AllowBasicOverNonSecure Property
For the latest version of Commerce Server 2007 Help, see the Microsoft Web site.
Gets or Sets a value that indicates whether to allow Basic authentication over unprotected HTTP connections.
Namespace: Microsoft.CommerceServer
Assembly: Microsoft.CommerceServer.CrossTierTypes (in Microsoft.CommerceServer.CrossTierTypes.dll)
Syntax
'Declaration
Public Property AllowBasicOverNonSecure As Boolean
'Usage
Dim instance As ServiceAgent
Dim value As Boolean
value = instance.AllowBasicOverNonSecure
instance.AllowBasicOverNonSecure = value
public bool AllowBasicOverNonSecure { get; set; }
public:
property bool AllowBasicOverNonSecure {
bool get ();
void set (bool value);
}
public function get AllowBasicOverNonSecure () : boolean
public function set AllowBasicOverNonSecure (value : boolean)
Property Value
Type: System..::.Boolean
true to indicate to allow Basic authentication; otherwise, false. Default is false.
Remarks
Gets or sets a value indicating whether Basic authorization is allowed on an HTTP channel without SSL. Basic authentication sends passwords over the network without encrypting them. This can be an extreme security risk, but this risk can be mitigated using a technology such as IPSEC to secure the network communication. Setting this value to false means that the authentication method negotiation with the server will never result in the Agent using Basic authentication unless the URL being used to communicate with the Web service is a secure (HTTPS) URL. This is true even if the list of authorization modes which are allowed list includes the Basic authentication method. The UnsafeAuthenticatedConnectionSharing property is set to true by default. For Windows authentication, used in the commerce UI applications, this does not pose any problem since the UI applications are single user applications. This only presents a security risk if the Agent APIs are called from within a web application where impersonation is being used.
Permissions
- Full trust for the immediate caller. This member cannot be used by partially trusted code. For more information, see Using Libraries from Partially Trusted Code.