Important Information About AuthFilter for the Supplier Solution Site

  • Article
  • If you unpack a site to the root directory on IIS with AuthFilter enabled, you must clear the application level property check box, Set cookie path to application. This property represents the path property set on cookies. By default the Flag is enabled to set this to the virtual directory of the site (for example, /retail). By clearing the box, you are setting the root "/" as the path property for your cookies. After updating this property, you must restart IIS using net start w3svc command. For instructions, see Restarting IIS and Commerce Server Services.
  • Verify that you use Anonymous Access for all include, .gif, or helper files that are used by Login.asp.
  • For Windows Authentication, the default login page uses the GET action in Login-Submit. The POST action is also supported with Login.asp. For information about supporting the POST action, see the comments in Login.asp and follow those instructions.
  • There is a known security issue if you are using GET with Login.asp. It is recommended that you tell users who visit your site to set their browser to automatically clear the browser history after they log off or have them clear the browser history manually.
  • In Windows Authentication, the following server variables are not set: AUTH_USER and AUTH_TYPE. The server variable LOGON_USER is set to the User ID, which is used for logging in.
  • To use Secure Sockets Layer (SSL), you must set the Login Form property in CS Authentication to the full path. For instructions, see Configuring the CS Authentication Resource.

See Also

Login.asp Code for the Supplier Solution Site

Restarting IIS and Commerce Server Services

Copyright © 2005 Microsoft Corporation.
All rights reserved.