Managing Authorization
Authorization determines whether an identity has permission to access services, operations, or data. You must apply authorization to operations on commerce entities whenever you want to restrict the actions of the caller. Users must have the correct claims to perform such operation.
In Microsoft Commerce Server 2009 R2, the CommerceClaim entity represents individual pieces of information, or claims, about the identity of a user. Once a user is authenticated in a SharePoint 2010 deployment, the security token service (STS) calls the Commerce Claims Provider to get SharePoint 2010 authorization claims for the authenticated identity represented by the CommerceClaim entity. See About the CommerceClaim Entity and About the Commerce Server Claims Provider.
Only authorized identities can perform query operations on the CommerceClaim entity. You must configure authorization security for the CommerceClaim entity by adding the identity running the STS application pool to the Security Token Service group in Authorization Manager. See Configuring the Authorization Policy for the CommerceClaim Entity.
Configuring authorization in Commerce Server 2009 R2 involves the following tasks:
Adding authorization rules to those commerce entities in MetadataDefinition.xml that require authorization
Adding the authorization sequence component to operation sequence message handlers where authorization is required
Adding a new scope to the authorization policy (for new commerce entities only)
Adding identities to the authorization policy of the commerce entity
Configuring authorization in ChannelConfiguration.config
See Configuring Authorization for a Commerce Entity.
If you have created a custom claims provider, your custom claims provider must be able to query for the claims of a user. See Creating a Query for Claims.
In This Section
About the CommerceClaim Entity
About the Commerce Server Claims Provider
Configuring Authorization for a Commerce Entity
Security Services Authorization Schema
Configuring the Authorization Policy for the CommerceClaim Entity