Commerce Server Blog

While developing code to store credit card information in commerce server profile, I used to get a error message – “Failed to set value for profile property ‘cc_number’ at Microsoft.CommerceServer.Runtime.Profiles.ProfileProperty.set_Value(Object value) at MyProject. AddUserCreditCard(CreditCard creditCard, String authTicket)”

It looks strange error but this error comes because of two reasons

1.    Invalid encryption keys
2.    Invalid settings in web.config.

 Commerce Server Profile system gives the flexibility to store sensitive information like credit card details, personnel details. It uses asymmetric cryptography (public-key cryptography) to encrypt / decrypt sensitive information. Asymmetric cryptography contains two keys

1.    Public key
2.    Private key

The private key is kept secret, while the public key may be widely distributed. Incoming messages would have been encrypted with the recipient’s public key and can only be decrypted with his corresponding private key. For better security of these keys, commerce server keeps them in registry. A site can have one entry of public/private key in the registry or they can share the key details with another site. You can find the key details at

HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommerce Server 2007 Keys

Make sure there are valid keys in the registry. If you feel the keys are corrupted or tampered, you can use “ProfileKeyManager.exe” tool to generate a new set of keys.

The second place to check the settings at web.config. Make sure your application (from which you are calling commerce server profile subsystem) web.config has following details. 

<profiles><userProfile profileDefinition=”UserObject”userIdProperty=”GeneralInfo.email_address” organizationIdProperty=”AccountInfo.org_id” catalogSetIdProperty=”AccountInfo.user_catalog_set” userIdSource=”UPM” userIdKey=”GeneralInfo.email_address” userIdTarget=”GeneralInfo.user_id”/>
<organizationProfile profileDefintion=”Organization” organizationIdProperty=”GeneralInfo.org_id” catalogSetIdProperty=”GeneralInfo.org_catalog_set”/><encryption>
<keys keyIndex=”1″>
<add type=”publicKey” value= “registry:HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommerce Server 2007 KeysDefault,PublicKey” />
<add type=”privateKey1″ value=”registry:HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommerce Server 2007 KeysDefault,PrivateKey” />
</keys>
</encryption>
</profiles> 

Make sure you update Default with exact site/folder name in your web.config else you will get “Configuration error”, when you run the application. It’s good practice to change public and private keys once in 90 days. On every key change, its IT administrator responsibility to update the sensitive data is compatible with new keys else the data will become void. Watch out for this space for data migration tool.

If you like this post, please click on our sponsor advertisement.