Last updated: October 2006

This document contains important, late-breaking information about the Microsoft® Commerce Server 2007 Starter Site. The following table lists the available documentation resources for the Starter Site and Commerce Server 2007.

Help Resource Location

Starter Site Installation Guide

http://go.microsoft.com/fwlink/?LinkID=71818

Starter Site Help

http://go.microsoft.com/fwlink/?LinkID=76190

Commerce Server 2007 Installation Guide

http://go.microsoft.com/fwlink/?LinkID=57268

Commerce Server 2007 Help

http://go.microsoft.com/fwlink/?LinkID=62571

Commerce Server 2007 Readme

http://go.microsoft.com/fwlink/?LinkID=57013

In This Section

Getting Started

The Commerce Server 2007 Starter Site gives you a production-ready foundation for building Commerce Server Web sites.

The Commerce Server 2007 Starter Site includes support for the following functions:

  • Customer authentication

  • Catalog browsing with inventory support and marketing content

  • Product rendering with marketing content

  • Static pages

  • Shopping cart with inventory and discount support

  • Checkout with inventory and discount support

  • Full user profile self service with order history and save for later

Important
   This document assumes that you have installed Commerce Server 2007 and unpacked the CSharp site. It is not required that you unpack the CSharp site to run the Starter Site. However, if you have not unpacked the CSharp site, use the instructions in the "Installation and Configuration Guide for Commerce Server 2007", located at http://go.microsoft.com/fwlink/?LinkID=57268, to unpack and configure the Starter Site. In the Installation Guide, wherever CSharpSite is used, replace it with StarterSite.

If you have unpacked the CSharp site, follow the steps in this installation guide to unpack and configure the Starter Site correctly. You must use the Custom unpack method when unpacking the Starter Site onto a computer that already contains the CSharp site. You must choose another site name and folder in which to install the Starter Site files to avoid overwriting the CSharp site's configuration. For more information about performing a Custom unpack, see "Managing Site Packages" in Commerce Server 2007 Help at .

Before you unpack the Starter Site, note the following:

  • Verify that you are logged on as a member of the Administrators group.

  • If you cancel the unpacking process, Commerce Server may not delete the databases that you created during the unpacking process. You should delete the databases manually by using SQL Server Enterprise Manager (SQL Server 2000) or by using SQL Server Management Studio (SQL Server 2005).

  • For each site that you unpack, we recommend that you create unique Web service account names, SQL Server login account names, Windows user groups, and application pools. You can share application pools, but we do not recommend this action.

In This Section

Create a New IIS Web Site

If you have already unpacked a Commerce Server Application to an existing Microsoft Internet Information Services (IIS) Web site and you do not want to overwrite the exiting site, you must use a different IIS Web site or a different Virtual Directory in the IIS Web site for your Commerce Server Application. You can select to use an existing IIS Web site or create a new site.

Note
Only follow this step if you have installed the CSharp site or any other Commerce Server site to the IIS Default Web site.

To create a new IIS Web site

  1. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

  2. In IIS Manager, expand <computer name>, right-click Web Sites, click New, and then click Web Site.

  3. Follow the steps in the Web Site Creation Wizard to create a new IIS Web site.

    Note
    The new IIS Web site must use a port number other than the default port number 80. For example, use port number 8080. On the local computer, when accessing the Web services, the URL to specify should be something like http://localhost:8080/CatalogWebService/CatalogWebService.asmx.

    You will use this IIS Web site when you must provide an IIS Web site name for your Commerce Server site.

Unpack the Starter Site

The Starter Site package file (Starter.pup) includes the Commerce Server 2007 resources, Web services, and application framework necessary to initiate Web site development.

To unpack the Starter Site

  1. On the computer where you want to unpack the Starter Site, create a folder in which to unpack the Starter Site files.

  2. In Internet Explorer, open http://go.microsoft.com/fwlink/?LinkID=76090 to download the Starter Site.

  3. In the folder where you unpacked the Starter Site files, double-click Starter.pup.

    Important
    This document assumes that you have installed Commerce Server 2007 and unpacked the CSharp site. It is not required that you unpack the CSharp site to run the Starter Site. However, if you have not unpacked the CSharp site, use the instructions in the "Installation and Configuration Guide for Commerce Server 2007", located at http://go.microsoft.com/fwlink/?LinkID=57268, to unpack and configure the Starter Site. In the Installation Guide, wherever CSharpSite is used, replace it with StarterSite.

  4. In Commerce Server Site Packager, on the Unpack page, click Custom unpack, and then click Next.

  5. On the Unpack Method page, select Create a new site to unpack the Starter Site package file, and then click Next.

  6. On the Site Name page, in the Site name box, type StarterSite, and then click Next.

  7. On the Select Resources page, do the following:

    Use this To do this

    Resources to unpack

    Specify the resources that you want to unpack. If the resource is included in this list, its settings and schema will be unpacked.

    Add

    Move items selected in the Available resources list to the Resources to unpack list.

    Add All

    Move all items in the Available resources list to the Resources to unpack list.

    Remove

    Move all items selected in the Resources to unpack list to the Available resources list.

    Remove All

    Move all items in the Resources to unpack list to the Available resources list.

  8. Click Next.

  9. On the Global Resource Pointer page, do the following:

    Use this To do this

    Global resource pointers

    Select the Resource to map.

    The Maps to global resource column indicates whether a new global resource will be created locally (Add new global resource), or an existing global resource will be pointed to.

    Existing global resource

    From the drop-down list, select either an existing global resource you want the resource that is being unpacked to map to, or select the Add new global resource option, to create a new global resource.

    The list contains global resources created during Commerce Server setup.

  10. Click Next.

  11. On the Database Connection Strings page, do the following:

    Use this To do this

    Resource

    Select the resource on which you want to perform an action, such as changing a database server. Hold down the SHIFT or CTRL keys to select multiple resources.

    Modify

    Click to modify the connection strings that were defined for the selected resource(s). You can specify a different server or database.

    Defaults

    Click to return the connection strings to the default settings for the selected resource(s). The default settings consist of two databases, one for the Data Warehouse, and one for the other resources. Both databases are stored locally.

    New Database

    Click to create a new database for the selected resource(s). Use this command if you want to put the database on a different computer.

    You cannot rename an SQL database.

  12. Click Next.

  13. On the Select Applications page, in the Applications in the package list, clear the check boxes for the applications that you do not want to unpack, and then click Next.

  14. On the Select IIS Computers, Web Sites and Paths page, do the following:

    Important
    The Commerce Application Name and the Virtual Directory Path must be unique for all Commerce Server site and Web services that you install.

    Note
    Site Packager creates a subfolder using the application name and puts all associated files in this folder. By default, the Starter Site PuP package names this folder StarterSite. You can change this folder name to suit your business needs.

    Use this To do this

    Commerce Application

    From the list of applications, select the application on which you want to perform an action, such as changing the IIS Web site.

    Commerce Application Name

    Accept the default application name of StarterSite.

    Important
    The Commerce Application Name should be unique across all applications in the commerce Web site.

    IIS Web site

    Select an existing IIS Web site to which you want to unpack the application files, the location of your site on the server.

    Important
    If you have already unpacked a site to an existing IIS Web site and you do not want to overwrite the exiting site, you must use a different IIS Web site.

    Virtual Directory path

    Specify the name of the IIS path of the Starter Site. This name will appear in the URL path of the site. You should change the path name for each new site and new application that you unpack to avoid changing the content of applications that have previously been unpacked.

    Important
    The virtual directories for each application must point to different locations and not conflict with any other virtual directories, including ones that are not in the site, so that the files in the virtual directories do not overwrite each other.

    Note
    To unpack an application to the root of the Web site, use the ‘/’ character or leave this field blank.

  15. Click Next.

    Commerce Server starts unpacking the Starter Site.

  16. On the first Profiling System page, accept the defaults, and then click Next.

  17. On the second Profiling System page, accept the defaults, and then click Next.

  18. In the Commerce Server Site Packager dialog box, click OK.

  19. On the Unpacking is Complete! page, view the list of databases and applications that were packed or unpacked, and their locations. You can also access the Site Packager log file to view errors.

    If errors occurred or you select to cancel the Site Packager, the following dialog boxes display:

    • The Errors Occurred during unpacking dialog box displays when errors occurred during the unpacking process.

    • The Packaging has been terminated dialog box displays when you select to cancel packaging of a site.

    Use this To do this

    SQL databases created

    View the SQL databases that were created and the computers on which they are installed.

    Note
    If you cancel the unpacking process, databases that were created during the unpacking process may not be deleted.

    IIS applications created

    View the applications for which databases were created and the Web site on which they are installed.

    View Log File

    Click to open the Site Packager log file. It lists all the events that occurred as long as Site Packager was running. Use this to obtain information if errors occurred.

  20. Click Finish to close Site Packager.

Create User Accounts

After you unpack the Starter Site, you must create several accounts to run the Starter Site services. You should create these accounts on a domain controller or on a computer where you unpacked the Starter Site. If you cannot create these accounts as domain accounts, you can create them as local accounts on the computer where you unpacked the Starter Site.

Note
If your development environment requires that you install and run SQL Server locally, use a local account for these service accounts. If your development environment involves multiple developer workstations that reference a shared, remote SQL Server, use a domain account for the service accounts.

Create the user accounts listed in the following table.

Account name Description

ssRunTimeUser

IIS account for the Starter Site.

ssCatalogWebSvc

Account for running the Starter Site Catalog Web service.

ssMarketingWebSvc

Account for running the Starter Site Marketing Web service.

ssOrdersWebSvc

Account for running the Starter Site Orders Web service.

ssProfilesWebSvc

Account for running the Starter Site Profiles Web service.
Important
Although these account names are only examples, these instructions use them in various steps. You should use account names that are appropriate for your particular environment and substitute the names that you have chosen, where they are suitable, in subsequent instructions.

For additional guidance about how to create service accounts for ASP.NET 2.0 applications, see http://go.microsoft.com/fwlink/?LinkID=67382.

Follow these steps to create a local account on the Commerce Server computer or to create a domain account on an Active Directory domain controller.

How to create a local account on the Commerce Server computer

The following steps show how to create a local account on the Commerce Server computer.

To create a local account

  1. On the desktop, right-click My Computer, and then click Manage.

  2. On the Computer Management screen, under System Tools, expand Local Users and Groups.

  3. Right-click Users, and then click New User.

  4. In the New User dialog box, do the following:

    Use this To do this

    User name

    Type the user name.

    Full name

    Optionally, type a full user name for this account.

    Description

    Optionally, type a description for this account.

    Password

    Type a password for the user.

    Confirm password

    Confirm the password for the user.

    User must change password at next logon

    Clear this check box.

    User cannot change password

    Leave this check box clear.

    Password never expires

    Select this check box.

    Account is disabled

    Leave this check box clear.

  5. Click Create.

  6. Repeat steps 4 and 5 for the other required accounts.

  7. Click Close.

How to create a domain account on an Active Directory domain controller

The following steps show how to create a domain account on an Active Directory domain controller.

To create a domain account

  1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.

  2. In Active Directory Users and Computers window, expand <domain name>.com

  3. Right-click Users, point to New, and then click User.

  4. In the New Object - User dialog box, do the following:

    Use this To do this

    First name

    Type a first name for the account.

    User logon name

    Type the appropriate account name from the previous list, for example, ssRunTimeUser.

  5. Click Next.

  6. In the Password box, type a password for the account, and then in the Confirm password box, type the password again.

  7. Select User cannot change password and Password never expires, and then click Next.

  8. Click Finish.

  9. Repeat steps 3 through 7 for all remaining accounts.

Assign Write Permissions to the Catalog Authorization Role

You must follow these steps before your users can access the Catalog Web service for the Starter Site. You assign write permissions so that business users can access catalogs in the Business Management applications.

To assign write permissions to the catalog authorization role

  1. Click Start, click Run, type explorer, and then click OK.

  2. In Windows Explorer, move to the directory where you installed the Catalog Web service, for example, <drive:>\Inetpub\Wwwroot\<Catalog Web service name>\.

  3. In the <Catalog Web service name> folder, right-click the XML file CatalogAuthorizationStore.xml, and then click Properties.

  4. In the CatalogAuthorizationStore.xml Properties dialog box, on the Security tab, click Add.

  5. In the Select Users, Computers, or Groups dialog box, in the Enter the object names to select box, type <domain or computer name>\ssCatalogWebSvc, and then click OK.

    Note
    As appropriate, substitute the user name for the account you created for "ssCatalogWebSvc" in Create User Accounts.

  6. In the CatalogAuthorizationStore.xml Properties dialog box, in the Group or user names box, select the ssCatalogWebSvc account.

  7. In the Permissions for CatalogWebSvc box, select Write in the Allow column (Read & Execute and Read should already be selected in the Allow column), and then click OK.

Assign Write Permissions to the Temporary ASP.NET Files Folder

Follow these steps to assign write permissions to the Temporary ASP.NET folder. You assign write permissions for the ssRunTimeUser and all Web service accounts that you created in Create User Accounts. You will be unable to run the Business Management applications if you omit these steps.

To assign write permissions to the Temporary ASP.NET Files folder

  1. Click Start, click Run, type explorer, and then click OK.

  2. In Windows Explorer, move to the <drive:>\Windows\Microsoft.NET\Framework\v2.0.50727 (or <drive:>\WinNT\Microsoft.NET\Framework\v2.0.50727, where appropriate) folder.

  3. Right-click Temporary ASP.NET Files, and then click Properties.

  4. In the Temporary ASP.NET Files Properties dialog box, on the Security tab, click Add.

  5. In the Enter the object names to select box, type <domain or computer name>\ssRunTimeUser, and then click OK.

    Note
    As appropriate, substitute the user name for the account you created for "ssRunTimeUser" in Create User Accounts.

  6. In the Temporary ASP.NET Files Properties dialog box, in the Groups or user names box, select the ssRunTimeUser account.

  7. In the Permissions for ssRunTimeUser box, select Write in the Allow column (Read & Execute and Read should already be selected in the Allow column), and then click OK.

  8. In the Security dialog box, click Yes.

  9. Repeat steps 3 through 8 for the ssCatalogWebSvc, ssMarketingWebSvc, ssOrdersWebSvc, and ssProfilesWebSvc Web service accounts that you created in the Custom unpack step.

Assign Permissions for the Windows Temporary Folder

Follow these steps to assign read and write permissions for the Windows Temporary folder. You assign write permissions for the ssRunTimeUser and all Web service accounts that you created in Create User Accounts. You will be unable to run the Business Management applications that are hosted by the Business Management Web services if you omit these steps.

To assign permissions the Windows Temporary folder

  1. Click Start, click Run, type explorer, and then click OK.

  2. In Windows Explorer, move to the <drive:>\Windows (or <drive:>\WinNT, where appropriate) folder.

  3. Right-click Temp, and then click Properties.

  4. In the Temp Properties dialog box, on the Security tab, click Add.

  5. In the Enter the object names to select box, type <domain or computer name>\ssRunTimeUser, and then click OK.

    Note
    As appropriate, substitute the user name for the account you created for "ssRunTimeUser" in Create User Accounts.

  6. In the Temp Properties dialog box, in the Groups or user names box, select the ssRunTimeUser account.

  7. In the Permissions for ssRunTimeUser box, select Write in the Allow column (Read & Execute, List Folder Contents, and Read should already be selected in the Allow column), and then click OK.

  8. In the Security dialog box, click Yes.

  9. Repeat steps 3 through 8 for ssCatalogWebSvc, ssMarketingWebSvc, ssOrdersWebSvc, and ssProfilesWebSvc accounts.

Add Users or Windows Groups to the Authorization Roles

Follow these steps to add the minimum set of users to the authorization roles:

Step 1: Create the business management administrator Windows groups

If you have already created a business management administrator group and the same users will access the Starter Site, you can skip this step. However, if you have a different set of users for the Starter Site, you must create different business management administrator groups.

For instructions about how to create a local Windows group, see "To create a local group" in Windows Help. You must create four administrator groups: ssCatalogAdminGroup, ssMarketingAdminGroup, ssProfilesAdminGroup, and ssOrdersAdminGroup.

Note
These represent the minimum number of Windows groups to define. For descriptions about each predefined role, see "Managing Authorization Policies" in Commerce Server 2007 Help.

Follow these steps to create the local Windows groups for business management administrators.

To create the business management administrator Windows group

  1. On the desktop, right-click My Computer, and then click Manage.

  2. On the Computer Management screen, under System Tools, expand Local Users and Groups.

  3. Right-click Groups, and then click New Group.

  4. In the New Group dialog box, do the following:

    Use this To do this

    Group name

    Type the group name.

    Description

    Optionally, type a description for this group account.

    Add

    Click Add to select members to add to the group.

    Add all user accounts that you want to the administrative group.

  5. Click Create.

  6. Repeat steps 4 and 5 for the other required administrator groups.

  7. Click Close.

  8. Click the Groups folder and verify that the following groups are in the list:

    • ssCatalogAdminGroup

    • ssMarketingAdminGroup

    • ssProfilesAdminGroup

    • ssOrdersAdminGroup

Step 2: Add users to the business management administrator Windows groups

Follow these steps to add users to the administrator groups you created in step 1. At a minimum, add your account, the <CS Installer> account, to each administrator group. You do this so that you will be able to open the Business Management applications after you install them.

To add users to the Business Management Administrator Windows Groups

  1. On the desktop, right-click My Computer, and then click Manage.

  2. On the Computer Management screen, under System Tools, expand Local Users and Groups.

  3. Click Groups.

  4. In the right pane, right-click one of the Groups that you created in step 1, for example, ssCatalogAdminGroup, and then click Properties.

  5. In the <Group Name> Properties dialog box, click Add.

  6. In the Enter object name to select box, type the name of the user account that you want to add to the administrator group. Click Check Names to verify the name is an authorized account, and then click OK.

  7. Repeat Steps 5 and 6 for each user account that you want to add to the selected administrator group.

  8. Click OK to close the Properties dialog box.

  9. Repeat Steps 4 through 8 for each administrator group.

Step 3: Add Windows groups to the administrator authorization roles

You use Authorization Manager to add individual users or user groups to a role. Authorization Manager, a Windows Server 2003 security tool, provides a role-based security model that you use to set permissions. With role-based access control, you specify access control in relation to the organizational structure of your company. For more information about Authorization Manager, see http://go.microsoft.com/fwlink/?LinkID=16923.

The following table lists the minimum set of authorization roles, and their corresponding authorization stores, that you must define.

Authorization Store Authorization Role

CatalogAuthorizationStore.xml

Administrator

MarketingAuthorizationStore.xml

MarketingAdministrator

OrdersAuthorizationStore.xml

OrdersAdministrator

ProfilesAuthorizationStore.xml

ProfileAdministrator

Follow these steps to add business users or groups to the authorization roles.

To add users to the authorization roles

  1. Click Start, click Run, type azman.msc, and then click OK.

  2. In the Authorization Manager screen, right-click Authorization Manager, and then click Open Authorization Store.

  3. In the Open Authorization Store dialog box, verify that the XML file option is selected, and then click Browse to locate the authorization policy for the Web service. For example, the catalog authorization policy XML file is located at <drive:>\Inetpub\Wwwroot\ssCatalogWebService.

  4. Select <authorization policy name>.xml, and then click Open.

  5. In the Open Authorization Store dialog box, click OK.

  6. Expand the authorization policy to \<authorization policy name>.xml\<System name>\Role Assignments\<Role name>. For example, \CatalogAuthorizationStore.xml\CatalogandInventorySystem\Role Assignments\CatalogAdministrator.

  7. Right-click <Role name>, and then click Assign Windows Users and Groups.

  8. In the Select Users, Computers, or Groups dialog box, in the Enter the object names to select box, type the name of the catalog administrator Windows group that you defined in the previous procedure, for example, ssCatalogAdminGroup. Alternatively, you can also type the name of an individual business user account. Click OK.

  9. Repeat steps 2 through 8 for each authorization role in each Web service authorization store. When complete, you will have defined the following:

    Authorization Store Authorization Role Administrator Group

    CatalogAuthorizationStore.xml

    Administrator

    ssCatalogAdminGroup

    MarketingAuthorizationStore.xml

    MarketingAdministrator

    ssMarketingAdminGroup

    OrdersAuthorizationStore.xml

    OrdersAdministrator

    ssOrdersAdminGroup

    ProfilesAuthorizationStore.xml

    ProfileAdministrator

    ssProfilesAdminGroup

Grant Web Services Access to the Databases

To grant Web services access to the SQL databases, you must perform the following two steps:

Step 2 requires mapping several database roles to databases for each SQL database account you create in step 1. See SQL Database Account Database and Database Role User Mapping for a definition of these roles and their mappings.

Step 1: Create SQL database accounts

You must create an SQL Login account for each Commerce Server user account that you defined in Create User Accounts.

Follow the steps provided for the SQL Server version you are using.

To create an SQL Login Account for the Commerce Server Web service in SQL Server 2000

  1. On the design-time computer that is running SQL Server, click Start, point to All Programs, point to Microsoft SQL Server, and then click Enterprise Manager.

  2. In SQL Server Enterprise Manager, expand Microsoft SQL Servers, expand SQL Server Group, expand <servername>(Windows NT), and expand Security.

  3. Right-click Logins and select New Login.

  4. In the Login – New dialog box, click the Search button.

  5. In the Select User or Group dialog box, enter the local or domain ssRunTimeUser account you created in Create User Accounts, and then click OK.

  6. Repeats steps 3 through 5 for all accounts listed in Create User Accounts.

  7. Verify that the following SQL Login accounts now appear under Logins:

    • <domain or computer name>\ ssRunTimeUser

    • <domain or computer name>\ ssCatalogWebSvc

    • <domain or computer name>\ ssMarketingWebSvc

    • <domain or computer name>\ ssOrdersWebSvc

    • <domain or computer name>\ ssProfilesWebSvc

To create an SQL Login Account for the Commerce Server Web service in SQL Server 2005

  1. On the design-time computer that is running SQL Server, click Start, point to All Programs, point to Microsoft SQL Server 2005, and then click SQL Server Management Studio.

  2. In the Connect to Server dialog box, click Connect.

  3. In SQL Server Management Studio, expand <servername>(Windows NT), expand Security.

  4. Right-click Logins, and then click New Login.

  5. In the Login – New dialog box, click Search.

  6. In the Select User or Group dialog box, type the local or domain ssRunTimeUser account you created in Create User Accounts, and then click OK.

  7. Repeats steps 4 through 6 for all accounts listed in Create User Accounts.

  8. Verify that the following SQL Login accounts now appear under Logins:

    • <domain or computer name>\ ssRunTimeUser

    • <domain or computer name>\ ssCatalogWebSvc

    • <domain or computer name>\ ssMarketingWebSvc

    • <domain or computer name>\ ssOrdersWebSvc

    • <domain or computer name>\ ssProfilesWebSvc

Step 2: Associate the SQL database accounts with the database roles in SQL Server

You must associate the database accounts together with the database roles in SQL Server. Follow the steps provided for the SQL Server version you are using. See SQL Database Account Database and Database Role User Mapping for each set of user mappings to be made for each SQL database account.

To associate the database accounts with the database roles in SQL Server 2000

  1. On the design-time computer that is running SQL Server, click Start, point to All Programs, point to Microsoft SQL Server, and then click Enterprise Manager.

  2. In SQL Server Enterprise Manager, expand Microsoft SQL Servers, expand SQL Server Group, expand <servername>(Windows NT), expand Security, and then click Logins.

  3. In the right pane, right-click the database account, and then click Properties.

  4. In the SQL Server Login Properties <account name> dialog box, on the Database Access tab, in the top box, select a database.

  5. In the bottom box, specify the role for the account, and then click OK.

  6. Repeat steps 3 through 5 until all the required accounts are associated with the specified database roles, and then click OK.

To associate the database accounts with the database roles in SQL Server 2005

  1. On the design-time computer that is running SQL Server, click Start, point to All Programs, point to Microsoft SQL Server 2005, and then click SQL Server Management Studio.

  2. In the Connect to Server dialog box, click Connect.

  3. In SQL Server Management Studio, expand <servername>(Windows NT), expand Security, expand Logins, right-click the database account, and then click Properties.

  4. In the Login Properties <account name> dialog box, in the left pane, click User Mapping.

  5. In the right pane, in the Users mapped to this login box, in the Map column, select the check box for the appropriate database.

  6. In the Database role membership for <database name> box, select the check box for the appropriate role on the database, and then click OK.

  7. Repeat steps 3 through 6 until all the required accounts are associated with the specified database roles, and then click OK.

SQL Database Account Database and Database Role User Mapping

The following table lists the accounts on the computers that are running SQL Server that you must add to the specified roles. By default, the database names start with StarterSite. However, you might have specified different database names when you unpacked your site.

Database account Database SQL Server 2000 roles SQL Server 2005 roles

ssCatalogWebSvc

MSCS_Admin

admin_reader_role

admin_reader_role

MSCS_CatalogScratch

db_owner

db_ddladmin, db_datareader, db_datawriter

StarterSite_ProductCatalog

db_owner

ctlg_CatalogWriterRole, db_ddladmin, db_securityadmin, Inventory_ReaderRole, Inventory_WriterRole, db_datareader, db_datawriter

ssMarketingWebSvc

MSCS_Admin

admin_reader_role

admin_reader_role

StarterSite_Marketing

mktg_MarketingService_role, mktg_promoCodeGenerator_role

mktg_MarketingService_role, mktg_promoCodeGenerator_role

StarterSite_MarketingLists

db_owner

db_owner

StarterSite_ProductCatalog

ctlg_catalogReaderRole

ctlg_catalogReaderRole

StarterSite_Profiles

Profile_Reader, Profile_Schema_Reader

Profile_Reader, Profile_Schema_Reader

ssOrdersWebSvc

MSCS_Admin

admin_reader_role

admin_reader_role

MSCS_CatalogScratch

db_owner

db_datareader, db_datawriter, db_ddladmin

StarterSite_Marketing

mktg_runtime_role

db_ddladmin, mktg_runtime_role

StarterSite_ProductCatalog

ctlg_catalogReaderRole, Inventory_ReaderRole

ctlg_catalogReaderRole, Inventory_ReaderRole

StarterSite_Profiles

Profile_Reader, Profile_Schema_Reader

Profile_Reader, Profile_Schema_Reader

StarterSite_TransactionConfig

Orders_Management

Orders_Management

StarterSite_Transactions

Orders_Management, Orders_Runtime

Orders_Management, Orders_Runtime

ssProfilesWebSvc

MSCS_Admin

admin_reader_role

admin_reader_role

StarterSite_Profiles

Profile_Schema_Manager, Profile_Runtime

Profile_Schema_Manager, Profile_Runtime

ssRunTimeUser

MSCS_Admin

admin_reader_role

admin_reader_role

MSCS_CatalogScratch

db_owner

db_datareader, db_datawriter, db_ddladmin

StarterSite_Marketing

mktg_runtime_role

db_ddladmin, mktg_runtime_role

StarterSite_MarketingLists

db_datareader

db_datareader

StarterSite_ProductCatalog

ctlg_catalogReaderRole, Inventory_RuntimeRole

ctlg_catalogReaderRole, Inventory_RuntimeRole

StarterSite_Profiles

Profile_Schema_Reader, Profile_Runtime

Profile_Schema_Reader, Profile_Runtime

StarterSite_TransactionConfig

Orders_Runtime

Orders_Runtime

StarterSite_Transactions

Orders_Runtime

Orders_Runtime

CSDMSvc

StarterSite_Marketing

mktg_directmailer_role

mktg_directmailer_role

StarterSite_MarketingLists

db_owner

db_owner

StarterSite_Profiles

Profile_Schema_Reader, Profile_Reader

Profile_Schema_Reader, Profile_Reader

CSStageSvc

StarterSite_Marketing

mktg_MarketingService_role, mktg_runtime_role, mktg_dataManager_role, mktg_promoCodeGenerator_role

db_ddladmin, mktg_staging_role

StarterSite_MarketingLists

db_owner

db_datareader

StarterSite_ProductCatalog

db_owner

ctlg_CatalogWriterRole, db_datareader, db_datawriter, db_ddladmin, db_securityadmin, Inventory_ReaderRole, Inventory_WriterRole

StarterSite_Profiles

Profile_Schema_Manager

Profile_Schema_Manager

StarterSite_TransactionConfig

Orders_Management

Orders_Management

Assign Permissions to the IIS Worker Process Accounts

The IIS worker process is determined by the application pool to which the Web service application belongs. You must assign the appropriate permissions to the IIS worker process accounts for users to have access to the Web services.

You must follow these steps in the order shown to assign the permissions to the IIS worker process accounts:

Assigning permissions according to these steps supports a tight security implementation that limits access to Commerce Server data to only those Commerce Server components that need access to that data, and only to the data that they need.

Step 1: Create application pools for the Web services

The following steps show how to create application pools in IIS for the Web services.

For each site that you unpack, we recommend that you create unique application pools. You can share application pools, but we do not recommend this action.

To create application pools for the Web services

  1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

  2. In Internet Information Services (IIS) Manager, expand <computername>, right-click Application Pools, point to New, and then click Application Pool.

  3. In the Add New Application Pool dialog box, in the Application pool ID box, type the name of the Web site application pool (for example, ssStarterSiteAppPool), and then click OK.

    Note
     Application pool names cannot be any longer than 20 characters. Suggested names are listed in the next step.

    After you complete these steps, you should have five applications pools defined, one each for the four Web services and one for the Web site.

  4. Click the Application Pools folder and verify that the following application pools are in the list:

    • ssStarterSiteAppPool

    • ssCtlgWebSvcAppPool

    • ssMktgWebSvcAppPool

    • ssOrdWebSvcAppPool

    • ssProfWebSvcAppPool

Step 2: Configure the application pool accounts

The following steps show how to configure the application pool accounts to use the IIS worker process accounts for the Starter Site.

To configure the application pool accounts

  1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

  2. In IIS Manager, expand <Computer name> (local computer), and then expand the Application Pools folder.

  3. Right-click the application pool you want to configure, for example ssStarterSiteAppPool, and then click Properties.

  4. In the <Application pool> Properties dialog box, on the Identity tab, click Configurable.

  5. Click Browse, and under Enter the object name to select, type the account name on which you want your worker process to run (<domain or computer name>\ssRunTimeUser), and then click OK.

  6. In the Password box, type the password associated with this account.

  7. In the Confirm Password dialog box, retype the password, and then click OK.

    Note
    If the account you created must be able to start Common Gateway Interface (CGI) processes, assign the user rights Adjust memory quotas for a process and Replace a process level token to this account.

    For more information about how to configure user rights for CGI applications, see "Configuring CGI Applications" in IIS Help.

  8. The configuration should correspond as indicated in the following table that shows the new ssRunTimeUser identity for the ssStarterSiteAppPool and the four application pools with their corresponding identities:

    Application Pool Identity

    ssStarterSiteAppPool

    (<domain or computer name>\ssRunTimeUser

    ssCtlgWebSvcAppPool

    (<domain or computer name>\ssCatalogWebSvc

    ssMktgWebSvcAppPool

    (<domain or computer name>\ssMarketingWebSvc

    ssOrdWebSvcAppPool

    (<domain or computer name>\ssOrdersWebSvc

    ssProfWebSvcAppPool

    (<domain or computer name>\ssProfilesWebSvc

  9. Close IIS Manager.

Step 3: Add the worker process accounts to the IIS_WPG group

The following step shows how to add the IIS worker process accounts to the IIS_WPG group on the server that is running IIS.

To add the IIS worker process account to the IIS_WPG group

  1. On the desktop, right-click My Computer, and then click Manage.

  2. In the Computer Management screen, under System Tools, expand Local Users and Groups, and then click Groups.

  3. In the right pane, right-click the IIS_WPG group, and then click Add to Group.

  4. In the IIS_WPG Properties dialog box, click Add.

  5. In the Select User, Computers, or Groups dialog box, under Enter the object names to select box, type the account name on which you want your worker process to run (<domain or computer name>\ssRunTimeUser), and then click OK.

  6. Repeat step 5 to add the ssCatalogWebSvc, ssMarketingWebSvc, ssOrdersWebSvc, and ssProfilesWebSvc accounts to the IIS_WPG group.

  7. In the IIS_WPG Properties dialog box, click OK.

  8. Close the Computer Management screen.

Step 4: Assign the applications to the application pools

The following steps show how to assign applications to the application pools you set up in step 1.

To assign applications to the application pools

  1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

  2. In IIS Manager, expand Web Sites and then expand Default Web Site.

  3. Right-click the first application under Default Web Site, for example StarterSite, and then click Properties.

  4. In the <application > Properties dialog box, on the Virtual Directory tab, select the name of the corresponding application pool in the Application Pool box. For example, for StarterSite, select the application pool ssStarterSiteAppPool.

  5. The assignments should correspond as indicated in the following table that shows the StarterSite application assigned to the ssStarterSiteAppPool, and the four other applications assigned to their corresponding application pools:

    Application Application Pool

    StarterSite

    ssStarterSiteAppPool

    ssCatalogWebService

    ssCtlgWebSvcAppPool

    ssMarketingWebService

    ssMktgWebSvcAppPool

    ssOrdersWebService

    ssOrdWebSvcAppPool

    ssProfilesWebService

    ssProfWebSvcAppPool

  6. Close IIS Manager.

Enable Secure Sockets Layer

Follow these steps to enable Secure Sockets Layer (SSL) with the SelfSSL tool in the Internet Information Services (IIS) 6.0 Resource Kit.

Note
This step is only appropriate for development environments. SelfSSL certificates are not appropriate for production environments.

To enable SSL

  1. In Internet Explorer, open http://go.microsoft.com/fwlink/?linkid=59276.

  2. On the Internet Information Services (IIS) 6.0 Resource Kit Tools page, click Download.

  3. In the File Download dialog box, click Save.

  4. In the Save As dialog box, move to the folder where you want to save the executable package and then click Save.

  5. In the Download complete dialog box, click Close.

  6. Click Start, click Run, type explorer, and then click OK.

  7. In Windows Explorer, move to the location where you saved the executable package, and then double-click iis60rkt.exe.

  8. In the Open File - Security Warning dialog box, click Run.

  9. On the Welcome to the InstallShield Wizard for the IIS 6.0 Resource Kit Tools page, click Next.

  10. On the Microsoft Software License Terms page, read the terms of the license agreement. If you accept them, select I agree, and then click Next.

  11. On the Customer Information page, correct, accept, or type your user name and organization, and then click Next.

  12. On the Setup Type page, accept the default Complete option, accept the default option to install this application for anyone who uses the computer (all users), and then click Next.

  13. On the Start Copying Files page, click Next.

  14. On the InstallShield Wizard Complete page, click Finish.

  15. Click Start, point to Programs, point to IIS Resources, point to SelfSSL, and then click SelfSSL.

  16. At the command prompt, type Selfssl.exe /T /V:100, and then press ENTER.

  17. If you are prompted to replace the SSL settings for site 1, press Y, and then press ENTER.

    The SelfSSL tool configures an SSL Certificate on the Default Web site that expires in 100 days.

  18. Close the Command Prompt window.

Post Installation Steps

After you unpack and configure the Starter Site, you can load sample data and images for use on the Starter Site. Then you can test the Starter Site for functionality:

Load Sample Data and Images

Follow these steps to load the sample data and images.

To load sample data and images into the Starter Site

  1. Open a Command Prompt window and move to the folder in which you extracted the Starter Site files.

  2. Type the following command to load the sample data into the Starter Site:

    Sampledataimport.exe C:\Inetpub\wwwroot\StarterSite

Test the Starter Site

Test the Starter Site to make sure that it is working correctly. Use the following step to test the Starter Site.

To test the Starter Site functionality

  • In Internet Explorer, move to http://localhost/startersite, where localhost is the name of your computer.

    The Starter Site Adventure Works page appears. If the page does not appear, review the installation steps.

Allow Web Services to Refresh the Site Caches

To grant site cache refresh permissions to the Catalog, Marketing, and Orders Web services, you must add their accounts to the OrdersWebService and StarterSite Web.config files. Follow these steps to grant the necessary site cache refresh permissions

To change the site cache refresh permissions for the Starter Site

  1. Click Start, click Run, type explorer, and then click OK.

  2. In Windows Explorer, move to the location where you unpacked the Orders Web Service application, for example, <drive:>\Inetpub\wwwroot\OrdersWebService.

  3. Open the Web.config file in a text editor.

  4. Locate the <location> section that is toward the end of the file. The default configuration is:

    <location path="SiteCacheRefresh.axd">
      <system.web>
            <authorization>
                  <allow roles="BUILTIN\Administrators"/>
                  <allow roles="VORDEFINIERT\Administratoren"/>
                  <allow roles="BUILTIN\Administrateurs"/>
                  <deny users="*"/>
            </authorization>
      </system.web>
</location>

  5. Add the CatalogWebSvc, MarketingWebSvc, and OrdersWebSvc accounts to the allow roles, for example:

          <allow roles="<computer_name>\CatalogWebSvc"/>
      <allow roles="<computer_name>\MarketingWebSvc"/>
      <allow roles="<computer_name>\OrdersWebSvc"/>
    Note
    Always add "allow" entries before "deny" entries, as shown in the code sample. As appropriate, substitute the account names that you created when you unpacked and configured the Starter Site.

  6. Save the changes and close the file.

  7. In Windows Explorer, move to the Starter Site Web application folder, for example, <drive:>\Inetpub\wwwroot\StarterSite.

  8. Repeat steps 3 through 6.

  9. To verify that permissions have been granted, in Commerce Server 2007 Starter Site Help, see the topic "Verification Task Overview".

--------------------------------------------------------------------------------------------------

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

© 2006 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, ActiveX, BackOffice, BizTalk, Developer Studio, FrontPage, Hotmail, JScript, MSDN, MS-DOS, MSN, Outlook, PivotChart, PivotTable, Verdana, Visual Basic, Visual C++, Visual C#, Visual Studio, Webdings, Win32, Windows, Windows Media, and Windows NT, are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.