Security Vulnerability with Microsoft Sql Client 

Few days back we were discussing internally on something and this topic of Security Vulnerabilty came, so, if you are not aware , there is a security Vulnerabilty which has been released by Microsoft few days back with Microsoft Sql Client.

About the Vulnerabilty Description

“Microsoft is releasing this security advisory to provide information about a vulnerability in .NET, .NET Core and .NET Framework’s System.Data.SqlClient and Microsoft.Data.SqlClient NuGet Packages.

A vulnerability exists in System.Data.SqlClient and Microsoft.Data.SqlClient libraries where a timeout occurring under high load can cause incorrect data to be returned as the result of an asynchronously executed query.”

So what changes are required for Sitecore solution:

As Sitecore is built on top of .Net, there will be some obvious changes which Sitecore probably will work and apply the patch or hotfix and release it to customers and vendors soon.

But, what about the custom solutions we have put in place where our solution is interacting with SQL Server directly, some cases could be:

  • Rating or Reviews module (if you are storing reviews externally in custom SQL database)
  • User Generated Content(UGC) (if there are some sort of user data like blogs/comments etc.. stored in custom SQL database)
  • etc..

In this case we would have make those changes to our solution so that it is aligned with the patch released by Microsoft to fix the Vulnerability.

Also, as per the security advisory released, if you are not talking to Microsoft SQL Server from your application directly you are not affected by this vulnerability.

For more details you can refer the below link:

https://github.com/advisories/GHSA-8g2p-5pqh-5jmc#affected-packages

So, i think we should think about making those changes as recommended in the advisory and apply the fix.

Hope you find this helpful.

Happy learning 🙂

Advertisement

Content Hub DAM Enterprise Mock Training Summary

Last week I completed second part of Content Hub Mock training i.e. Sitecore Content Hub DAM Enterprise Mock, it was very detailed and informative and include deep dive sessions for some of the topics we already covered during Professional, but very insightful, so thought of sharing my experiences from this training for those who are planning to take this training in near future.

It was a 5 days training and covered topics/subjects like:

  • Domain Model
  • Basic Schema Configuration using sample Domain Model.
  • Configuration about Advanced Pages Setup.
  • Advanced Data Migration topics
  • Building Custom Page Setup
  • Advanced Security Setup and Policies
  • Workflow Setup and Configurations.
  • Small Intro to Print Templates etc..

As a prerequisite for this training- you should have successfully completed the Sitecore Content Hub Fundamentals digital course form Sitecore Learning portal.

Sessions were organized well and you get enough time to practice and Implement the topics covered, You also get time to raise/ask any questions you might get while you Implement your practice sets. For the enterprise training also you get your separate sandbox to do all your stuffs.

Please make sure to test the access for your sandbox as sometimes you might not have access for the same, it’s not a big deal and you get this resolved quickly but it’s better to test it before the training to save some time.

Off all the topics covered I liked most Domain Model and Advanced Security topics (I found advanced security topic interesting and little complex but in the end was all good).

Same as professional training, here also trainer had administrator rights on our specific sandbox so that if something goes wrong while working/practicing specific task, trainer can go to your sandbox and verify things as required and assist you.

In the fifth day i.e. last day of your training you get to clear any doubts you have from some the topics already covered and make sure you are ready before you submit your sandbox for the review.

Overall my experience from both Professional and Enterprise Mock training is great and I recommend to take this training and go for it if you are planning to work on Content Hub.

You can read about my experiences and some notes here from Content Hub Professional Mock training.

As a next step I will look to complete Content Hub Admin and Developer certifications, I will share my experiences and notes as soon as I am done with the certifications.

Hope you find this helpful.

Sitecore Content Hub for Administrators Features Walkthrough

In my previous post I discussed about my experience on taking/completing Sitecore Content Hub Professional Mock training and what topics were covered, just to give a brief recap following topics were introduced during the training:

  • Schema Configuration
  • UI Configuration
  • Themes configuration
  • Media Processing
  • Digital Rights Management
  • Data Migration
  • Security
  • Reporting etc…

Post to this training, I also created few videos focused on Sitecore Content Hub for Administrators to give some reference points on how certain features of the platform can be used and configured in Content Hub DAM by Administrators.

Some of the recordings/topics for ref:

Hight level features walkthrough of Content Hub DAM:

How to create assets in the system:

Content Hub DAM Custom fields and Taxonomies

You can find the playlist here which can be referred when you have time- https://www.youtube.com/watch?v=bL95sGzRh6k&list=PLgr04NsypZYBeaZoJ7tEKJThTKS7CDfha

Hope you will find these resources helpful and should give you a good starting point if you are heading towards your Content Hub Journey.

Let me know if you have any questions around this.

Happy learning 🙂

Content Hub DAM Professional Mock Training Summary

Last month I got the opportunity to enroll for Sitecore Content Hub DAM Professional Mock training, it was very informative and insightful, so thought of sharing few things from that training for everyone’s reference here who are planning and yet to take the training.

It was a 5 days training and covered topics/subjects like:

  • Schema Configuration
  • UI Configuration
  • Themes configuration
  • Media Processing
  • Digital Rights Management
  • Data Migration
  • Security
  • Reporting etc…

Some of the topics from DEV side were:

  • Working with External components
  • Working with Mass Edit using scripts
  • How Authentication works and etc.

As a prerequisite for this training- you should have successfully completed the Sitecore Content Hub Fundamentals digital course form Sitecore Learning portal.

Sessions were well organized with two short tea and a lunch break. We got the opportunity and time to explore all the above mentioned topics and few others practically in our specific Sandbox environment which was spinned up for each trainee.

First 2.5-3 days of training were focused on Administrator side of Content Hub and remaining 2-2.5 days for Developer related topics.

Trainer also had administrator rights on our specific sandbox so that if something goes wrong while working/practicing specific task, trainer can go to your sandbox and verify things as required.

There was no rush and you get ample time to clear any doubt(s) you might have and complete all your practice tasks and then only trainer moves forward so that you are not missing anything here.

In the last day of the training you get time to clear any doubt(s) you have from the topics covered before and if there are no more doubts to clear, you will be given time to review your sandbox.

I found this training very useful and insightful and can say that I am already looking forward to make my hands dirty with the knowledge I gained from this training.

But that’s just one part of it, we still have another part to this i.e. Sitecore Content Hub DAM Enterprise Mock Implementation which we still have to plan.

There are two ways to enroll for this training , you can do/purchase it individually for Pro and later for Enterprise or you can just get/enroll for the bundle which includes both (with this you get some discount) you can reach out to your Sitecore representative on how you can proceed with this.

I will share my feedback and experiences when I complete the Enterprise Mock Implementation for everyone’s ref.

Hope it helps.

Happy learning 🙂

Sending email with customized email body using Sitecore forms

Did you work on a requirement to send email to your partners/visitors in Sitecore? yeah… I know that’s a pretty common requirement right? we can create custom forms and send emails or even a better solution is to leverage Sitecore forms and use/create actions to send emails.

In Sitecore we can use available Send Email Submit Action to send the email, In the below screen shot we can see the available option to configure the Send Email action for Submit button.

So far so good, now let’s take an example where we want to send an email with the customized message body, how to go there? We have solution like using MailMessage class and setting message properties like Subject, Body, from address etc.. and then create SMTP client to send email.

We can also leverage SendEmail submit action and update the message body to send custom data, this would be useful for such requirements like where we want to send some activation link, data to our end users for confirmation.

Let’s see how we can use second option and send customized message body.

Here are the steps required:

  • Create a class and inherit that class with Sitecore Forms SubmitActions SendEmail class.
public class SendCustomEmail : Sitecore.ExperienceForms.Mvc.Processing.SubmitActions.SendEmail
  • Initialize a new instance of the class you created above.
public SendCustomEmail (ISubmitActionData submitActionData)  : base(submitActionData)
        {
            
        }
  • Next step is to override Execute method with SendEmailData/FormSubmitContext parameters, set the SendEmaiData Body property using custom value and perform other business rule(s) as per project/business requirements.
protected override bool Execute(SendEmailData data, FormSubmitContext formSubmitContext)
        {
            Assert.ArgumentNotNull(formSubmitContext, nameof(formSubmitContext));

            if (!formSubmitContext.HasErrors)
            {
                // Process formSubmitContext here...
                var emailBody = "Custom Email Message"; // Set custom email body message here...
                data.Body = data.Body.Replace("#email#", emailBody);
            }

            return true;
        }
  • In the above step we have set the Body property of SendEmailData class and replaced that value with a placeholder text which is set as part of Sitecore form we created.
  • Next step is to call base class Execute method and you are done.
base.Execute(data, formSubmitContext);
  • After this we need to create a new submit action in Sitecore and configure the required fields like Model Type, Error Message and Editor.
  • Once this is done you just need to select the newly created submit action as part of the Submit button and you are good to go.

Here is the full code for ref.

// <copyright file="SendCustomEmail.cs" company="Sandbox">
// Copyright (c) Sandbox. All rights reserved.
// </copyright>

namespace Sandbox.Feature.Actions
{
    using Sitecore.Diagnostics;
    using Sitecore.ExperienceForms.Models;
    using Sitecore.ExperienceForms.Mvc.Models.SubmitActions;
    using Sitecore.ExperienceForms.Processing;

    
    public class SendCustomEmail : Sitecore.ExperienceForms.Mvc.Processing.SubmitActions.SendEmail
    {
        /// <summary>
        /// Initializes a new instance of the <see cref="SendCustomEmail"/> class.
        /// </summary>
        /// <param name="submitActionData">submitActionData.</param>
        public SendCustomEmail(ISubmitActionData submitActionData)
            : base(submitActionData)
        {
        }

        /// <summary>
        /// Executes the action with the specified <paramref name="data" />.
        /// </summary>
        /// <param name="data">The data.</param>
        /// <param name="formSubmitContext">The form submit context.</param>
        /// <returns><c>true</c> if the action is executed correctly; otherwise <c>false</c>.</returns>
        protected override bool Execute(SendEmailData data, FormSubmitContext formSubmitContext)
        {
            Assert.ArgumentNotNull(formSubmitContext, nameof(formSubmitContext));

            if (!formSubmitContext.HasErrors)
            {
                // Process formSubmitContext here...
                 var emailBody = "Custom Email Message"; // Set custom email body message here...
                data.Body = data.Body.Replace("#email#", emailBody);
                base.Execute(data, formSubmitContext);
            }

            return true;
        }
    }
}

Hope this helps!

To know about Sitecore forms, please refer Sitecore documentation for details- https://doc.sitecore.com/en/users/90/sitecore-experience-platform/sitecore-forms.html

Also If you want to checkout my latest Sitecore videos, you can do so here on Youtube- https://www.youtube.com/c/ankitjoshi2409

Happy learning 🙂

Install Items to custom location using SXA Scaffolding Scripts

Scaffolding in Sitecore lets you add modules/components to tenants and sites. OOTB SXA modules are stored in Feature or Foundation folder:

  • /sitecore/system/Settings/Feature/Experience Accelerator
  • /sitecore/system/Settings/Foundation/Experience Accelerator

In addition to that we can create our own custom SXA components/modules which can be installed just like regular SXA modules.

The SXA components we build could have some site items which we want to install to specific location(s) when this component gets installed like specific data/settings/dictionary/under home etc… This is where SXA scaffolding comes into picture- it enables module-items to install into custom location(s) based on the component requirements so that content authors doesn’t have to install it manually and we give them a seamless module installation experience.

Scaffolding can be configured on tenant or site level, you can see scaffolding options when you create a module, below screen shot for ref.

We have OOTB options to create items to some default location(s) like:

  • Under home item
  • Under Data
  • Some standard items under Presentation and Settings.

For e.g. we can create item of type “AddItem” and specify the location and template, to define where and what type of item we want to create, this helps in installing item(s) in some standard location(s) supported by SXA.

How about if we want to install some item(s) into such location(s) which doesn’t support OOTB by scaffolding action items?

Problem statement : We want to create dictionary items under Site-> Site Dictionary->[Component Dictionary Item] while installing a new module to specific site.

So, how we go there? – we can leverage ExecuteScript action item and write script to create item(s) in any specific location, here are the steps to follow:

  1. Navigate to your site setup item.
  2. Right click on site setup item and create an item say [AddDictionary] based on “ExecuteScript” template.
  3. The script which we are going to create will be referred in the field called “Script” under section “Script
  4. Navigate to /sitecore/system/Modules/PowerShell/Script Library and Create an item say. [TestModule] of type “PowerShell Script Module” template.
  5. Right click on [TestModule] item and create an item say [Functions] based on “PowerShell Script Library” template
  6. Right click on [Functions] and create following scripts:

[Add-SXAModuleDictionary]

This script is used to create dictionary item under site->site dictionary domain> for selected site.

Import-Function Get-DictionaryDomain
function Invoke-ModuleScriptBody {
[CmdletBinding()]
param(
[Parameter(Mandatory = $true, Position = 0 )]
[Item]$Site,
[Parameter(Mandatory = $true, Position = 1 )]
[Item[]]$TenantTemplates
)
begin {
Write-Verbose "Cmdlet Invoke-ModuleScriptBody – Begin"
}
process {
Write-Verbose "Cmdlet Invoke-ModuleScriptBody – Process"
$dictionaryDomain = Get-DictionaryDomain $Site
$dictionaryDomainPath=$dictionaryDomain.Paths.Path
$dictionaryDomainItem= Get-Item -Path $dictionaryDomainPath
# dictionary branch template Id…
$templateId = "{BC8C810C-ACAC-4C40-9A37-036BC6B2B93D}"
New-Item -Parent $dictionaryDomainItem -Name "TestModuleDictionary" -ItemType $templateId
}
end {
Write-Verbose "Cmdlet Invoke-ModuleScriptBody – End"
}
}

[Get-DictionaryDomain]

This script returns the dictionary domain item based on selected site node and called from Add-SXAModuleDictionary script.

function Get-DictionaryDomain {
[CmdletBinding()]
param(
[Parameter(Mandatory=$true, ValueFromPipeline = $true, Position=0 )]
[Item]$Root
)
begin {
Import-Function Test-ItemIsDictionaryDomain
Write-Verbose "Cmdlet Get-DictionaryDomain – Begin"
}
process {
Write-Verbose "Cmdlet Get-DictionaryDomain – Process"
Get-ChildItem -Path $Root.Paths.Path -Recurse | ? { (Test-ItemIsDictionaryDomain $_ ) -eq $true } | Select-Object -First 1
}
end {
Write-Verbose "Cmdlet Get-DictionaryDomain – End"
}
}

[Test-ItemIsDictionaryDomain]

This script filters the dictionary domain item based on items from selected site node and called from Get-DictionaryDomain script.

function Test-ItemIsDictionaryDomain {
[CmdletBinding()]
param(
[Parameter(Mandatory=$true, ValueFromPipeline = $true, Position=0 )]
[Item]$Item
)
begin {
Write-Verbose "Cmdlet Test-ItemIsDictionaryDomain – Begin"
}
process {
Write-Verbose "Cmdlet Test-ItemIsDictionaryDomain – Process"
# dictionary domain template Id…
[Sitecore.Data.ID]$DataSourceConfigurationsTemplateID = "{0A2847E6-9885-450B-B61E-F9E6528480EF}"
[Sitecore.Data.Managers.TemplateManager]::GetTemplate($Item).InheritsFrom($DataSourceConfigurationsTemplateID)
}
end {
Write-Verbose "Cmdlet Test-ItemIsDictionaryDomain – End"
}
}

Once you have all the scripts created, navigate back to your site setup scaffolding and click on [AddDictionary] item which you created above in step#2 and set[ Add-SXAModuleDictionary ] script to the Script field.

Next- try to install the module using script->Add site module and select your related module and after the script execution is over you can go back to your Site-> Site dictionary domain-> and you should see [TestModuleDictionary] item created there.

This way you can perform any kind of operation while you are installing specific module to a site, this was just an example to show how you can leverage this feature to provide a seamless module installation experience to your authors.

Hope it helps!

Happy learning 🙂

Reference(s):

https://doc.sitecore.com/developers/sxa/17/sitecore-experience-accelerator/en/add-modules-to-site-and-tenant-scaffolding.html

Sitecore Boxever training

Last week I got a chance to took Boxever eLearning training from Sitecore eLearning platform https://learning.sitecore.com/course/boxever-training ,content of training was great and it has covered following details:

  • Boxever CDP, including how it can be leveraged in Segments, Decisioning, and Experiences
  • Identity Resolution
  • Decision Model Notation
  • Personalization across web-based apps and
  • Full-stack and A/B tests that run across a full technology stack

Details about Customer Data Platform (CDP) is great and explained very well like how the CDP layer can act as a great way to connect missing dots between the organization and customer.

Training also includes details about how personalization can setup based on data from Customer data platform and Decision Model Notation and other inputs.

In between we also got few questions(all multiple choice questions) to answer to check what we have learned so far.

It also include details regarding how we can run A/B tests and how to execute it via this platform.

This was all in a nutshell, I would suggest to take this training and see how this works after all it’s officially part of Sitecore ecosystem now, for me details check https://www.sitecore.com/company/news-events/press-releases/2021/03/sitecore-acquires-boxever-and-four51

Also- in the end there was “Boxever Advanced Certification“, there were 30 multiple choice questions for which we had 1 hr. of time, I am sure you won’t need 1 hr. to complete that.

Happy learning 🙂

Sitecore MVP 2021

Honored to have been awarded Sitecore MVP 2021 under Technology category, 4th time in a row! Thanks Sitecore for this incredible recognition and appreciating the community contributions made last year.

I feel proud to be one of the Sitecore Technology MVP from 170 Sitecore Technology MVPs and 284 Sitecore MVPs altogether this year, this feels great.

I would like to thanks my family, my community friends, my Valtech colleagues and Sitecore for this.

Looking forward to share more with the community.

#LearnSitecore

Setting up Sitecore Lighthouse Demo like a pro

If you are looking to explore SXA (Sitecore Experience Accelerator) and don’t know where to start then Lighthouse demo is the place for you.

Lighthouse Demo is built using Sitecore Experience Accelerator (SXA) on Sitecore Experience Platform (XP) following the Helix principles.

Important to note here is Lighthouse Demo can only be deployed inside Docker Containers (so basic docker knowledge is required).

The idea behind this post is to share my experiences setting up Lighthouse Demo in my local environment issues encountered and resolutions based on the setup guide shared here- https://github.com/Sitecore/Sitecore.Demo.Platform/blob/main/docs/Usage.md

So, let’s get started and check the prerequisites first:

Prerequisites

  • Windows 1809 or higher. Version 1909 is preferred.
  • At least 16 Gb of memory. 32 Gb or more is preferred.
  • A valid Sitecore 10 license file located at C:\license\license.xml
  • The latest Docker Desktop.

Docker Readiness:

  • Make sure you are running Windows containers.
  • Ensure the Windows Docker engine experimental features are enabled (to allow the Linux smtp container to run at the same time as the Windows containers)
  • Go to Docker Desktop taskbar icon, right click on it and click on Settings.
  • Go to Docker Engine and add “experiemental” : true, this is how it will look after you add the key.
  • Click on “Apply & Restart” button to restart your Docker Engine.
  • Also- ensure the value of the “dns” key is set to at least [“8.8.8.8”].
  • Click on “Apply & Restart” button to restart your Docker Engine.

Ok, at this point we are ready to proceed with the installation, so let’s do it.

  1. Clone the Sitecore.Demo.Platform repository locally
    1. https: git clone https://github.com/Sitecore/Sitecore.Demo.Platform.git
    2. ssh: git clone git@github.com:Sitecore/Sitecore.Demo.Platform.git
  2. Open Powershell as administrator and navigate to the folder where you cloned the repo, in my case it was D:\Projects\Sitecore.Demo.Platform
  3. Create certificates and initialize the environment file
    1. .\init.ps1 -InitEnv -LicenseXmlPath C:\license\license.xml -AdminPassword b
    2. You can change the admin password and the license.xml file path as per your local configuration.

4. Next step is to pull the latest Docker images- docker-compose pull

5. Next step is to start the demo containers, but before that make sure to stop IIS- iisreset /stop, This is required each time you want to use the demo as the Traefik container is using the same port (443) as IIS.

6. Now-start the demo containers- docker-compose up -d

It was going fine for initial few mins- but soon I got the below error “Failed to open node.zip

The fix was quite easy and it’s mentioned already here- https://github.com/Sitecore/Sitecore.Demo.Platform/blob/main/docs/Usage.md , just make sure to add the dns key exists with value “8.8.8.8” in docker engine json file.

After updating the dns key and value it resolved the error and continued with docker compose up once again.

At step #26 “RUN .\packaging\generate-update-package.ps1” there was one another error, to me everything was fine.

After some time I was able to figure out this and was able to fix it by installing latest version of Docker Desktop (I had version 2.3 so I installed the latest one i.e 2.5) and the error got resolved and the docker compose up completed successfully.

During compose up there was an error related to solr “cannot start service solr” and one of my solr instance was running on 8984 port, when i stopped the service everything was fine

So it’s important to make sure that following ports are not being used by any process- 443, 8079, 8081, 8984, and 14330 as the default Sitecore container configuration uses these specific ports.

You can now check the progress of the initialization by viewing the init container’s logs- docker-compose logs -f init

and after few mins -here you go:

Browse to https://cd.lighthouse.localhost and you should see the Lighthouse landing page with a full-width carousel.

Browse to Browse to https://cm.lighthouse.localhost/ and you see the same carousel

Once you are done you can just stop the container – docker-compose stop

It’s great to start exploring Lighthouse Demo to understand SXA and docker (given the work and effort which Sitecore is putting in docker, it’s high time to start exploring docker ASAP)

I would like to thank Sitecore demo team for their efforts and containerizing Lighthouse demo.

Hope it helps.

Happy Learning 🙂

References:

https://github.com/Sitecore/Sitecore.Demo.Platform

https://github.com/Sitecore/Sitecore.Demo.Platform/blob/main/docs/Usage.md