How to: Enable Basic Authentication
- Open the IIS Manager.
- Go to Authentication, enable Basic Authentication, and disable Anonymous Authentication:
- In the Site section, select the Web site where Commerce is installed (default: Default Web Site). Click Bindings, add https for port 443, and select your certification.
- Navigate to the application installation folder. There are pre-configured WebServices files there for different Authentication modes.
- Open Web.config and replace the Configuration Source file for services in this line:
<services configSource="WebServices.config"/>to one of these files:
- WebServices_Basic.config: Basic Authentication (port 80)
- WebServices_SSL.config: SSL (port 443)
Basic/SSL Authentication needs user login information with the web request header.
To set up user for IIS, right-click Computer and select Manage (or go to Control Panel > Administrative Tools > Computer Management), and in Local Users and Groups you can add a new user. Then, give that user permission to read the directory where the site is hosted.
After creating the user, be sure to edit the user and remove all roles so that user cannot be used to access the computer itself, like log into it.
For other authentication methods, like certification, use the SSL Services file and configure the web config files, where Commerce is installed, according to the setup in IIS.
Note: These are just sample configuration files on how to configure IIS. Commerce uses standard IIS methods in handling security. A lot of information is available online, for example by Google search, on how to set up different methods of security in IIS, that can be applied to those configuration files that come with Commerce.