Protecting User Anonymity
Data is most secure when access to it is limited to those that “need to know.” To protect the anonymity of the user, a RIA in the external zone should not know the UserID of a shopper. One way to protect the identity of the shopper is to substitute his or her UserID for a token. This topic covers the following:
Introduction to Token Replacement
How Token Replacement Protects UserIDs
How to Implement Token Replacement
Introduction to Token Replacement
A token is a placeholder for an unknown, dynamic value. Token replacement involves replacing the token value in the software code with a real value. For example, the token “#Name#” could be a placeholder for a shopper’s first and last name.
How Token Replacement Protects UserIDs
Microsoft Commerce Server 2009 R2 introduces token replacement to protect the anonymity of shoppers who use a rich Internet application (RIA) in the external zone. The RIA never needs to know the internal UserID of a shopper.
In a registered user scenario (a logged in shopper) where the RIA client sends a request to the routing service, the RIA client sends the request and an encrypted cookie containing the UserID of the shopper. The request may also contain a “#UserID#” token in the commerce operation. For example, CommerceQueryOperation_UserProfile where ID= “#UserID#”. When the routing service receives the request, the routing service reads the UserID in the encrypted cookie and forwards it to the Commerce Foundation with the rest of the CommerceRequest. Then, the Commerce Foundation can use the ReplaceSearchCriteriaToken operation sequence component to replace the “#UserID#” token in the request with the actual Registered User ID of the shopper. The UserID is concealed from the RIA, so the anonymity of the shopper is protected.
Similarly, in the case of an anonymous user, the RIA client sends a request with an Anonymous User ID token. For example, CommerceQueryOperation_Basket where UserId = “#AnonymousUserID#”. When the routing service receives that request, the routing service forwards the request to the Commerce Foundation with the AnonymousUserID cookie value.
Implementing Token Replacement to Protect UserIDs
You should use token replacement for any operation sequence components used by the RIA that require a UserID.
Here are some examples of default Commerce Foundation operation sequence components that use UserID:
AuthorizationSequenceComponent |
ContentSelectorLoader |
ShopperListLoader |
BasketLoader |
PaymentsProcessor |
ShopperListProcessor |
BasketProcessor |
RequestedPromoCodesProcessor |
ShopperListQueryProcessor |
BasketQueryProcessor |
UserProfileLoader |
To implement token replacement:
Add the token replacement component to an operation sequence.
Configure the token replacement component to specify the properties to which the token applies
You must complete these two steps for each operation sequence that requires a UserID.
The ReplaceSearchCriteriaToken component implements the IPreProcessSequenceComponent. The IPreProcessSequenceComponent is executed prior to any other components – most notably before the AuthorizationSequenceComponent. For more information, see Commerce Foundation Operation Sequences.
You can customize the following token replacement configuration:
Attribute/Element |
Description |
Possible Values |
Required |
|---|---|---|---|
token |
Specifies the unique name of the token. |
Any characters. You may want to create two unique tokens: one for a logged in shopper and one for an anonymous shopper. |
Yes |
tokenValue |
Specifies the unique RegisteredUserID or AnonymousUserID value of the token |
RegisteredUserId AnonymousUserId |
Yes |
CommerceProperties |
Specify the properties of the entity for which you require token replacement |
For each property that requires token replacement, type For example, |
Yes |
CommerceRelationships |
Specify the relationships and properties of the entity for which you require token replacement |
For each relationship that requires token replacement, type For example, |
Optional |
The following example shows how to add and configure the token replacement component to an operation in the ChannelConfiguration.config settings.
<Component name="Replace Search Criteria Token" type="Microsoft.Commerce.SequenceComponents.Components. ReplaceSearchCriteriaTokenProcessor, Microsoft.Commerce.SequenceComponents, Version=9.0.0.0, Culture=neutral,PublicKeyToken=31bf3856ad364e35">
<Configuration customElementName="ReplaceSearchCriteriaTokenCollection" customElementType="Microsoft.Commerce.SequenceComponents.Components.ReplaceSearchCriteriaTokenElement, Microsoft.Commerce.SequenceComponents, Version=9.0.0.0, Culture=neutral,PublicKeyToken=31bf3856ad364e35">
<ReplaceSearchCriteriaTokenCollection>
<ReplaceSearchCriteriaToken token="#UserId#" tokenValue="RegisteredUserId">
<CommerceProperties>
<add name="Id"/>
</CommerceProperties>
</ReplaceSearchCriteriaToken>
<ReplaceSearchCriteriaTokentoken="#AnonymousUserId#" tokenValue="AnonymousUserId">
<CommerceProperties>
<add name="UserId"/>
<add name="UserId2"/>
</CommerceProperties>
<CommerceRelationships>
<CommerceRelationship name="NameOfTheRelationship">
<CommerceProperties>
<add name="UserId"/>
<add name="UserId2"/>
</CommerceProperties>
</CommerceRelationship>
</CommerceRelationships>
</ReplaceSearchCriteriaToken>
</ReplaceSearchCriteriaTokenCollection>
</Configuration>
</Component>
See Also
Other Resources
Considerations for Secure Deployment of Rich Internet Applications (RIAs)
Considerations Prior to Supporting RIAs
Mitigating Cross-Site Request Forgery (CSRF) Attacks