\[Editor's Note: Each month, this column will discuss various aspects of e-commerce with Microsoft Site Server 3.0.\]

Site Server 3.0's Personalization and Membership (P&M) feature is a powerful tool. However, many administrators don't take advantage of this tool because of its complexity. To help you better understand this tool, I introduce you to Site Server 3.0 and its P&M feature and show you how to create, view, and map a Membership server to a P&M Web site.

What Is Site Server 3.0?
Microsoft offers two versions of Site Server 3.0: the platform or regular product and the Commerce Edition. Both versions integrate seamlessly into a Windows NT 4.0 and IIS 4.0 system. Microsoft designed the Site Server 3.0 platform product to help you get the most out of your corporate intranet. The platform product empowers users to publish, find, and share information quickly and easily. Features include extensive search capabilities and tools that let you perform thorough analyses of your intranet's usage and effectiveness. The platform product also includes the P&M feature. P&M consists of three technologies:

  • Web sites and authentication service
  • Lightweight Directory Access Protocol (LDAP) Services
  • Membership Directory Service (DS)

The Commerce Edition includes the platform product and a comprehensive Internet commerce server that lets you engage customers, transact business, and analyze commerce Web sites in innovative, cost-effective, and dynamic ways. The Commerce Edition also lets you streamline and integrate your online information with distributors and suppliers. The Commerce Edition is highly scalable and secure.

This month, I concentrate only on the Site Server 3.0 platform product, but in future columns, I'll discuss the Commerce Edition. You can download a 90-day evaluation version of Site Server 3.0 from http://microsoft.com/ siteserver/site/productinfo/evaluation.htm.

What Is P&M?
P&M is both a DS and an authentication architecture.

DS. P&M is the Windows 2000 (Win2K) Active Directory (AD) before its time—you might even call it the father of AD. Based on LDAP 3.0, a global standard for accessing information in DSs, you use the Membership DS to access the user information in the Membership Directory database. Because P&M is a DS, you can

  • Host personalized content on your Web site. Whether you explicitly or implicitly gather user data, the Membership DS provides a place to gather information about users' preferences, buying habits in commerce, application data, and many other types of data.
  • Store persistent data about users. The Membership Directory stores user data in DS schema attributes. Because these attributes reside at the OS layer, you eliminate the need for application-specific user data. Thus, you need to maintain only one set of user data for all your applications.

To manipulate user data, you can use Active Directory Service Interfaces (ADSI) as the programming interface. For example, you can use ADSI code to display a user attribute from the Membership DS. You can use that same code to display a user attribute in any ADSI-compatible DS, including Win2K's AD. In other words, you can use the ADSI code now in your NT 4.0 system and then easily migrate that ADSI code to AD if you later upgrade your system to Win2K.

Authentication architecture. The server hosting the Membership Directory (i.e., Membership server) works with the server running NT 4.0 to provide user authentication and access control for your Web site and the Membership Directory. The Membership server contains services that let you access and manage the DS and services that let you authenticate and authorize users whose accounts are in the Membership Directory. If you apply P&M to an IIS 4.0 Web server, P&M's authentication replaces NT's Web authentication. If you remove anonymous access from that IIS 4.0 Web server, users log on and authenticate the Membership DS.

Because P&M is an authentication architecture, you can overcome NT 4.0's domain limits and achieve true scalability. Technically, you can have zillions of authenticated Internet users.

Creating the Servers and DS
Installing Site Server 3.0 is a chore. However, many installation guides and articles already exist, so I won't cover that information here. I found that the installation guide in Microsoft's Windows Media Pay-Per-View Solutions Setup (http://microsoft.com/windows/ windowsmedia/en/download) is the most encompassing and helpful.

After you successfully install Site Server 3.0, you're ready to create the Membership server, its DS, and the LDAP server. To create them, follow these steps:

  1. Open the Site Server Service Admin Microsoft Management Console (MMC). From the Start menu, select Programs, Microsoft Site Server, Administration.
  2. From the Site Server Service Admin MMC, select the P&M folder. Right-click the icon for the local computer, select New, and click Membership Server Instance.
  3. Choose Next to move from the opening screen. Click Custom Configuration, Next.
  4. The New Membership Server Wizard appears, giving you three configuration options, as Screen 1 shows. The first option specifies whether you plan to use Active User Objects (AUOs). You must select this check box to use P&M. The second option specifies whether you want to use the LDAP Service. If you plan to run the LDAP Service on the local host computer, select the check box. If you plan to dedicate an NT server to the LDAP Service, leave the check box blank. The third option specifies whether you want to use the Message Builder Service. This service lets you send custom, personalized email messages in bulk to your DS members. If you have a functioning SMTP server, select this check box. Otherwise, leave it blank. Click Next.
  5. If you left the LDAP Service check box blank, the wizard asks you to specify the NT server and its port number. After you type the necessary information, click Next.
  6. Choose Create a New Membership Directory. Click Next.
  7. Select the authentication mode. As Screen 2 shows, you can either use Membership Authentication (i.e., P&M's authentication mode) or Windows NT Authentication (i.e., NT 4.0's authentication mode). For this example, I used Membership Authentication because it has no domain limits. Click Next.
  8. Type the name of your new Membership Directory, as Screen 3 shows. Administrators typically use their company's name (e.g., Microsoft) because this name becomes the top node, or realm, of the DS hierarchy. Your developers and scriptwriters must know the realm name to create ADSI code because they use the notation o= to specify the realm (e.g., o=Microsoft) in their code. Next, set the Membership Directory Administrator password. This password isn't the Administrator password for the NT 4.0 Administrative account but rather the Administrator password for the DS you're configuring. The Membership Directory Administrator password can be the same as the NT Administrator password, but I recommend that you use separate passwords to distinguish between them. Write down the Membership Directory Administrator password, and click Next.
  9. Specify the type of database in which the DS will store data. If you have Microsoft SQL Server, I highly recommend you choose that option. SQL Server is faster and more scalable than .mdb files. For this example, I used SQL Server. Click Next.
  10. Type the SQL Server name, a database name (you need to create a SQL Server database before this step), a database username (e.g., SA), and a database password. Click Next.
  11. If you chose to run the LDAP Service on the local host computer in step 4, you need to specify the port number to install the service on. You can choose any port as long as the port is available. If you don't specify a port, the wizard defaults to port 1003 if you're creating your first Membership server or to the next available port if you're creating another Membership server. Write down the port number, and click Next.
  12. If you chose to use the Message Builder Service in step 4, you need to configure this service. Enter the SMTP mail server that you want to send mail from, or accept the default (i.e., the name of the NT server on which you're running the wizard) to send mail from the local host SMTP server. Click Next.
  13. After the wizard summarizes your configuration, click Finish to complete the creation of the new Membership server.

After you successfully create the Membership server, DS, and LDAP server, you can rename the Membership server to whatever you want.

Viewing the DS
To view the DS you just created, right-click the Membership Directory Manager (MDM) in the Site Server Service Admin MMC and choose Properties. Change the port number to the port number of the Membership server you just created, and click OK. Log on anonymously. (You can log on anonymously because you haven't secured the DS yet.) Click OK. Expand the MDM, and click Members.

As Screen 4 shows, you see the Administrator account you created in Members. If you double-click this account, you can see its default attributes of DS-Privileges and User-Password.

Mapping the Default Web Site
After you create the Membership server, you can map it to the default Web site, which is often called the Application server. If you're experimenting with the default Web site on a test server, you use port 80. If you can't use port 80 because it's already in use, you can create a new Web site on another port and map it to the Membership server.

To map the default Web site to the Membership server, right-click Default Web Site (or the new Web site you just created) in the IIS snap-in from the treeview within the Site Server Service Admin MMC. Choose Task, Membership Server Mapping. Select the Membership server, and click OK.

You now have a Web site that the DS authenticates. If you type http://localhost, you can access this site because, by default, P&M allows anonymous user access. To force authentication, right-click Default Web Site (or the Web site you created) in the IIS snap-in and click Properties. If you're an IIS 4.0 guru, you'll likely notice a new Membership Authentication tab, which Screen 5 shows. Click that tab, and clear the Allow anonymous check box. Click OK to apply the change.

If you try to open http://localhost, the system now prompts you with an authentication input box asking for your username and password. Type administrator and the password that you entered when you created the DS to access the default Web site.

You can change the generic Win32 authentication input box to an HTML page containing an Active Server Pages (ASP) form called formslogin.asp. To make this change, right-click Default Web Site (or the new Web site you created) in the IIS snap-in and select Properties. Select the Membership Authentication tab. Clear the Clear Text/Basic Authentication check box, and select HTML Forms Authentication. Click OK to apply the change. If you go to http://localhost, the system presents you with an HTML form that forces authentication to the Web server. You can use other authentication forms in different places on your Web site.

Don't Be Afraid
Don't be afraid of using Site Server 3.0's P&M feature in your Internet, intranet, and extranet sites. You'll be glad you did.