Share via


AuthManager Object

Ee824967.c++_on(en-US,CS.10).gifEe824967.vb_off(en-US,CS.10).gif

Use this object to perform user identification and authentication and to manage user security information. This object also contains methods for cookie and cookieless browsing.

ProgID:   Commerce.AuthManager (Externally creatable)
COM Class Name:   MSCSAuthManager
Type Library Name:   Microsoft Commerce 2000 AuthManager Type Library
DLL Name:   mscsauth.dll
Threading Model:   Both

The methods of the AuthManager object are shown in the following table.

Method Description
GenerateEncryptionKey Generates an encryption key for the administration of cookie data. Use this method in administration or setup components only.
GetProperty Retrieves the specified custom property stored in a cookie or query string.
GetURL Generates a Uniform Resource Locator (URL) containing optional name/value pairs.
GetUserID Retrieves the unique ID for the current user.
GetUserIDFromCookie Retrieves a user ID from a cookie.
Initialize Initializes the AuthManager object by caching all the required site configuration resource properties.
IsAuthenticated Indicates whether or not a user is currently authenticated.
Refresh Updates the cached site configuration resource properties after any of the properties have been changed.
SetAuthTicket Generates an encrypted MSCSAuth ticket for a registered user.
SetProfileTicket Generates an encrypted MSCSProfile ticket for an anonymous user.
SetProperty Adds a property/value pair to a cookie or query string containing a ticket.
SetUserID Sets the user ID property on a ticket.
UnInitialize Removes the site-specific configuration resource properties from the cache.
URLArgs Generates a URL-encoded query string from arrays of parameter names and values.
URLShopperArgs Generates a URL-encoded query string from arrays of parameter names and values and appends the ticket of the user to the string.

Remarks

The AuthManager object identifies users and gathers information used for user authentication. The methods and properties of this object control and access the contents of cookies and encoded URL strings.

In the Commerce Server 2000 context, authentication uses tickets. A ticket is a string of property/value pairs that provide information about the user. Two types of tickets are supported. An authentication ticket, named MSCSAuth, is used for registered users while a profile ticket, named MSCSProfile, is used for anonymous users. In this context, registered means a user who has provided information to a site that can be used for identification.

A user may have both types of tickets. In this case, the MSCSAuth ticket takes precedence.

A ticket contains a unique user ID, and for authentication tickets, the time of last login and a time window. For an anonymous user who allows cookies, the MSCSProfile ticket is stored on the local computer of the user as a persistent cookie. For a registered user who allows cookies, the MSCSAuth ticket is stored in a session cookie and is valid for the duration of the session or a specified time window, and then is deleted.

If the user does not allow cookies, the ticket is placed in an encoded URL string. The URL string may be used to pass user information between pages and sites, provided all the URLs and query strings are generated by the AuthManager object.

The AuthManager object provides a transparent interface to the tickets, whether they are stored in cookies or in URL query strings, and handles encryption and decryption of the tickets to ensure security.

The AuthManager object is intended to be used only through Active Server Pages (ASP) since it depends on ASP intrinsic objects. Do not create the AuthManager object in application scope as it has dependencies on individual user sessions. The AuthManager object should be created and destroyed on each ASP page.

See Also

Site Security Objects

Working with Site Security and Filters


All rights reserved.