Licensing & Security	B2B Commerce Security
16 Questions
3 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What role does the OWIN middleware serve in the security architecture of Configured Commerce?

  • It is responsible for logging API calls for security audits.
  • It acts as an intermediary that validates requests. (correct)
  • It stores user credentials for easy access.
  • It handles session storage for user authentication.
  • Which method is used to obtain a bearer access token in Configured Commerce?

  • generateAccessToken
  • getAccessToken (correct)
  • requestBearerToken
  • authenticateUser
  • What is checked by the custom code in the Identity Server?

  • Session expiry status
  • Username, password, and scope (correct)
  • User's previous login attempts
  • User roles and permissions
  • Where does the cookie authentication middleware operate in the security process?

    <p>During the request validation in the OWIN workflows.</p> Signup and view all the answers

    What must be set to true in appSettings.config if the Identity Server is disabled?

    <p>IdentityServerSkipUrlValidation</p> Signup and view all the answers

    What is the purpose of the interceptor in sending a bearer token?

    <p>To attach the bearer token to every request.</p> Signup and view all the answers

    What does 'grant_type=password' signify in the process of obtaining a bearer token?

    <p>Indicates password-based authentication.</p> Signup and view all the answers

    Which aspect of the architecture does the Session service handle?

    <p>Providing a bearer access token for requests.</p> Signup and view all the answers

    What is the purpose of the certificate used by the Identity server?

    <p>To sign authentication tokens.</p> Signup and view all the answers

    Which command parameter is used to set the expiration date for the self-signed certificate?

    <p>-e</p> Signup and view all the answers

    Where should the Personal Information Exchange (.pfx) files be stored after export?

    <p>~/App_Data/insiteidentity.pfx</p> Signup and view all the answers

    What is required to enable Facebook authentication?

    <p>Toggling the Allow Sign in with Facebook Account setting to YES.</p> Signup and view all the answers

    Which of the following is NOT required for Google authentication?

    <p>Google API Key</p> Signup and view all the answers

    Which toggle settings manage Windows account access in the application?

    <p>Use Windows Sign In on Storefront and Admin Console</p> Signup and view all the answers

    What does the Windows Metadata URL setting store?

    <p>The metadata needed for WsFederation.</p> Signup and view all the answers

    Which parameter in the batch command designates the key size for the certificate?

    <p>-len</p> Signup and view all the answers

    Study Notes

    Configured Commerce Security Architecture

    • Authentication Workflow: Configured Commerce uses Identity Server and OWIN middleware to handle user authentication for platform access.
    • Session Service: The Session service provides the getAccessToken method, which generates a bearer access token for subsequent requests.
    • OWIN Middleware: OWIN middleware sits between the Optimizely API and IIS, validating all requests. It uses an Identity Server Token Authentication OWIN middleware to check and validate the bearer token in the request header.
    • Cookie Authentication: Cookie authentication middleware is also used within the OWIN workflow.
    • Bearer Token Retrieving: To retrieve a bearer token in an Angular application, call the getAccessToken method defined in insite.session.service.ts.
    • Bearer Token Sending: The bearer token fetched from the server is attached to every subsequent request to the website through an interceptor.
    • Configuration: All security-related settings need to be configured in the appSettings.config file:
      • IdentityServerUrl: Specifies the URL of the identity server, defaulting to websiteurl/identity.
      • IdentityServerCertificatePassword: The password for the client certificate.
      • IdentityServerSkipUrlValidation: Set to true if Identity Server is disabled.
    • Certificate Signing: Identity Server utilizes certificates to sign authentication tokens. This certificate, separate from the website's SSL certificate, can be self-signed and is configured using the SigningCertificate property within IdentityServerOptions.
    • Certificate Creation: Use the provided batch command to create a self-signed certificate:
      makecert -r -pe -n "CN=insiteidentity" -b 01/01/2020 -e 01/01/2023 -eku 1.3.6.1.5.5.7.3.3 -sky signature -a sha256 -len 2048 -ss my -sr LocalMachine
      
    • Certificate Export: Once installed, export the Personal Information Exchange (.pfx) file from the certificate store and save it to @"~\App_Data\insiteidentity.pfx.".
    • External Authentication: Configured Commerce supports out-of-the-box logins for Windows, Google, and Facebook.
    • Facebook Authentication: Enable by setting the Allow Sign in with Facebook Account setting to "YES." Credentials for Facebook integration are stored in the configuration as:
      • Facebook App ID
      • Facebook App Secret
    • Google Authentication: Enable by setting the Allow Sign in with Google Account setting to "YES". Credentials for Google integration are stored in the configuration as:
      • Google Client ID
      • Google Client Secret
    • Windows Authentication: Enable by setting the Allow Sign in with Windows Account setting to "YES." Additional settings control Windows login behavior:
      • Use Windows Sign In on Storefront: Enables or disables Windows login on the Storefront.
      • Use Windows Sign In on Admin Console: Enables or disables Windows login on the Admin Console.
      • Windows Metadata URL: Contains the address to retrieve WsFederation metadata.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    Description

    This quiz covers the security architecture of Configured Commerce, emphasizing its authentication workflow using Identity Server and OWIN middleware. You'll explore how bearer tokens are generated and sent in Angular applications, alongside the role of cookie authentication in the OWIN workflow. Test your understanding of these crucial concepts in modern web security.

    More Like This

    General	B2B Commerce Cloud API Reference
    32 questions
    Monitor Performance	Backend performance
    40 questions
    Rules & Mappers	Mappers
    34 questions

    Rules & Mappers Mappers

    SupportedAstatine4145 avatar
    SupportedAstatine4145
    Use Quizgecko on...
    Browser
    Browser