commerce Server Manager, you must restart Internet Information Services (IIS) 5.0 for the change to take effect. This also applies if you unload the ISAPI filter from memory, because unloading an ISAPI filter from memory only removes the IIS metabase settings for the filter. For instructions about restarting IIS, see Restarting IIS and Commerce Server Services.
  • If you disable AuthFilter for a site by choosing No Filter mode, you must manually configure the security settings that you need on the site. To manually configure the security settings, use IIS, select the security settings that you want for that site, and then restart IIS.

See Also

Restarting IIS and Commerce Server Services

Enabling AuthFilter for the Retail Solution Site

Enabling AuthFilter for the Supplier Solution Site

Copyright © 2005 Microsoft Corporation.
All rights reserved.