About the Commerce Server Claims Provider
In a Microsoft SharePoint 2010 deployment, there is a SharePoint 2010 secure token service (STS) on the presentation tier. Within the STS, there is a Commerce Server Membership Provider and a Commerce Server Claims Provider. The STS uses the Commerce Membership Provider to authenticate users and uses the Commerce Claims Provider to assign the authorization rights for an authenticated user. While the Commerce Membership Provider answers the question "Are you who you say you are?", the Commerce Claims Provider answers the question "Now that I know who you are, what are you allowed to do?" For more information about the Commerce Server Membership Provider, see Using the Commerce Membership Provider.
How the Commerce Server Claims Provider Augments Claims for an Authenticated Identity
Once a user is authenticated, the SharePoint 2010 STS calls the Commerce Claims Provider to get SharePoint 2010 authorization claims for the authenticated identity represented by the CommerceClaim entity. For more information about the CommerceClaim entity, see About the CommerceClaim Entity. The Commerce Claims Provider sends a request to the operation service to return a list of claims for the authenticated identity. The operation service executes the CommerceClaimsComponent sequence component using the ExecuteQuery method to return the list of claims associated with the authenticated user, authentication mode, and channel specified in the request from the Commerce Claims Provider. The Commerce Claims Provider adds the claims returned by the operation service to the authenticated identity. For more information about the flow of identity, see Understanding the Flow of Identity.
When You Need a Custom Claims Provider for Augmenting Claims
The Commerce Server Claims Provider is a custom claims provider that interacts with the SharePoint 2010 STS. If you are using Active Directory Federation Services (AD FS) instead of the Commerce Server Membership Provider, you must create a custom claims provider to work with an STS.
See Also
Other Resources
Understanding Claims-Based Identity
About the CommerceClaim Entity