Step 8: Enable AuthFilter for the Supplier Solution Site
This topic explains how to enable AuthFilter on the Supplier Solution Site.
Notes
- Before performing these steps, it is recommended you read Important Information about AuthFilter for the Supplier Solution Site.
- For the Login.asp for AuthFilter for the Supplier Solution site, see Login.asp Code for the Supplier Solution Site.
For the Supplier Solution Site and for using AuthFilter in Windows Authentication mode, you need to set the security mode on your domain controller to log on locally. If you have not yet done so, see Setting the Security Mode on the Web Server.
Only Basic Authentication should be enabled on the Supplier Solution Site. Do not change any other security settings.
The AuthFiles subfolder and all pages in it should have anonymous access enabled.
If your domain controller and Web server are installed on different computers in the same domain, then AuthFilter must have an anonymous account on the Web server in order to execute the method ProfileService.GetUserProfileByKey() on the Login page successfully for any profile/user.
By default, an anonymous user account is IUSR_<servername>. In Internet Services Manager, IUSR_<servername> does not have sufficient permissions to execute this successfully in this scenario. In addition, if your Web server is different from your domain-controller server, you must add a user account from that domain as the anonymous account. To do this you first create on the domain a user account that has access to read the user properties from Active Directory. Then on the Web server, use IIS Manager to set up the same user account as the anonymous account for the AuthFiles subfolder and all the files in that subfolder.
To enable AuthFilter on the Supplier Solution Site
Expand Commerce Server Manager, expand Commerce Sites, and then click the site you want to administer.
Expand Applications, right-click the name of the application that you want to work with, and then click Properties.
In the Properties dialog box, on the General tab, under Commerce Authentication Filter, from the Authentication filter drop-down list, select either Windows Authentication or Custom Authentication, and then click OK.
Expand Internet Information Services, right-click the Supplier site, and then click Properties.
In the Properties dialog box, on the Directory Security tab, in the Anonymous access and authentication control section, click Edit.
In the Authentication Methods dialog box, clear the Integrated Windows authentication box.
Note
- Only Basic Authentication should be enabled on the Supplier Solution Site. Do not change any other security settings.
Use a text editor to open Authfiles\Login.asp for the Supplier site.
If you are using a Web farm, or if you require proxy account support, in Login.asp, update the code so it matches the code shown in the topic, Login.asp Code for Supplier Solution Site.
Important
- If this is a single server that requires no support for proxy accounts, you do not need to update the Login.asp.
For Windows Authentication, change the GetUserInfo() method in \SupplierAD\include\Std_access_lib.asp to the following:
Sub GetUserInfo() Dim sAuthUser, mscsUser Dim aName If dictConfig.i_DelegatedAdminOptions = DELEGATED_ADMIN_SUPPORTED Then sAuthUser = LoginName(Request.ServerVariables("LOGON_USER")) Else sAuthUser = "" End If Rem Integrated Windows and basic auth take precedence over HTML form auth If sAuthUser <> "" Then m_UserAccessType = IIS_AUTH ' BASIC_AUTH m_UserType = AUTH_USER Set mscsUser = GetUserProfileByLoginName(sAuthUser) If mscsUser Is Nothing Then m_UserID = "" Else m_UserID = mscsUser.Fields(GetQualifiedName(GENERAL_INFO_GROUP, USER_ID)).Value End If Else If mscsAuthMgr.IsAuthenticated() Then sAuthUser = mscsAuthMgr.GetUserID(AUTH_TICKET) Set mscsUser = GetUserProfileByLoginName(sAuthUser) If mscsUser Is Nothing Then m_UserID = "" Else m_UserID = mscsUser.Fields(GetQualifiedName(GENERAL_INFO_GROUP, USER_ID)).Value End If m_UserAccessType = TICKET_AUTH m_UserType = AUTH_USER Else If Not IsNull(mscsAuthMgr.GetUserID(GUEST_TICKET)) Then m_UserID = mscsAuthMgr.GetUserID(GUEST_TICKET) m_UserAccessType = GUEST_VISIT m_UserType = GUEST_USER Else m_UserID = "" m_UserAccessType = ANON_VISIT m_UserType = ANON_USER End If End If End If End Sub Function LoginName(ByVal sUserName) Dim aName If (sUserName = "") Then Exit Function End IF aName = Split (sUserName, "\") LoginName = aName(UBound(aName)) End Function
For Windows Authentication, in the PrepareLoginSection method in \SupplierAD\template\menu.asp, change code in a Request.ServerVariables string that is referring to the "AUTH_USER" server variable to instead refer to the "LOGON_USER" server variable. For example:
Incorrect: sAuthUser = Request.ServerVariables("AUTH_USER")
Correct: sAuthUser = Request.ServerVariables("LOGON_USER")
Save and close the updated Login.asp and menu.asp pages.
Restart IIS by running iisreset at the command prompt.
You have successfully enabled AuthFilter on the Supplier Solution Site. Continue to Step 9: Install the Business Desk Client.
Copyright © 2005 Microsoft Corporation.
All rights reserved.