EPiWiki.se  - EPiServer notes shared with others
 

Security in EPiServer commerce

[Edit]
How to handle and extend the security concept in EPiServer Commerce

Membership


Commerce membership handling is defined in the membership section in web.config and has to use a custom SQL membership provider (that doesn’t do anything?!)
The normal table (aspnet_Users, aspnet_Membership) for ASP.NET membership is used.

Contact


Commerce information about the membership stored in the table (cls_Contact) and is connected through the application layer with the ContactId that matches the memberships UserId.

Roles


To login the ASP.NETs roles is used located in the table aspnet_Roles.

Commerce Roles


Commerce roles are stored in RolePermission and handle the permissions for the commerce system. The commerce roles and contacts are connected with the table Security_RoleAssignment where RoleParticipant is connected to the UserId [SecurityRoleAssignmentId]

Authentication


The authentication is handled by ASP.NET membership provider but the security is handled by the SecurityContexts ISecurityCheck and IRoleManagement instances. It is possible to replace them with your own by creating a class inheriting from those interfaces and register it in ecf.security.config

Example:


ecf.security.config

<Security defaultProvider="MattiasSecurityProvider"...
  <Providers>
    <add name="MattiasSecurityProvider"
         type="Mediachase.SampleSite.MattiasSecurityProvider, Mediachase.B2CSampleSite" />

MattiasSecurityProvider.cs

using Mediachase.Commerce.Customers.Security;
namespace Mediachase.SampleSite
{
    public class MattiasSecurityProvider : CustomerSecurityProvider
    {
    }
}
Version author:
stevec

EPiServer version

'EPiServer CMS 6'