BUG: The User-Password TTL configuration parameter for the Siteauth.dll component does not work correctly (840582)


The information in this article applies to:

  • Microsoft Commerce Server 2002
  • Microsoft Commerce Server 2002 SP2
commerce 2002:14050

SUMMARY

When you use the Microsoft Commerce Server 2000 or the Microsoft Commerce Server 2002 Authentication Filter with Windows authentication, the Active Directory directory service or local Windows account settings do not take effect. Upon disabling an account, the Siteauth.dll component does not appear to honor user-password TTL.

SYMPTOMS

You can still log on with a disabled account, you may be able to use a previous password, or other user account settings do not reflect the most current data when you use the Commerce Server 2000 or the Commerce Server 2002 Authentication Filter with Windows authentication.

CAUSE

This problem occurs because Microsoft Internet Information Services (IIS) security token cache settings are incorrect.

RESOLUTION

To resolve this problem, follow these steps:
  1. Set the UserTokenTTL registry parameter to a low value. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

    152526 Changing the default interval for user tokens in IIS

  2. Configure the CS Authentication Resource properties. To do this, follow these steps:
    1. Expand Commerce Server Manager, and then click Global Resources.
    2. In the right pane, right-click CS Authentication(SiteName) resource, where SiteName is the name of the site that you are configuring, and then click Properties. The CS Authentication(SiteName) Properties dialog box appears.
    3. In the Properties box, click the User-Password TTL property. In the Selected Property Value box, type a low value such as 5 (minutes), and then click OK.

STATUS

This behavior is by design.

MORE INFORMATION

For more information about how to configure UserTokenTTL, click the following article number to view the article in the Microsoft Knowledge Base:

152526 Changing the default interval for user tokens in IIS

For more information, visit the following Microsoft Developer Network (MSDN) Web site:

Configuring the CS Authentication resource
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/csvr2002/htm/cs_mmc_authentication_hrif.asp

Note The UserTokenTTL regustry parameter will only be used for CS Windows authentication, and the authfltr filer must be in use. If the authfltr filer is not used, this parameter will not be recognized, and the password cache configuration will not be affected by the parameter.
Modification Type:MinorLast Reviewed:6/16/2006
Keywords:kbfix kbQFE kbbug KB840582 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.