FIX: An update is available that enables the installation of Commerce Server 2009 R2 to work with Microsoft Anti-Cross Site Scripting Library v4.2.1

Applies to: Commerce Server 2009 R2 EnterpriseCommerce Server 2009 R2 Standard

Introduction


An update is available that enables the installation of Commerce Server 2009 R2 to work with Microsoft Anti-Cross Site Scripting Library v4.2.1 successfully.

More Information


Before you apply this update, Commerce Server 2009 R2 needs Microsoft Anti-Cross Site Scripting Library v3.1 to be present for the installation process to succeed. However, when Microsoft Anti-Cross Site Scripting Library v3.1 is replaced by Microsoft Anti-Cross Site Scripting Library v4.2.1 to improve security, the installation of Commerce Server 2009 R2 fails after "Check for Prerequisites" step of the installation process. 

After you apply this update, you can install Commerce Server 2009 R2 successfully together with Microsoft Anti-Cross Site Scripting Library v4.2.1.

Additionally, this update fixes compatibility issues between Microsoft Anti-Cross Site Scripting Library v4.2.1 and Commerce Server 2009 R2 Web Parts.

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft website: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Restart requirement

You do not have to restart the computer after you apply this hotfix. However, you must restart Internet Information Services (IIS) after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace a previously released hotfix.

Installation steps

To enable this hotfix, run the CS2009R2RTM-KB2677435-enu.exe file. For additional configuration, follow the installation steps that are shown here:
Situation 1
For users who do not (or cannot) have Commerce Server 2009 R2 installed, follow these steps:
  1. Install the update.
  2. Install Commerce Server 2009 R2. Now, the prerequisite check against Microsoft Anti-Cross Site Scripting Library v3.1 is unblocked.
  3. Follow Situation 2 to install the hotfix again in order to update the rest of the files.
Situation 2
For users who have Commerce Server 2009 R2 installed, but who do not have a site deployed, follow these steps:
  1. Install the update.
  2. Deploy Commerce Server SharePoint sites by referring to the Commerce Server 2009 R2 documentation for detailed steps.

    Note Now, the v4.2 version of the Antixsslibrary.dll and HtmlSanitizationLibry.dll files are in the Global Assembly Cache (GAC) and are referenced by Commerce Server code.
Situation 3
For users who have Commerce Server 2009 R2 installed, and have an existing site deployed, follow these steps:
  1. Install the update.
  2. Run the following command at a command prompt:
    Run "c:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\STSADM.EXE" -o upgradesolution -name MicrosoftCommerceWebParts.WSP -filename "c:\Program Files (x86)\Microsoft Commerce Server 9.0\SharePointServices\Site\MicrosoftCommerceWebParts.wsp" -immediate -allowgacdeployment
  3. If you have a Microsoft SharePoint 2010 Server and a Commerce site built on the server , run the following command at a command prompt:
    c:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\STSADM.EXE -o upgradesolution -name MicrosoftCommerceSPServerStorefrontSite.WSP -filename "c:\Program Files (x86)\Microsoft Commerce Server 9.0\SharePointServices\Site\MicrosoftCommerceSPServerStorefrontSite.wsp" -immediate -allowgacdeployment
  4. If you have SharePoint 2010 Foundation and a Commerce Site built on the server , run the following command at a command prompt:
    c:\Program Files (x86)\Microsoft Commerce Server 9.0\SharePointServices\Site>"c:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\STSADM.EXE" -o upgradesolution -name MicrosoftCommerceSPFoundationStorefrontSite.WSP -filename "c:\Program Files (x86)\Microsoft Commerce Server 9.0\SharePointServices\Site\MicrosoftCommerceSPFoundationStorefrontSite.wsp" -immediate -allowgacdeployment
  5. Wait several minutes for the changes to take effect, or recycle the site application pool, or perform an IISReset operation.

    Note Now, the v4.2 version of the Antixsslibrary.dll and HtmlSanitizationLibry.dll files are in the GAC (they replaced the original v3.1 version) and are referenced by Commerce Server code.
  6. Change all the web.config files for your existing sites manually (For example, FBA and NTLM zones). For each site, change any web.config files that contain the following:
    <add assembly="AntiXssLibrary, Version=Version Culture=neutral, PublicKeyToken=d127efab8a9c114f" /> 
    Change the previously-mentioned code to the following:
    <add assembly="AntiXssLibrary, Version=4.2.0.0, Culture=neutral, PublicKeyToken=d127efab8a9c114f" />
    <add assembly="HtmlSanitizationLibrary, Version=4.2.0.0, Culture=neutral, PublicKeyToken=d127efab8a9c114f" />
Situation 4
For users who have Commerce Server 2009 R2 installed and have customized the web part or the site by using the Commerce SharePoint Extensibility Kit, follow these steps:
  1. Install the update.
  2. Find the updated SDK (CommerceSharePointExtensibilityKit.zip) that contains the v4.2 versions of the Microsoft Anti-Cross Site Scripting Library and Commerce Server Web Parts source changes in order to use the new version. Then merge the changes to the customized source code and recompile the code in order to build new Web Parts DLL and WSP files.
  3. Re-deploy or upgrade the Microsoft Commerce Web Parts SharePoint solution by running the following command (the actual location for the rebuilt MicrosoftCommerceWebParts.wsp may vary):
    "c:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\STSADM.EXE" -o upgradesolution -name MicrosoftCommerceWebParts.WSP -filename "c:\Program Files (x86)\Microsoft Commerce Server 9.0\SharePointServices\Site\MicrosoftCommerceWebParts.wsp" -immediate -allowgacdeployment
  4. Wait several minutes for the changes to take effect, or recycle the site application pool, or perform an IISReset operation.

    Note Now, the v4.2 version of the Antixsslibrary.dll and HtmlSanitizationLibry.dll files are in the GAC (the replaced the original v3.1 version) and are referenced by Commerce Server code.
  5. Change all the web.config files for your existing sites (for example, your FBA and NTLM zones) manually. For each site, change any web.config files that contain the following:
    <add assembly="AntiXssLibrary, Version=3.X.X.X, Culture=neutral, PublicKeyToken=d127efab8a9c114f" /> 
    Change the previously-mentioned code to the following:
    <add assembly="AntiXssLibrary, Version=4.2.0.0, Culture=neutral, PublicKeyToken=d127efab8a9c114f" />
    <add assembly="HtmlSanitizationLibrary, Version=4.2.0.0, Culture=neutral, PublicKeyToken=d127efab8a9c114f" />
Situation 5
For a 3-tier deployment where the application tier is deployed to separate computers than the presentation tier, follow these steps:
  1. Install the hotfix on the presentation tier computers by following the instructions from whichever of the previous situations applies best to your deployment in order to update and upgrade MicrosoftCommerceWebParts.WSP and MicrosoftCommerceSPServerStorefrontSite.WSP/ MicrosoftCommerceSPFoundationStorefrontSite.WSP.
  2. Install the hotfix on the application tier computers. Next, find the v4.2 AntiXssLibrary.dll and HtmlSanitizationLibrary.dll files in the updated SDK (For example, the files may be located in C:\Program Files (x86)\Microsoft Commerce Server 9.0\Extensibility Kits\CommerceSharePointExtensibilityKit.zip\CommerceSharePointExtensibilityKit\Lib\), and then deploy them into the GAC.
  3. Recycle the site application pool, or perform an IISReset operation.
Situation 6
For users who cannot uninstall Commerce Server 2009 R2, follow these steps:
  1. Install the update.
  2. Uninstall Commerce Server 2009 R2. Now, the prerequisite check against Microsoft Anti-Cross Site Scripting Library v3.1 is unblocked.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Commerce Server 2009 R2 AntiXss Web parts
File nameFile versionFile sizeDateTimePlatform
CommerceSharePointExtensibilityKit.zipNot applicable6,620,48822-Feb-201223:07Not applicable
microsoftcommerceportalmossv2.wspNot applicable1,984,12522-Feb-201223:13Not applicable
microsoftcommerceportalwssv2.wspNot applicable2,033,47322-Feb-201223:13Not applicable
microsoftcommercewebparts.wspNot applicable1,002,73722-Feb-201223:13Not applicable
Microsoft.commerce.dll9.0.40601.14183,07222-Feb-201223:13x86
Microsoft.commerce.sequencecomponents.dll9.0.40601.14731,97622-Feb-201223:13x86
Microsoft.commerce.sequencecomponents.extensions.dll9.0.40601.14101,21622-Feb-201223:13x86