Configuring Authorization Security for the CommerceCache Entity

  • Article

Only authorized identities can perform update, query, or delete operations on the CommerceCache entity. Therefore, you must specify the authorized identities in the CommerceEntityAuthorizationStore.xml file using Authorization Manager (AzMan).

You must configure authorization security for the following CommerceCache roles:

CommerceCache role

Authorization requirements

CommerceUpdateOperation

  • Specify the identities of the business users with permission to send cache refresh requests

CommerceQueryOperation

Two-Tier deployment topology

  • Specify the application pool identity for the Web application with permission to query pending cache refresh requests

Three-Tier deployment topology

  • Specify the application pool identity for the Web application with permission to query pending cache refresh requests

  • Specify the application pool identity for the Commerce Foundation operation service with permission to query pending cache refresh

CommerceDeleteOperation

Two-Tier deployment topology

  • Specify the application pool identity for the Web application with permission to clear caches

Three-Tier deployment topology

  • Specify the application pool identity for the Commerce Foundation operation service with permission to clear caches

Note

In a farm deployment scenario, each server has its own set of Authorization Manager files. You must configure authorization security for the CommerceCache roles on each server in the farm. You can accomplish this by copying the updated CommerceEntityAuthorizationStore.xml file to the other servers in the farm.

To add identities to CommerceCache authorization roles

  1. At the Windows command prompt, enter azman.msc to open the Authorization Manager MMC snap-in, and then click OK.

  2. In the left pane of Authorization Manager, right-click Authorization Manager, and then click Open Authorization Store.

  3. In the Open Authorization Store dialog box, click Browse and browse to where the authorization policies are located (usually at the root of the Web site). For example, <drive>:\Inetpub\wwwroot.

  4. Click CommerceEntityAuthorizationStore.xml, and then click Open.

  5. Expand the Authorization Policy to CommerceFoundation\CommerceCache\Role Assignments.

  6. Assign the business users with permission to send cache refresh requests:

    1. Right-click CommerceUpdateOperation, point to Assign Users and Groups, and then click From Windows and Active Directory.

    2. In the Enter the object names to select box, type the user names of the desired members who have cache refresh permissions. Alternatively, you can search Active Directory Domain Services (AD DS) by clicking Advanced.

    3. Click OK.

  7. Do one of the following:

    To

    Do this

    Specify the application pool identity of the Web application with permission to query pending cache refresh requests in a two-tier deployment

    Right-click CommerceQueryOperation, point to Assign Users and Groups, and then click From Windows and Active Directory.

    In the Enter the object names to select box, type the name of the application pool identity for the Web application with permission to query pending cache refresh requests. Alternatively, you can search Active Directory Domain Services (AD DS) by clicking Advanced.

    Click OK.

    Specify the application pool identity of both the Web application and Commerce Foundation operation service with permission to query pending cache refresh requests in a three-tier deployment

    Right-click CommerceQueryOperation, point to Assign Users and Groups, and then click From Windows and Active Directory.

    In the Enter the object names to select box, type the name of the application pool identity for the Web application with permission to query pending cache refresh requests. Alternatively, you can search Active Directory Domain Services (AD DS) by clicking Advanced.

    Type the name of the application pool identity for the Commerce Foundation operation service with permission to query pending cache refresh requests.

    Click OK.

  8. Do one of the following:

    To

    Do this

    Specify the application pool identity of the Web application with permission to clear caches in a two-tier deployment

    Right-click CommerceDeleteOperation, point to Assign Users and Groups, and then click From Windows and Active Directory.

    In the Enter the object names to select box, type the name of the application pool identity for the Web application with permission to clear caches. Alternatively, you can search Active Directory Domain Services (AD DS) by clicking Advanced.

    Click OK.

    Specify the application pool identity of the Commerce Foundation operation service with permission to clear caches in a three-tier deployment

    Right-click CommerceDeleteOperation, point to Assign Users and Groups, and then click From Windows and Active Directory.

    In the Enter the object names to select box, type the name of the application pool identity for the Commerce Foundation operation service with permission to clear caches. Alternatively, you can search Active Directory Domain Services (AD DS) by clicking Advanced.

    Click OK.

  9. Note

    In a SharePoint 2010 deployment, perform an IIS reset after making changes to authorization stores in AzMan. The IIS reset forces user claims to refresh.

  10. Once you have fully implemented cache refresh, test that your authorization has been configured correctly.

See Also

Other Resources

Working with Cache Refresh (Pull or Polling Model)

About the CommerceCache Entity

Overview of CommerceCache Operation Sequences

Using APIs to Manage Commerce Server Caches

Creating an HTTP Module for Presentation Tier Polling

Modifying the Cache Refresh Configuration

Cannot Use Silverlight Web Tools After Making Updates to Authorization Stores