Commerce Server leverages the security features of Windows 2000, such as Active Control Lists (ACLs) and the Windows Authentication. Commerce Server also provides authentication features, which are unique to Commerce Server, that extend the functionality of Windows security.
This section contains:
- Authentication Concepts. Describes authentication tickets, cookies, the CS Authentication resource, and the Csapp.ini file.
- Best Practices for Authentication. Describes recommendations for using Active Directory, AuthFilter, securing passwords, and using proxy accounts.
- Comparison of AuthFilter and AuthManager. Describes the differences between the features in AuthFilter and AuthManager.
- AuthFilter. Explains how to use AuthFilter for single sign-on support, and how to use it with the Retail and Supplier Solution Sites, and a .NET-based site.
- AuthManager. Describes the AuthManager object, and provides a figure that shows how AuthManager processes a request.
- Windows Authentication Mode. Explains how to use AuthFilter in Windows Authentication mode.
- Custom Authentication Mode. Explains how to use AuthFilter in Custom Authentication mode.
- Autocookie Mode. Explains how to use AuthFilter in Custom Autocookie mode.
- Windows Authentication with Autocookie Mode. Explains how to use AuthFilter in Windows Authentication and Autocookie modes.
- Custom Authentication with Autocookie Mode. Explains how to use AuthFilter in Custom Authentication and Autocookie modes.
- Configuring the CS Authentication Resource. Explains the properties in the CS Authentication resource.
- Exchange 2000 OWA Basic Authentication. Explains how to use AuthFilter and Exchange 2000 OWA Basic Authentication.
- Setting the Security Mode on the Web Server. Explains how to enable Domain Users, which is required to use Windows Authentication mode on a Commerce Server site.
- Generating a New Cookie Encryption Key. Explains how to generate a new cookie encryption key for encrypting and decrypting cookie data.
- Rolling Key Encryption for Authentication Tickets. Explains how to use the rolling key encryption feature to change the encryption key, which is used to encrypt and decrypt authentication tickets for a site.
- Configuring Login.asp to use a GUID. Explains how to update your Login.asp page to add a custom property named guid, which holds a globally unique identifier (GUID) string on the ticket of a user to protect your site from Distributed Denial of Service (DDoS) attacks.
- Integrating with Passport. Explain how to integrate Commerce Server with Passport Express Purchase and Passport Single Signin.