Table of Contents

Major Changes in DynamicWeb 10

Overview of major changes in features and concepts from DW9 to DW10

Some concepts of DynamicWeb 9 has been undergoing some bigger changes - below is a list of changes

Users and Groups

Users and groups have been significantly refactored to solve a number of structural and security related issues.

AccessUser table is still holding users and groups, but the relations have been moved from the problematic "@1@,@2@" format to a separate AccessUserGroupRelation table that now explicitly holds that information. IMPORTANT This needs to be handled in integration and custom code that uses this.

The old @-format will automatically be migrated to the new table when upgraded.

Authentication

Authentication of the backend, but also the frontend, has changed to use modern practices. This means that a lot of login logic has been deprecated and you can expect it to behave differently.

One example is that there are no longer sessions, and the backend and frontend do not share login. This also means that a template or any other code running in the context of the frontend, cannot access the current backend users.

Logins are now handled by cookies and external authentication providers are all deprecated and will be replaced by new ones supporting up-to-date security protocols.

Implemented UserContext and UserContextProvider to provide access current user and current secondary user (impersonation) based on the authenticated identity stored in HttpContext.

Implemented LogOnManager/LogOnHandler and related middleware in classic frontend pipeline. This also handles impersonation.

  • Removed the possibility to configure impersonation mode - only full impersonation is supported now.
  • Removed the possibility to authenticate by password token - "PwToken" query string parameter.
  • Removed the "Send existing password" password recovery option from user management frontend.
  • Removed the old LogOnHandler/SecurityHandler from Dynamicweb.Frontend.
  • Removed use of methods on User class and marked them as obsolete.

It is no longer possible to use simple links to log on a user - /page?username=test&password=1234 or for starting and stopping impersonation (DWExtranetSecondaryUserSelector, DwExtranetRemoveSecondaryUser). We now require a post request for those actions.

Autologin ("Remember me") and cookie expiration is currently not handled. A new implementation is being considered using longer cookie expiration instead of 'remember' feature.

All of these changes are made to ensure a more secure handling of login.

Permissions

Coming soon

File and Database Updates

In DynamicWeb 9 database and file updates was handled by Updates.xml and files distributed with /Admin. This has now moved to be inside the different packages - so i.e. Dynamicweb and Dynamicweb.Ecommerce packages now holds update packages as code.

Which updates have been added to a solution is now found in the database table Updates

Products

In DW9 products could be accessed both from ecommerce --> product catalog and from PIM. In DW10 everything around products now has its own area. This also means that the commerce area only contains everything around sales: Assortments, promotions and order.

Your license will affect which and how many features are available in the products area. PIM specific features like workflows, completeness, grid edit etc. are only available for PIM licenses.

Data Models

Product categories are now added to a data model, to which you can then add products of that type. This will give the products assigned to that data model the attributes set on the product categories.

This is done to separate enrichment data structure from a sales/frontend structure.

Improve this doc
To top