Commerce Security

Vote:
 

I have implemented microsoft owin identity security on the CMS portion of the site, but I cannot get it working on the commerce portion.  Ideally, a user should log into a common login page and get access to all locations.  The problem seems to be that I am getting the following error.

Access is denied.

Description: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL. 

Error message 401.2.: Unauthorized: Logon failed due to server configuration.  Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server.  Contact the Web server's administrator for additional assistance.

I have removed the role and membership provider in the web.config for commerce manager, as well as updating the ecf.security.config file to include my IdentitySecurityProvider that inherits from the episerver ISercurityProvider interface.  I've implemented the necessary members, but they all throw not implemented exceptions right now.  I can't seem to get the commerce code to even hit that provider though due to getting the error above when trying to go to commerce catalog manager.

#150538
Jun 21, 2016 21:05
Vote:
 

Hi Steven,

Did you deactive FormsAuthentication and remove the default HTTP Module (providing the Forms Authentication interception) from your Commerce Manager website? I've seen strange behaviour when FormsAuthentication still intercepts your pipeline and potentially rejects your request. It will potentially conflict with the OWIN execution.

Casper Aagaard Rasmussen.

#150983
Jul 05, 2016 22:26
Vote:
 

I did deactivate the FormsAuthentication, but I didn't see the Forms authenticiation HTTP Module though.  

I tried to access commerce again but got the following access denied error.


Unauthorized: Logon failed due to server configuration.  Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server.  Contact the Web server's administrator for additional assistance.

#151092
Jul 11, 2016 17:55
Vote:
 

Following Episerver Commerce 9 Security Documentation we cannot get Commerce Manager (back-end site) to work with ASP.NET Identity.

Self-registration (Commerce customers/non-back-end users)

http://world.episerver.com/documentation/Items/Developers-Guide/Episerver-Commerce/9/Security/Security/

#151146
Jul 12, 2016 12:46
Vote:
 

That is the same area I am having trouble with, I cannot get the working ASP.Net Identity to work in the Commerce side of things.

#151147
Jul 12, 2016 13:11
Vote:
 

With the latest Nuget package for AspNetIdentity from Epi, it has made it a lot easier to integrate the CMS using identity.  However, it still seems to have trouble connecting the commerce engine to the cms so that you have to login only once to have access to the full CMS and commerce manager system (assuming you are assigned to those roles).

#151361
Jul 18, 2016 17:19
Vote:
 

Episerver CMS site or Commerce site (not Commerce Manager site) works very fine with AspNetIdentity.

But Commerce Manager doesn't works.

#151363
Jul 18, 2016 18:14
Vote:
 

That was what I was trying to say, commerce manager doesn't work.

#151364
Jul 18, 2016 18:21
Vote:
 

Hi Steven

Did you find an answer to this issue?

#196386
Aug 28, 2018 22:55
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.