As promised I am going to begin blogging on my experiences with Commerce Server 2007. I started yesterday by getting the environment setup. I didn’t run through the step-by-step guides I just followed the prompts and a little advice from one of my co-workers who has been playing with CS for about a month now. Everything seemed to go as planned. I walked through the configuration wizard, unpacked the CSharpSite and compiled all the projects which got everything going. The part I missed from doing it this way was configuring security correctly. One thing I’ve noticed is that CS seems to be locked down very heavily out of the box.
I installed and launched the CS Catalog Manager. It would not connect and just gave me a generic error prompt that the webservice was not available. I poked around in IIS for a minute only to find that everything seemed to be good. I then tried to navigate to the webservice with IE which worked fine. I thought it was interesting that I could get there with IE but not the Catalog Manager. So I tried to invoke one of the methods in IE and I finally found the problem. I got the following error:
System.Web.Services.Protocols.SoapExceptions: The Catalog Web service does not have write access to the authorizationPolicyPath. Verify that the file exists and that it has the appropriate permissions.
I looked around for a solution and what I finally found by piecing together different sources was that essentially I needed to assign write permissions on CatalogAuthorizationStore.xml to the account running the AppPool in which it resides.
To do this you need to identify the account running your AppPool by going to IIS open up Application Pools and find the AppPool the CatalogWebService is running in. You then can right click on that AppPool and select Properities. Go to the Identity tab on the properties dialog and there you can see which account you are using. Once you have this information, then you can navigate to the CatalogAuthorizationStore.xml file which is in the same directory as CatalogWebService.asmx. In my case, it is set up at C:\Inetpub\wwwroot\CatalogWebService. You then right click on the xml file and select Properties >> Security. Here you add the account and be sure that it has write permissions. Once I completed this, I tried again to launch the Catalog Manager. This time it worked, or at least it seemed to. It was now able to load and talk to the webservice, but the task pane was empty. I couldn’t actually do anything with catalogs.
I did some more searching to try to resolve this issue and found that although I could now access the CatalogAuthoriztionStore, I had no accounts configured within it. So now I have to add my user account. To accomplish this you do the following:
Open the Authorization Manager (Start > Run > Azman.msc)
Right Click the Authorization Manager node
Click on Open Authorization Store
Browse to the CatalogAuthorizationStore.xml file where we found it earlier
Open the CatalogAuthorizationStore Node
Open the CatalogandInventorySystem Node
Open Role Assignments
Right Click on the roles you wish to manage and choose "Assign Windows Users or Groups"
You can then use the dialog to select your user account or other appropriate users and groups
Once again I tried to launch the Catalog Manager and this time was able to manage catalogs as expected.