Enabling AuthFilter for the Retail Solution Site

  • Article

These instructions explain how to enable the AuthFilter on the Retail Solution Site.

To enable AuthFilter on the Retail Solution site

Important Information about Using AuthFilter

To enable AuthFilter on the Retail Solution Site

  1. Use Commerce Server Site Packager to unpack the Retail Solution Site.

  2. Expand Commerce Server Manager, expand Commerce Sites, and then click the site you want to administer.

  3. Expand Applications, right-click the name of the application that you want to work with, and then click Properties.

  4. In the Properties dialog box, in the General tab, in the Authentication filter box, select either Windows Authentication or Custom Authentication, and then click OK.

  5. Use a text editor to open Authfiles\Login.asp for the Retail site.

  6. In Login.asp, verify that you have the included files that are in Retail\Login\Login.asp and the code matches with the example. To verify the code in the example, see Login.asp Code for the Retail Solution Site.

  7. Save and close the updated Login.asp page.

  8. Use the Users module in Commerce Server Business Desk to create a new user for the Retail site. For information, see Adding a User.

  9. Use Internet Explorer to navigate to http://<computername>/Retail.

At the login page, type the user name and password if you are a registered user, or choose to register by clicking on the link at the bottom of the page.

The Login.asp page sets the MSCSAuth ticket for the registered user, retrieves the profile for the user, and populates the Web page using the profile information it retrieved.

If the the profile could not be found, the Login.asp page is displayed again with an error message, and presents the same two options to log in as before. If the user name or password is not valid, then the Login.asp is displayed again, but without an error message. To add a registration or new user page to your Web site using AuthFilter, follow the instructions for the Login.asp page.

Ee811581.note(en-US,CS.10).gif Notes

  • You must add your own registration page from which you can create accounts on Active Directory.

  • If you decide to enable AuthFilter after you disabled it, you must manually reset Internet Services Manager (IIS) 5.0 security settings.

  • After you change a property value in Commerce Server Manager, you must unload the application from memory on each Web server in order for the change to take effect. For instructions, see Unloading an Application from Memory.

Important Information about Using AuthFilter

  • If you unpack a site to the virtual directory on IIS with AuthFilter enabled, you must uncheck the application level property, Set cookie path to application. This property represents the path property set on cookies. By default the Flag is enabled to set this to the virtual directory of the site (for example, /retail). By unchecking the box, the root (/) is set as the path property for your cookies. You must restart IIS after updating this property. For instructions, see Restarting IIS.

  • Verify that you use Anonymous Access for all include, .gif, or helper files that are used by Login.asp.

  • For Windows Authentication, the default login page uses the GET action in Login-Submit. The POST action is also supported with Login.asp. For information about supporting the POST action, see the comments in Login.asp and follow those instructions.

  • There is a known security issue if you are using GET with Login.asp. It is recommended that you tell users who visit your site to set their browser to automatically clear the browser history after they log off or have them clear the browser history manually.

  • In Windows Authentication, the following server variables are not set: AUTH_USER and AUTH_TYPE. The server variable LOGON_USER is set to the User ID which is used for logging in.

  • To use Secure Sockets Layer (SSL), you must set the s_Login_Form property in CS Authentication to the full path. For instructions, see Configuring CS Authentication Resource.

See Also

Working with Site Security and Filters

Adding a User

Login.asp Code for the Retail Solution Sitel

Login.asp Code for the Supplier Solution Site

Unloading an Application from Memory

Configuring CS Authentication Resource


All rights reserved.