All the steps in URL Request Outcomes, are transparent to the site developer. The following actions take place in the login page, which must be supplied by the site developer. The login page is specified in the s_Logon_Form ("Login Form" in the Commerce Server Manager user interface) property of the CS Authentication resource. A default page, Login.asp, showing much of this functionality is supplied with the installed product and located under the \Microsoft Commerce Server\AuthFiles folder.
When the user requests the login page and the request is not a form submission, the page is sent to the user. The login page must have anonymous access rights because, at this point, the user is unauthenticated. The login page has a link to a registration page for new users. The user submits the login form containing the user ID and password. If either of these credentials is missing, the user is redirected back to the login page. The AuthFilter performs different actions depending on whether the submission was through the Get method or the Post method.
- For performance reasons, do not set any persistent cookies on the login page.
This section contains: