Working with Site Security and Filters
Microsoft Commerce Server 2000 provides user authentication and identification to Web sites using an Internet Server Application Programming Interface (ISAPI) filter called the AuthFilter and a Component Object Model (COM) object called the AuthManager. The AuthFilter supports three distinct modes and two mixed modes of operation. The AuthManager object may be used with or without the AuthFilter, and can set an encrypted user ID into a cookie or encoded URL string, and validate the user against it. The AuthFilter requires cookies, however, the AuthManager object supports shopping both with and without cookies.
The authentication mode is set in Commerce Server Manager after the site is unpacked. Whenever the authentication mode or other CS Authentication resource site configuration properties are changed, Internet Information Services (IIS) must be restarted so that the AuthFilter begins using the new values. For more information, see Managing the CS Authentication Resource.
This section contains:
AuthFilter. Describes the ISAPI filter provided by Microsoft Commerce Server to support user authentication and identification.
Windows Authentication Mode. Describes the Windows Authentication mode of the AuthFilter.
Custom Authentication Mode. Describes the Custom Authentication mode of the AuthFilter.
Autocookie Mode. Describes the Autocookie mode of the AuthFilter.
Windows Authentication with Autocookie Mode. Describes the mixed authentication mode of Windows Authentication with Autocookie.
Custom Authentication with Autocookie Mode. Describes the mixed authentication mode of Custom Authentication with Autocookie.