Step 8: Enable AuthFilter for the Supplier Solution Site

This topic explains how to enable AuthFilter on the Supplier Solution Site.

Notes

• Before performing these steps, it is recommended you read Important Information about AuthFilter for the Supplier Solution Site.
• For the Login.asp for AuthFilter for the Supplier Solution site, see Login.asp Code for the Supplier Solution Site.

For the Supplier Solution Site and for using AuthFilter in Windows Authentication mode, you need to set the security mode on your domain controller to log on locally. If you have not yet done so, see Setting the Security Mode on the Web Server.

Only Basic Authentication should be enabled on the Supplier Solution Site. Do not change any other security settings.

The AuthFiles subfolder and all pages in it should have anonymous access enabled.

If your domain controller and Web server are installed on different computers in the same domain, then AuthFilter must have an anonymous account on the Web server in order to execute the method ProfileService.GetUserProfileByKey() on the Login page successfully for any profile/user.

By default, an anonymous user account is IUSR_<servername>. In Internet Services Manager, IUSR_<servername> does not have sufficient permissions to execute this successfully in this scenario. In addition, if your Web server is different from your domain-controller server, you must add a user account from that domain as the anonymous account. To do this you first create on the domain a user account that has access to read the user properties from Active Directory. Then on the Web server, use IIS Manager to set up the same user account as the anonymous account for the AuthFiles subfolder and all the files in that subfolder.

To enable AuthFilter on the Supplier Solution Site

1. Expand Commerce Server Manager, expand Commerce Sites, and then click the site you want to administer.

2. Expand Applications, right-click the name of the application that you want to work with, and then click Properties.

3. In the Properties dialog box, on the General tab, under Commerce Authentication Filter, from the Authentication filter drop-down list, select either Windows Authentication or Custom Authentication, and then click OK.

4. Expand Internet Information Services, right-click the Supplier site, and then click Properties.

5. In the Properties dialog box, on the Directory Security tab, in the Anonymous access and authentication control section, click Edit.

6. In the Authentication Methods dialog box, clear the Integrated Windows authentication box.

   Note

   • Only Basic Authentication should be enabled on the Supplier Solution Site. Do not change any other security settings.

7. Use a text editor to open Authfiles\Login.asp for the Supplier site.

8. If you are using a Web farm, or if you require proxy account support, in Login.asp, update the code so it matches the code shown in the topic, Login.asp Code for Supplier Solution Site.

   Important

   • If this is a single server that requires no support for proxy accounts, you do not need to update the Login.asp.

9. For Windows Authentication, change the GetUserInfo() method in \SupplierAD\include\Std_access_lib.asp to the following:

   Sub GetUserInfo()
       Dim sAuthUser, mscsUser
       Dim aName
   
       If dictConfig.i_DelegatedAdminOptions = DELEGATED_ADMIN_SUPPORTED Then
           sAuthUser = LoginName(Request.ServerVariables("LOGON_USER")) 
       Else
           sAuthUser = ""
       End If
           Rem Integrated Windows and basic auth take precedence over HTML form auth
           If sAuthUser <> "" Then
               m_UserAccessType = IIS_AUTH ' BASIC_AUTH
               m_UserType = AUTH_USER
               Set mscsUser = GetUserProfileByLoginName(sAuthUser)
               If mscsUser Is Nothing Then
                  m_UserID = ""
               Else
                  m_UserID = mscsUser.Fields(GetQualifiedName(GENERAL_INFO_GROUP, USER_ID)).Value
               End If
           Else
               If mscsAuthMgr.IsAuthenticated() Then
                 sAuthUser = mscsAuthMgr.GetUserID(AUTH_TICKET)
                 Set mscsUser = GetUserProfileByLoginName(sAuthUser)
                   If mscsUser Is Nothing Then
                      m_UserID = ""
                   Else
                     m_UserID = mscsUser.Fields(GetQualifiedName(GENERAL_INFO_GROUP, USER_ID)).Value
                   End If
                 m_UserAccessType = TICKET_AUTH
                 m_UserType = AUTH_USER
               Else 
                   If Not IsNull(mscsAuthMgr.GetUserID(GUEST_TICKET)) Then
                      m_UserID = mscsAuthMgr.GetUserID(GUEST_TICKET)
                      m_UserAccessType = GUEST_VISIT
                      m_UserType = GUEST_USER
                   Else
                      m_UserID = ""
                      m_UserAccessType = ANON_VISIT
                      m_UserType = ANON_USER
                   End If
               End If
           End If
   End Sub
   
     Function LoginName(ByVal sUserName)
       Dim aName
   
       If (sUserName = "") Then
         Exit Function
       End IF
       aName = Split (sUserName, "\")
       LoginName = aName(UBound(aName))
     End Function
   

10. For Windows Authentication, in the PrepareLoginSection method in \SupplierAD\template\menu.asp, change code in a Request.ServerVariables string that is referring to the "AUTH_USER" server variable to instead refer to the "LOGON_USER" server variable. For example:

    Incorrect: sAuthUser = Request.ServerVariables("AUTH_USER")

    Correct: sAuthUser = Request.ServerVariables("LOGON_USER")

11. Save and close the updated Login.asp and menu.asp pages.

12. Restart IIS by running iisreset at the command prompt.

You have successfully enabled AuthFilter on the Supplier Solution Site. Continue to Step 9: Install the Business Desk Client.

Copyright © 2005 Microsoft Corporation.
All rights reserved.