Share via

Understanding User Recognition

  • Article

Shoppers must have a unique identifier assigned to them when they browse your Web site, so your site can recognize each shopper. In Microsoft Commerce Server 2009 R2, user recognition is managed by several classes (CommerceMembershipProvider, CommerceUserRecognitionModule, and CommerceUserRecognition) to issue and read the cookie that contains the shopper's anonymous and/or registered profile ID. These classes must be utilized when you have an ASP.NET site using forms-based authentication or when you are using the routing service.

This topic covers the following:

  • Understanding the States of Identity

  • Implementing User Recognition

Understanding the States of Identity

In Commerce Server 2009 R2, the unique identifier assigned to the shopper depends on whether the shopper is browsing the site anonymously (anonymous shopper); the shopper is recognized by the site due to a previously issued persistent cookie, but the shopper has not yet logged on to the site (recognized shopper); or the shopper has logged on to the site (authenticated shopper):

  • Anonymous shopper: Nothing is known about the shopper; the shopper has not logged on to the site, and the shopper's browser does not have a persistent cookie from a previous visit that identifies the shopper.

    In this state, the anonymous shopper is assigned a globally unique identifier (GUID) that associates the anonymous shopper with his or her shopping basket.

  • Recognized shopper: The identity of the shopper is known due to a persistent cookie in the shopper's browser from a previous visit to the site. However, the shopper has not yet signed in to the site for the current session or the shopper's session has timed out. As a result, the identity of the user has not been confirmed.

    In this state, the recognized shopper is assigned a GUID that associates the recognized shopper with his or her shopping basket and user profile.

  • Authenticated shopper: The identity of the shopper is known and confirmed. The user is who he or she claims to be. The shopper has provided the correct credentials, such as a user name and password, to log on to the site.

    In this state, the authenticated shopper is identified by their anonymous and/or registered profile ID. An authenticated shopper is also known as a registered shopper.

Implementing User Recognition

Commerce Server 2009 R2 has three classes for managing user recognition:

  • CommerceUserContext: This class contains information about the shopper, such the anonymous user ID, registered user ID, user name, user type, and type of authentication.

  • CommerceUserRecognitionModule: This class checks for an anonymous or registered user cookie with each request to identify the user. This class uses the information contained in the cookie to populate the Current property of CommerceUserContext class. If the shopper is visiting the site for the first time, no cookie exists, so this class populates CommerceUserContext.Current with an anonymous shopper ID.

  • CommerceUserRecognition: This class is responsible for issuing anonymous or registered cookies; parsing the cookie to extract the registered user ID once the shopper has been authenticated; and removing the cookie when the shopper logs out or when the cookie has been tampered with.

You must use these classes for user recognition in the following situations:

  • With an ASP.NET Web site using forms-based authentication

  • With the routing service

You must utilize these classes to issue and read the cookie that contains the shopper's anonymous and/or registered profile ID. In the case of the routing service, it uses these classes to communicate with the Commerce Foundation operation service.

Note

Both CommerceUserRecognitionModule and CommerceUserRecognition must be configured in your presentation tier Web.config file. Where you register the CommerceUserRecognitionModule depends on whether your Web application uses a Classic or Integrated Managed Pipeline Mode application pool. For Web applications using the Classic Managed Pipeline Mode application pool, register CommerceUserRecognitionModule under system.web/httpModules and configure CommerceUserRecognition under Microsoft.Commerce/Presentation. For Web applications using the Integrated Managed Pipeline Mode application pool, register CommerceUserRecognitionModule under system.webServer/modules and configure CommerceUserRecognition under Microsoft.Commerce/Presentation.

The following code sample shows the issuing of a registered cookie after a user has successfully logged in to an ASP.NET site that uses forms-based authentication. The sample also shows the removal of the registered cookie after the user logs out of the site.

protected void LoginStatus1_LoggedOut(object sender, EventArgs e)
    {
        CommerceUserRecognition.RemoveRegisteredCookie();
    }

    protected void Login1_LoggedIn(object sender, EventArgs e)
    {
        Guid registeredUserId = (Guid)Membership.GetUser(Login1.UserName).ProviderUserKey;
        CommerceUserRecognition.IssueRegisteredCookie(registeredUserId.ToString("B"), Login1.UserName, "Forms");
    }

See Also

Other Resources

Understanding Claims-Based Identity

Managing Authentication

Managing Authorization

Commerce Foundation Developer's Reference 2009 R2