SiteCacheRefresh - Mixed Authentication Solution


Support for refreshing Commerce Server caches is provided by the SiteCacheRefresh HTTP Handler and is configured in the web.config.


<add verb="*" path="SiteCacheRefresh.axd" type="Microsoft.CommerceServer.Runtime.SiteCacheRefresh, Microsoft.CommerceServer.Runtime, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35 "/>


ASP.NET URL authorization is used to specify the users and groups allowed to refresh the cache.

<location path="SiteCacheRefresh.axd">



                     <allow roles="BUILTIN\Administrators"/>

                     <deny users="*"/>

                     <deny users="?"/>




By default, your retail ASP.NET site will use forms authentication.  The above ASP.NET URL authentication requires IIS to use Windows Authentication.  Out of the box, an ASP.NET 2.0 web site can support either forms authentication or windows authentication but not both.  Thus, a mixed authentication model must be implemented for SiteCacheRefresh.axd authorization.  Fortunately, the Commerce Server Starter Site provides such a solution.

Note: If you do not implement a mixed authentication solution on your retail site, each request to SiteCacheRefresh.axd will be redirected to the forms authentication login page as specified in the web.config.

<authentication mode="Forms">

<forms loginUrl="~/Login.aspx"/>



  1. Make sure your ASP.NET site has Windows Integrated security checked in IIS Admin.
  2. Copy the CommerceComponents.dll from the Starter Site bin directory to your retail ASP.NET web site’s bin directory.
  3. Add the following entry to the configSections element of your web.config.
      <section name="commerceComponents" type="CommerceComponents.Configuration.ComponentConfiguration, CommerceComponents" />
  4. Add the following entries to the configuration element of your web.config.

      <commerceComponents baseCurrencyCode="USD" baseCurrencyCulture="en-US">


          <add fileName="SiteCacheRefresh.axd" />



  5. Add the following entries to the httpModules element of your web.config.  

          <clear />     

         <add name="OutputCache" type="System.Web.Caching.OutputCacheModule" />

           <add name="WindowsAuthentication" type="System.Web.Security.WindowsAuthenticationModule" />

          <add name="MixedModeAuthentication" type="CommerceComponents.MixedAuthenticationModule" />

          <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />

          <add name="MixedModeAuthenticationFixUp" type="CommerceComponents.MixedAuthenticationModuleFixUp" />

          <add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />

          <add name="FileAuthorization" type="System.Web.Security.FileAuthorizationModule" />

          <add name="AnonymousIdentification" type="System.Web.Security.AnonymousIdentificationModule" />

          <add name="Profile" type="System.Web.Profile.ProfileModule" />


    Place the Commerce Server HTTP module declarations below this line.


The Catalog Manager and the staging service use this HTTP Handler to refresh the caches in the web applications and orders web service. 



You can verify that the catalog cache successfully refreshed by checking the application event log on each machine.

Event Type:          Information

Event Source:        Commerce Server

Event Category:      None

Event ID:            4114

Date:                01/13/2007

Time:                3:29:24 PM

User:                N/A

Computer:            WROX


The cache 'CatalogCache' has been refreshed for the site 'Contoso'

For more information, see Help and Support Center at