AuthManager Class (PIA)
Use this object to perform user identification and authentication, and to manage user security information. This object also contains methods for cookie and cookieless browsing.
Methods
Method | Description |
---|---|
GenerateEncryptionKey | Generates an encryption key for the administration of cookie data. Use this method in administration or setup components only. |
GetProperty | Retrieves the specified custom property stored in a cookie or query string. |
GetURL | Generates a Uniform Resource Locator (URL) containing optional name/value pairs. |
GetUserID | Retrieves the unique ID for the current user. |
GetUserIDFromCookie | Retrieves a user ID from a cookie. |
Initialize | Initializes the AuthManager object by caching all the required site configuration resource properties. |
IsAuthenticated | Indicates whether or not a user is currently authenticated. |
Refresh | Updates the cached site configuration resource properties after any of the properties have been changed. |
SetAuthTicket | Generates an encrypted AuthTicketType ticket for a registered user. |
SetProfileTicket | Generates an encrypted ProfileTicketType ticket for an anonymous user. |
SetProperty | Adds a property/value pair to a cookie or query string containing a ticket. |
SetUserID | Sets the user ID property on a ticket. |
UnInitialize | Removes the site-specific configuration resource properties from the cache. |
URLArgs | Generates an encoded URL query string from arrays of parameter names and values. |
URLShopperArgs | Generates an encoded Uniform Resource Locator (URL) query string of name/value pairs and append the ticket to the query string if a ticket is set. |
Remarks
The AuthManager object identifies users and gathers information used for user authentication. The methods and properties of this object control and access the contents of cookies and encoded URL strings.
In the Commerce Server 2002 context, authentication uses tickets. A ticket is a string of property/value pairs that provide information about the user. Two types of tickets are supported. An authentication ticket, named AuthTicketType, is used for registered users while a profile ticket, named ProfileTicketType, is used for anonymous users. (These ticket types are defined in Microsoft.CommerceServer.Interop.TicketTypeEnum.) In this context, registered means a user who has provided information to a site that can be used for identification.
A user may have both types of tickets. In this case, the AuthTicketType ticket takes precedence.
A ticket contains a unique user ID, and for authentication tickets, the time of last login and a time window. For an anonymous user who allows cookies, the ProfileTicketType ticket is stored on the local computer of the user as a persistent cookie. For a registered user who allows cookies, the AuthTicketType ticket is stored in a session cookie and is valid for the duration of the session or a specified time window, and then is deleted.
If the user does not allow cookies, the ticket is placed in an encoded URL string. The URL string may be used to pass user information between pages and sites, provided all the URLs and query strings are generated by the AuthManager object.
The AuthManager object provides a transparent interface to the tickets, whether they are stored in cookies or in URL query strings, and handles encryption and decryption of the tickets to ensure security.
The AuthManager object is intended to be used only through Active Server Pages (ASP) since it depends on ASP intrinsic objects. Do not create the AuthManager object in application scope as it has dependencies on individual user sessions. The AuthManager object should be created and destroyed on each ASP page.
The methods GetUserIDFromCookie and GenerateEncryptionKey, facilitate rolling key encryption functionality. For more information about this feature, see Rolling Key Encryption for Authentication Tickets.
Any operation that requires decryption of the ticket will fail if you change the encryption key. One important instance of this behavior is with profile tickets, because they are persisted on the client computer. Hence when a user with a persisted profile ticket that was encrypted with the old key comes back to the site,the AuthManager object is not be able to decrypt this ticket. For more information about this issue, see Rolling Key Encryption for Authentication Tickets.
Requirements
Namespace: Microsoft.CommerceServer.Interop
Platforms: Windows 2000, Windows Server 2003
Assembly: mscsauthlib (in mscsauthlib.dll)
Copyright © 2005 Microsoft Corporation.
All rights reserved.