Microsoft KB Archive/889574

= How to modify the Commerce Server 2002 Login.aspx Web page to no longer require that you specify a domain when you enter your credentials =

Article ID: 889574

Article Last Modified on 7/5/2005

-

APPLIES TO


 * Microsoft Commerce Server 2002 Standard Edition

-





INTRODUCTION
This article describes how to modify the Microsoft Commerce Server 2002 Login.aspx Web page to no longer require that you specify a domain name when you enter your credentials.



MORE INFORMATION
The Commerce Server 2002 authentication mechanism is built on top of Microsoft Internet Information Services (IIS) methods. Commerce Server installs an Internet Server API (ISAPI) filter that is named CSAuthFilter on the Web site where your Commerce Server application is hosted. After you unpack the VB Commerce Server Web site, you may use CSAuthFilter to authenticate users against an Active Directory directory service domain. When those users try to log on to the Commerce Server Web site, those users must specify their domain on the Login.aspx Web page.

To let users log on to Commerce Server without having to specify a domain, modify the Login.aspx Web page so that it appears similar to the following.

Note By default, this file is located in the AuthFiles folder of the Vbsite Web application

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements. <%@ Page language=&quot;vb&quot; %> <%@ Import Namespace=&quot;Microsoft.CommerceServer.Runtime&quot; %> <%@ Import Namespace=&quot;Microsoft.CommerceServer.Runtime.Profiles&quot; %>  Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load If Not (CommerceContext.Current Is Nothing) Then If Not (CommerceContext.Current.AuthenticationInfo Is Nothing) Then Dim url As String

If (CommerceContext.Current.AuthenticationInfo.IsAuthenticated) Then ' In a Web farm scenario, retrieve the userid from the profile service. Dim userpassword As String = getPassword(CommerceContext.Current.AuthenticationInfo.AuthTicket.UserID)

' For custom authentication, examine the validity of the password. ' if you are using Windows authentication, you do no have to verify the password. ' Therefore, let access control lists (ACLs) handle permissions. ' Add in VerifyPassword for custom authentication if you have to. ' If (VerifyPassword(UserID.Text, userpassword)) Then If (Request.Cookies(&quot;MSCSFirstRequestedURL&quot;) Is Nothing) Then url = CommerceContext.Current.QueryStringBuilder.BuildUrl(&quot;default.aspx&quot;, False) Else url = Server.UrlDecode(Request.Cookies(&quot;MSCSFirstRequestedURL&quot;).Value) End If

' For Windows authentication: 'url = constructUrl(url, CommerceContext.Current.AuthenticationInfo.AuthTicket.UserID, userpassword) 'Changed to pull the password from the password box instead of the authticket. url = constructUrl(url, CommerceContext.Current.AuthenticationInfo.AuthTicket.UserID, password.Text)

'Response.Redirect(url, False) Response.Redirect(url) 'Else '   Label5.Text = &quot;Logon failed for user:  &quot; + CommerceContext.Current.AuthenticationInfo.AuthTicket.UserID 'End If

Else If (UserID.Text.Length > 0) Then ' For custom authentication, examine the validity of the password. ' If you are using Windows authentication, you do not have to verify the password. ' Therefore, let ACLs handle permissions. ' Add in VerifyPassword if you have to. 'If (VerifyPassword(UserID.Text, Password.Text)) Then ' Set the authticket. ' Added so the authticket matches the logged-on user. dim domainuserid as string = &quot;pts0\&quot; & UserID.Text CommerceContext.Current.AuthenticationInfo.SetAuthTicket(domainuserid, True, 90)

' The credentials have been submitted. Use this code to pass the credentials ' to the filter for custom authentication. If (Request.Cookies(&quot;MSCSFirstRequestedURL&quot;) Is Nothing) Then url = CommerceContext.Current.QueryStringBuilder.BuildUrl(&quot;default.aspx&quot;, False) Else url = Server.UrlDecode(Request.Cookies(&quot;MSCSFirstRequestedURL&quot;).Value) End If                       ' For Windows authentication: url = constructUrl(url, UserID.Text, password.Text)

' Redirect to the originally requested page. 'Response.Redirect(url, False) This does not work. Response.Redirect(url) 'Else '   Label5.Text = &quot;Logon failed for user:  &quot; + UserID.Text 'End If                   End If

UserID.Text = &quot;&quot; Password.Text = &quot;&quot; End If               ' Else display the page to let user enter credentials. Else Response.Redirect(&quot;error.aspx&quot;, False) End If       Else Response.Redirect(&quot;error.aspx&quot;, False) End If   End Sub

Private Function constructUrl(ByVal url As String, ByVal userid As String, ByVal password As String) As String ' Construct the URL to return to the requested page and then pass ' the credentials to the filter. Dim urlRet(5) As String

urlRet(0) = url 'urlRet(1) = &quot;&proxyuser=&quot; ' Note:  is a placeholder of the domain name. urlRet(1) = &quot;proxyuser=\&quot; urlRet(2) = userid urlRet(3) = &quot;&proxypwd=&quot; urlRet(4) = password

constructUrl = String.Concat(urlRet) End Function

Private Function getPassword(ByVal userid As String) As String ' Retrieve the password from the profile service. Dim password As String password = &quot;&quot; Dim userProfile As Profile userProfile = CommerceContext.Current.ProfileSystem.GetProfile(&quot;logon_name&quot;, userid, &quot;UserObject&quot;)

If Not (userProfile Is Nothing) Then password = userProfile(&quot;GeneralInfo.user_security_password&quot;).Value.ToString End If

getPassword = password End Function

Private Function VerifyPassword(ByVal userid As String, ByVal password As String) As Boolean ' Retrieve the password from the profile service. Dim userPassword As String Dim returnVal As Boolean returnVal = False userPassword = &quot;&quot; Dim userProfile As Profile userProfile = CommerceContext.Current.ProfileSystem.GetProfile(&quot;logon_name&quot;, userid, &quot;UserObject&quot;)

If Not (userProfile Is Nothing) Then userPassword = userProfile(&quot;GeneralInfo.user_security_password&quot;).Value.ToString If (String.Compare(userPassword, password) = 0) Then returnVal = True End If       End If

VerifyPassword = returnVal End Function <!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML 4.0 Transitional//EN&quot;>   Login        </HTML>

Additional query words: eCommerce

Keywords: kbhowto kbinfo kbcode KB889574

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.