Поделиться через


How to Authorize Members of a Security Group to Update the Cache

You can help increase security for cache update operations by creating a security group to contain the users who can update the site cache. You can then update the Web.config file to indicate that only members of the security group are authorized to update the cache.

To authorize members of a security group to update the cache

  1. Click Start, right-click My Computer, and then click Manage.

  2. In the Computer Management window, expand Computer Management, expand System Tools, expand Local Users and Groups, right-click Groups, and then click New Group.

  3. In the New Group dialog box, in the Group text box, type a name for the new group, such as CacheRefresh_SG.

  4. In the Description text box, type a description of the new group, such as User accounts that can update the site cache.

  5. Click Add.

  6. In the Select Users, Computers, or Groups dialog box, type the account under which the Staging service runs. Typically, this is <domain>\CSStageSvc. Click OK to add the account to the group.

  7. Repeat steps 5 and 6 to add the following accounts to the new group:

    • The account under which the Catalog Web service runs. Typically, this is <domain>\CatalogWebSvc.

    • The account under which the Marketing Web service runs. Typically, this is <domain>\MarketingWebSvc.

    • The account under which the Orders Web service runs. Typically, this is <domain>\OrdersWebSvc.

    • The account under which the Profiles Web service runs. Typically, this is <domain>\ProfilesWebSvc.

  8. Click Create.

  9. Edit the Web.config file at the virtual root of the Web site by adding the following XML statements in the configuration element:

    <location path="SiteCacheRefresh.axd">
        <system.web>
            <authorization>
                <allow roles=".\CacheRefresh_SG"/>
                <deny users="*" />
            </authorization>
        </system.web>
    </location>
    

    Note

    Replace CacheRefresh_SG with the name of the new group.

  10. Repeat step 9 to edit the Web.config file at the virtual root of each Web service that is being used for your site. Typically, these are the Catalog Web service, Marketing Web service, Orders Web service and Profiles Web service.

See Also

Other Resources

Securing the Deployment