Share via

Configuring the Authorization Policy for the CommerceClaim Entity

  • Article

Only authorized identities can perform query operations on the CommerceClaim entity. Therefore, you must specify the authorized identities in the CommerceEntityAuthorizationStore.xml file using Authorization Manager (Azman). For more information about the CommerceClaim entity, see About the CommerceClaim Entity.

You must configure authorization security for the CommerceClaim entity by adding the identity running the Security Token Service (STS) application pool to the Security Token Service group.

Note

In a farm scenario, each server has its own set of Authorization Manager files. You must configure authorization security for the CommerceClaim entity on each server in the farm. You can accomplish this by copying the updated CommerceEntityAuthorizationStore.xml file to the other servers. Alternately, you can update ChannelConfiguration.config on each server in the farm to point to a single file located on a universal naming convention (UNC) share.

To add identities to Security Token Service group

  1. Click Start, click All Programs, click Accessories, click Run, type azman.msc, and then click OK.

  2. In the left pane of the Authorization Manager, right-click Authorization Manager, and then click Open Authorization Store.

  3. In the Open Authorization Store dialog box, click Browse and browse to where the authorization policies are located (usually at the root of the Web site). For example, <drive>:\Inetpub\wwwroot\wss\VirtualDirectories\80.

  4. Click CommerceEntityAuthorizationStore.xml, and then click Open.

  5. Expand the Authorization Policy to CommerceFoundation\Groups.

  6. Right-click Security Token Service, and then click Properties.

  7. Click the Members tab.

  8. From the Select additional members from list, click Windows and Active Directory.

  9. Click Select.

  10. In the Enter the object names to select box, type the name of the identity running the STS application pool, click Check Names, and then click OK.

  11. Click OK.

    Note

    In a SharePoint 2010 deployment, perform an IIS reset after making changes to authorization stores in AzMan. The IIS reset forces user claims to refresh.

  12. Once you have fully implemented claims-based security, test that your authorization has been configured correctly.

See Also

Other Resources

Understanding Claims-Based Identity

Managing Authentication

Managing Authorization

About the CommerceClaim Entity

Cannot Use Silverlight Web Tools After Making Updates to Authorization Stores