Managing Authentication
Authentication is the process of confirming the identity of a user. Authentication validates that the user is who he or she claims to be. Claims-based identity is an approach to authentication.
When you use the claims-based identity security model, the authentication provider or issuing authority validates the identity of the user and issues information (claims), such as name, email address, group membership, in a digitally signed, secure token to describe the user. These digitally signed, secure tokens are created by the security token service (STS) for the issuing authority. When such a token accompanies a request, the Web application knows that the user is authenticated because the secure token comes from an issuing authority it trusts.
Implementing claims-based identity requires an understanding of the states of identity (anonymous, recognized, or registered), the way users are recognized and authenticated, and the way identity flows in Microsoft Commerce Server 2009 R2. The CommerceUserContext, CommerceUserRecognitionModule, and CommerceUserRecognition classes are used to manage user recognition, while the CommerceMembershipProvider is called by the STS (such as the Microsoft SharePoint 2010 STS) to authenticate users.
See Also
Other Resources
Understanding User Recognition
Understanding the Flow of Identity
Using the Commerce Membership Provider
How to Use the Deployment Guide