Configuring Authorization Security for the CommerceCache Entity
Only authorized identities can perform update, query, or delete operations on the CommerceCache entity. Therefore, you must specify the authorized identities in the CommerceEntityAuthorizationStore.xml file using Authorization Manager (AzMan).
You must configure authorization security for the following CommerceCache roles:
CommerceCache role |
Authorization requirements |
---|---|
CommerceUpdateOperation |
|
CommerceQueryOperation |
Two-Tier deployment topology
Three-Tier deployment topology
|
CommerceDeleteOperation |
Two-Tier deployment topology
Three-Tier deployment topology
|
Note
In a farm deployment scenario, each server has its own set of Authorization Manager files. You must configure authorization security for the CommerceCache roles on each server in the farm. You can accomplish this by copying the updated CommerceEntityAuthorizationStore.xml file to the other servers in the farm.
To add identities to CommerceCache authorization roles
At the Windows command prompt, enter azman.msc to open the Authorization Manager MMC snap-in, and then click OK.
In the left pane of Authorization Manager, right-click Authorization Manager, and then click Open Authorization Store.
In the Open Authorization Store dialog box, click Browse and browse to where the authorization policies are located (usually at the root of the Web site). For example, <drive>:\Inetpub\wwwroot.
Click CommerceEntityAuthorizationStore.xml, and then click Open.
Expand the Authorization Policy to CommerceFoundation\CommerceCache\Role Assignments.
Assign the business users with permission to send cache refresh requests:
Right-click CommerceUpdateOperation, point to Assign Users and Groups, and then click From Windows and Active Directory.
In the Enter the object names to select box, type the user names of the desired members who have cache refresh permissions. Alternatively, you can search Active Directory Domain Services (AD DS) by clicking Advanced.
Click OK.
Do one of the following:
To
Do this
Specify the application pool identity of the Web application with permission to query pending cache refresh requests in a two-tier deployment
Right-click CommerceQueryOperation, point to Assign Users and Groups, and then click From Windows and Active Directory.
In the Enter the object names to select box, type the name of the application pool identity for the Web application with permission to query pending cache refresh requests. Alternatively, you can search Active Directory Domain Services (AD DS) by clicking Advanced.
Click OK.
Specify the application pool identity of both the Web application and Commerce Foundation operation service with permission to query pending cache refresh requests in a three-tier deployment
Right-click CommerceQueryOperation, point to Assign Users and Groups, and then click From Windows and Active Directory.
In the Enter the object names to select box, type the name of the application pool identity for the Web application with permission to query pending cache refresh requests. Alternatively, you can search Active Directory Domain Services (AD DS) by clicking Advanced.
Type the name of the application pool identity for the Commerce Foundation operation service with permission to query pending cache refresh requests.
Click OK.
Do one of the following:
To
Do this
Specify the application pool identity of the Web application with permission to clear caches in a two-tier deployment
Right-click CommerceDeleteOperation, point to Assign Users and Groups, and then click From Windows and Active Directory.
In the Enter the object names to select box, type the name of the application pool identity for the Web application with permission to clear caches. Alternatively, you can search Active Directory Domain Services (AD DS) by clicking Advanced.
Click OK.
Specify the application pool identity of the Commerce Foundation operation service with permission to clear caches in a three-tier deployment
Right-click CommerceDeleteOperation, point to Assign Users and Groups, and then click From Windows and Active Directory.
In the Enter the object names to select box, type the name of the application pool identity for the Commerce Foundation operation service with permission to clear caches. Alternatively, you can search Active Directory Domain Services (AD DS) by clicking Advanced.
Click OK.
-
Note
In a SharePoint 2010 deployment, perform an IIS reset after making changes to authorization stores in AzMan. The IIS reset forces user claims to refresh.
Once you have fully implemented cache refresh, test that your authorization has been configured correctly.
See Also
Other Resources
Working with Cache Refresh (Pull or Polling Model)
About the CommerceCache Entity
Overview of CommerceCache Operation Sequences
Using APIs to Manage Commerce Server Caches
Creating an HTTP Module for Presentation Tier Polling
Modifying the Cache Refresh Configuration
Cannot Use Silverlight Web Tools After Making Updates to Authorization Stores