Freigeben über


How to Add Encrypted Properties for Profiles

Commerce Server 2009 supports asymmetric encryption and one-way hashing to enable the encryption of profile properties.

To use asymmetric encryption, you typically follow these steps:

  • Add profile properties that can be encrypted.

  • Generate public and private keys.

  • Migrate data to a new public/private key pair. Data migration is not covered in this topic.

  • Modify the application code to do the following:

    • Supply the tokens used in the encryption process to the Profile Service and Commerce Server OLE DB Provider.

    • Encrypt properties.

    • Decrypt properties.

One-way hashing is used to encrypt data that does not have to be decrypted, such as passwords. After the encrypted values are stored, data can be compared with the stored values by using a hashing algorithm in a string comparison implementation.

Follow these steps to add new profile properties that can be encrypted. Do not mark properties that have preexisting data as encryptable. Otherwise, the preexisting data will be lost.

Note

If you want to use asymmetric encryption, you will need to follow all three procedures. If you want to use one-way hashed encryption, you only need to follow the last procedure, "To add encrypted properties to a profile."

To add a new property for the key index

  1. Expand Commerce Server Manager, expand Global Resources, expand Profile Catalog, expand Profile Definitions, and then click User Object.

  2. In the right pane, click Profile System in the Properties list.

  3. Click Add in the right pane.

  4. In the Add-Web Page dialog box, select Add a new property, and then click OK.

  5. In the Attributes section, do the following:

    Use this

    To do this

    Name

    Type the name, for example, KeyIndex.

    Display Name

    Type the name to be displayed on the Custom Attributes tab, for example, KeyIndex.

    Description

    Type the description of the KeyIndex custom attribute.

    Type

    Select Number.

    Type Reference

    Select as blank. Cannot be a JoinKey, PrimaryKey, DualKey, or HashingKey.

  6. Click Advanced Attributes section, and do the following:

    Use this

    To do this

    Active

    Clear the Yes check box.

    Map to Data

    Click ellipsis button [...] to create data member of type number if it has not already been created.

  7. Click Apply, and then click the Save icon on the toolbar.

To add a profile level custom attribute

  1. Right-click your profile (for example, User Object), and then select Properties.

  2. In the Profile Properties dialog box, on the Custom Attributes tab, click New.

  3. In the Custom Attribute dialog box, do the following:

    Use this

    To do this

    Name

    Type KeyIndex.

    Display Name

    Type the name to be displayed, for example, KeyIndex.

    Description

    Type the description of the KeyIndex custom attribute.

    Value

    Type KeyIndex.

    This should be the same property name as the profile created in the previous procedure.

  4. Click OK in the Custom Attribute dialog box.

  5. Click Apply in the User Object Properties dialog box, and then click OK.

To add encrypted properties to a profile

  1. Click Add in the right pane.

  2. In the Add-Web Page dialog box, select Add a new property, and then click OK.

  3. In the Attributes section, do the following:

    Use this

    To do this

    Name

    Type the property name.

    Display Name

    Type the name to be displayed.

    Description

    Type the description of the property.

    Type

    Select Password or String.

  4. In the Advanced Attributes section, do the following:

    Use this

    To do this

    Map to data

    Click the ellipsis button [...] to map the property to a data member.

    Key type

    Leave blank.

    The key type cannot be a UniqueKey, JoinKey, PrimaryKey, DualKey, or HashingKey.

    Encrypted

    Select one of the encryption types from the drop-down list.

    Exported

    Clear the Yes check box.

    Multi-valued

    Leave blank.

    Searchable

    Clear the Yes check box.

    Hashing Key

    Clear the Yes check box.

    • In the Custom Attributes section, you cannot mark encrypted properties as displaycolumn or friendlyname (for use in the profile editors only).

    • You cannot create a custom attribute at the property level with a name of EncryptedType (case insensitive).

    • Encrypted properties are limited to 795 Unicode characters.

    • To provide a password property with asymmetric encryption, use an Attribute Type of String or Long String, do not use the Password type. For Database Type, use the NVarchar or Text type.

  5. Click Apply, and then click the Save icon on the toolbar.

See Also

Other Resources

How to Use the Profiles Schema Manager

About the Profiles Schema Manager