Try our conversational search powered by Generative AI!
AI OnAI Off
Commerce Security
Hi Steven,
Did you deactive FormsAuthentication and remove the default HTTP Module (providing the Forms Authentication interception) from your Commerce Manager website? I've seen strange behaviour when FormsAuthentication still intercepts your pipeline and potentially rejects your request. It will potentially conflict with the OWIN execution.
Casper Aagaard Rasmussen.
Jul 05, 2016 22:26
I did deactivate the FormsAuthentication, but I didn't see the Forms authenticiation HTTP Module though.
I tried to access commerce again but got the following access denied error.
Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.
Jul 11, 2016 17:55
Following Episerver Commerce 9 Security Documentation we cannot get Commerce Manager (back-end site) to work with ASP.NET Identity.
Self-registration (Commerce customers/non-back-end users)
Jul 12, 2016 12:46
That is the same area I am having trouble with, I cannot get the working ASP.Net Identity to work in the Commerce side of things.
Jul 12, 2016 13:11
With the latest Nuget package for AspNetIdentity from Epi, it has made it a lot easier to integrate the CMS using identity. However, it still seems to have trouble connecting the commerce engine to the cms so that you have to login only once to have access to the full CMS and commerce manager system (assuming you are assigned to those roles).
Jul 18, 2016 17:19
Episerver CMS site or Commerce site (not Commerce Manager site) works very fine with AspNetIdentity.
But Commerce Manager doesn't works.
Jul 18, 2016 18:14
I have implemented microsoft owin identity security on the CMS portion of the site, but I cannot get it working on the commerce portion. Ideally, a user should log into a common login page and get access to all locations. The problem seems to be that I am getting the following error.
Access is denied.
Description: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.
Error message 401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.
I have removed the role and membership provider in the web.config for commerce manager, as well as updating the ecf.security.config file to include my IdentitySecurityProvider that inherits from the episerver ISercurityProvider interface. I've implemented the necessary members, but they all throw not implemented exceptions right now. I can't seem to get the commerce code to even hit that provider though due to getting the error above when trying to go to commerce catalog manager.