Hello ShopSite users,
I am setting up ShopSite v 11 sp1 for a new website. In the backroom, I have setup different user accounts. When we go to login, sometimes the user gets prompted for a userid and password that requires the initial ShopSite user id and password (I call that the master user) and sometimes they get prompted for a ShopSite merchant user Id and password, which are the ones I set up.
Is there a way to just require the merchant user Id I set up, not the master one?
FredW
User Accounts
-
Jim
- Site Admin
- Posts: 4953
- Joined: Fri Aug 04, 2006 1:42 pm
- Location: Utah
Re: User Accounts
If you are getting two different login prompts, one with just the userid and password and the other with user, password and storeid, then you have both the webserver login and ShopSite login enabled. The webserver login uses the .htaccess and .htpassword files (note these are hidden files because they begin with the "." ) in the ss/ directory. To disable the webserver login these files should be renamed to something like .htaccess.org and .htpassword.org so that you keep a copy of them but they will no longer be used by the webserver. Normally when the ShopSite login is initially enabled there is a screen where the disabling of the files can be done if the store is the only store using the cgis in the ss/ directory. If there are multiple stores using the directory it is not possible to remove the .htpasswd and .htaccess unless all stores have enabled the ShopSite login method.
So if your store is the only store using the ss/ cgis then you could make backups of the files and then you will only get the one login.
So if your store is the only store using the ss/ cgis then you could make backups of the files and then you will only get the one login.
-
thatguy
- Posts: 2
- Joined: Fri Oct 19, 2012 6:33 pm
Re: User Accounts
Any tips on how a Windows IIS user can disable the server login and just rely on the user accounts? The method Jim provides (.htaccess) would only work for sites hosted on Apache. Any suggestions would be greatly appreciated.
-
Jim
- Site Admin
- Posts: 4953
- Joined: Fri Aug 04, 2006 1:42 pm
- Location: Utah
Re: User Accounts
I haven't ever done it, but this is what a co-worker said would probably be requiredl.
You need to have IIS Manager access.
You have to turn off basic authentication for the ss directory where the backoffice cgi execute from.
You may also need to give the anonymous user (IUSR ?) full control to the ss directory.
In my test store that does not have basic authentication (webserver login) enabled, the ss directory Security settings are IUSER has Modify, Read & execute, List folder contents, Read and Write all checked. The Administrator has Full Control checked, the IIS_Users has just Read checked. <Disclaimer:> I only know enough about Windows server management to get myself into deep trouble, so make sure you have backups before attempting this.</Disclaimer>
You need to have IIS Manager access.
You have to turn off basic authentication for the ss directory where the backoffice cgi execute from.
You may also need to give the anonymous user (IUSR ?) full control to the ss directory.
In my test store that does not have basic authentication (webserver login) enabled, the ss directory Security settings are IUSER has Modify, Read & execute, List folder contents, Read and Write all checked. The Administrator has Full Control checked, the IIS_Users has just Read checked. <Disclaimer:> I only know enough about Windows server management to get myself into deep trouble, so make sure you have backups before attempting this.</Disclaimer>
-
thatguy
- Posts: 2
- Joined: Fri Oct 19, 2012 6:33 pm
Re: User Accounts
Thank you, Jim. That worked for us.