Sitecore security practices

Security is one of the very important considerations for any website.Today I want to share on how to make sure we keep site’s security in mind while implementing the solution, security is equally important as your build.

change-password

Following are few points which contribute in website security:

  • Change the administrator password : 
    • Sitecore recommends that we create a new administrator account, with a unique name, and delete the out-of-the-box administrator account.
    • Before you deploy your Sitecore installation, you must change the administrator password to a strong password.
    • Changing the password prevents unauthorized users from using the default password to access the admin account.
  • Enforce a strong password policy:
    • Sitecore leverages the Microsoft ASP.NET Membership Provider as the out-of-the-box user management system.
    • Sitecore recommends that you change the password policies to one that works for your organization.
  • Separate Content management and Content delivery Servers:
    • We should setup Separate content management and delivery servers, and content management server shouldn’t be internet facing.
    • If you have to expose your content management environment to the internet, you must:
      • Use HTTPS to secure the content management server.
      • Consider using IP Filtering to allow only whitelisted clients to connect to the Content Management environment.
  • Protect the connectionstrings section in the web.config file:
    • Sitecore stores sensitive information in the web.config file in the <connectionStrings> section.
    • You should encrypt the <connectionStrings> section to prevent this information from being exposed if the web.config file is accessed without authorization.
    • The Microsoft ASP.NET IIS Registration Tool (aspnet_regiis.exe) can be used to encrypt this section.
  • Separate Database server:
    • The CMS and database should be in two different servers.
  • Security rights on content item(s):
    • We should make sure that security rights has been configured for users and more specifically on roles, which users will be a part of.
    • Setting security rights on the  roles level helps administrators to change the configuration, if user moves to a different department, which all together has a different role.
  • Anonymous access to /data and /indexes folder:
    • We should make sure that data/indexes folder are not accessible to anonymous users(This prevents unwanted access to files), and it should be outside of website folder.

These are few of the things which we should take care while implementing/deploying Sitecore solution, this helps us in dealing with hacks and security breaches to some extent.

References: https://doc.sitecore.net/sitecore_experience_platform/setting_up_and_maintaining/security_hardening/security_considerations

Happy learning 🙂

 

 

 

Advertisements

Sitecore items mass delete through serialization

In one of the Sitecore application i worked, we had to sync large amount of data from XML, XML had several thousands of records, there was also a business rule in place which used to check certain conditions/fields before it can be inserted as item in Sitecore.

We performed several tests in local environment, before that utility can be executed in QA and other high end environment, but in this process, we have to go back and delete all existing imported items several times.

This was a time consuming process, as deleting several thousand items in Sitecore, can make your Sitecore instance slow, so, we used Sitecore Serialization to delete the items in bulk.

serialize

The Sitecore serialization functionality is designed to help teams of developers that
work on the same Sitecore solution to synchronize database changes between their
individual development environments, but is also valuable when a single developer
works on a solution.

Serialization allows you to serialize an entire Sitecore database or a series of items in
a database to text files. You can then use these text files to transfer this database or
series of items to another database or Sitecore solution.

This is particularly helpful when we use Sitecore Item buckets to structure all our content items.

Serialization option can be enabled from “Developer” ribbon.

sitecore-developer

In this example, I have created a folder called “Generic Items” and added few items under it.

serialize-s1

Follow the following steps to bulk delete the items:

  • Select the folder whose child items you want to delete, in this case, it’s “Generic Items” folder.
  • In next step, from “Developer” ribbon, click on “Serialize tree” link, this will serialize selected item and child items.
  • Serialization process will start and, it will create .item file for Generic Items folder and all child items under it.
  • Sitecore will store the .item files in data\serialization folder- in my case it’s Data\serialization\master\sitecore\content\Helix\Home\Test Eventsserialize-s2
  • Let’s assume we want to delete all items of “Generic Items” folder, delete the .item files from file system.
  • Once .items files are deleted, go back to Sitecore and from Developer ribbon click on “Revert tree” link.
  • Sitecore will start synching your items back from file system.Serialization-Sync
  • Once the process end, refresh your “Generic Items” folder, and you won’t find any child items there.
  • Sitecore serialization can delete several thousand of items in just few mins, which is way faster then manually deleting the items, which affects performance as well.

This can reduce your development and testing time, when working with large amount of data.

Please let me know if you have any questions, or want to share thoughts around this.

Happy learning 🙂

 

Reading and writing items using Sitecore powershell extensions

Sitecore Powershell Extension is a great tool/module developed by Adam Najmanowicz and Michael West that provides a command line and scripting environment for automating tasks.

In my previous blog post on Sitecore Powershell extensions, we learned very basics of this great module, like it’s introduction, how to install this module, and it’s features.

I would like to take another step in continuation of previous blog post, and like to show some features which can be leveraged out of it.

Retrieve Sitecore Item

We can fetch Sitecore Item based on ID or Path:

If we know the Sitecore item ID, it can be retrieved in following way:

PS-ID

We have to make sure that we are adding the context for database, in this case I have added “master

If we know the Sitecore item path, it can be retrieved in following way:

PS-Path

Retrieve Items from all languages and versions

We just need to pass language and version parameter, if we want items  based on specific language or version, we can specify that language and version as parameter values, instead of passing * to it.

PS-Item-language-version

Retrieve child Items

We can get all child items based on Sitecore path, this is how it can be used:

PS-ChildItems

If you want to retrieve all descendants from the given path, we can add recurse parameter, please see following for ref:

PS-ChildItems-recurse

Bulk Updates

There can be scenarios, where certain field(s) are not updated or empty for some reasons, and now you want to update that specific field for all the items, this is now not so easy, as you have several hundreds of items, but,there is an easy way to make this bulk update using powershell extensions.

PS-Bulkupdates

In the above example- we are trying to filter all the child items under /content/helix/home node where “Browser Title” field is empty, once we have a list of all items, we are iterating over all such items and updating the field with the “Display Name” value of the item.

Bulk updates for “Alt” text

Another very valid scenario for bulk updates can be updating all the Image items where “Alt” text is missing, following can be used to update all such Image items:

PS-Bulkupdates-Images

In the above example- we have used Sitecore query to get all the items based on template name “Image” and then finding such items which has missing “Alt” text, once we have a list we just updated the “Alt” text with item display name value, and then it can be updated by content authors to put something more specific, if required.

I strongly encourage all Sitecore developers to start using this module, and see how this can be leveraged into your solution, this is for sure helping and going to help everyone a lot.

I will continue sharing my thoughts and experiences on this topic, please let me know if you have any questions.

References:

http://blog.najmanowicz.com/sitecore-powershell-console/

https://michaellwest.blogspot.in/

Happy learning 🙂

Setting up Sitecore Active Directory Module

Active Directory module provides the integration of Active Directory domain with the Sitecore solution.We can integrate the domain users and groups available into Sitecore CMS as Sitecore users and Sitecore roles.

AD1.3

As part of this blog we will be using Active Directory Module 1.3 which runs on Sitecore 8.2, the complete list of modules can be checked here- https://dev.sitecore.net/Downloads/Active_Directory.aspx

Download AD Module 1.3 from here- https://dev.sitecore.net/Downloads/Active_Directory/1_3/Active_Directory_1_3.aspx

Once Module Installation is completed, here are the next steps i followed:

Modifying Config files:

Connectionstring.config

In connectionstring.config file, add a new connectionstring which has AD details , in the following screenshot it’s just a test OU name, but you will be replacing this with real OU, you can also apply filters for OU, so that you are exposing only those groups which are expected and required to be a part of Sitecore, like Admin,IT, Sales and etc.

AD-connection-string

Domains.xml.config

Open Domains.config.xml and add a new domain to it, file can be found here- App_Config->Security->Domains.xml.config

AD-domain-config

Web.config– MembershipProvider

Add new membership provider.

<add name=”ad” type=”LightLDAP.SitecoreADMembershipProvider” connectionStringName=”LDAPConnString”
applicationName=”sitecore” minRequiredPasswordLength=”1″ minRequiredNonalphanumericCharacters=”0″
requiresQuestionAndAnswer=”false” requiresUniqueEmail=”false” connectionUsername=”username
connectionPassword=”password” connectionProtection=”Secure” attributeMapUsername=”sAMAccountName”
enableSearchMethods=”true” />

AD-membership

Web.config– RoleProvider

Add new role provider.

<add name=”ad” type=”LightLDAP.SitecoreADRoleProvider” connectionStringName=”LDAPConnString” applicationName=”sitecore”   <add name=”ad” type=”LightLDAP.SitecoreADRoleProvider” connectionStringName=”LDAPConnString” applicationName=”sitecore”      username=”username” password=”password” attributeMapUsername=”sAMAccountName” cacheSize=”50MB” />

AD-role

Web.config– ProfileProvider– (Optional)

Note: We need to have an AD user to perform LDAP queries, else you won’t be able to connect to your AD Instance, the same username and password will be set to membership and role provider.

Activating Switching providers:

In web.config  file,in <system.web> section, browse for <membership> element and find the provider called sitecore and set its realProviderName attribute to switcher.

In web.config file, in <system.web> section, browse for <roleManager> element find the provider inside called sitecore and set its realProviderName attribute to switcher.

Adding the Domain-Provider Mappings:

This will be done in sitecore.config

AD-domain-provider

Now, we are done with all basic configuration(s) which are required to be added and configure in order to start using Active Directory Module, go ahead and test it.

Login to Sitecore using admin, and you should be able to see users and roles from AD instance, from this point you can give add AD users to CMS roles, once this is done, please try to login using AD user.

When i was working on this, i tried to login using AD user, and got this error.

AD-user-login-error

Sitecore has provided hot fix for this, and upon applying the fix, i was able to login to Sitecore using AD credentials.

https://kb.sitecore.net/articles/520134

After applying the patch, try to load Sitecore again and you should be all set now.

Hope this helps somebody.

I am working on integrating this module with Sitecore Paas (Azure), and will share the findings with the community soon.

Happy learning 🙂

Sitecore Powershell Introduction and setup

Sitecore Powershell Extension is a great tool/module developed by Adam Najmanowicz and Michael West that provides a command line and scripting environment for automating tasks.

Sitecore Powershell Extensions works with Sitecore process, which can make native calls to Sitecore APIs and allows to change/update the Sitecore Items on the fly. The same Windows PowerShell syntax is used for running commands and writing scripts.

Installing Sitecore Powershell Extensions Module:

  • In order to Install SPE module, search for “powershell” in Sitecore marketplace- http://marketplace.sitecore.net/

PowershellHome

  • Download and Install “Sitecore Powershell Extensions” module.SPE2
  • Once the module is installed, you have access to both console and ISE, see screen shot for ref:CLI-ISE

 

There are several things which can be done using SPE module, which includes:

  1. Getting Sitecore Item.
  2. Getting child Items.
  3. Get Item by path.
  4. Get Items from all languages and versions.
  5. Making bulk updates.
  6. Publishing Sitecore Items.
  7. Deleting Items based on specific conditions and
  8. Several other features.

I just started using it, and the feature/benefits it provides is making me it’s addict.

In the next posts, i will be sharing my learning with the community, including some of the commonly used commands which can make developers life easy.

Thanks again to Michael West and Adam Najmanowicz for this wonderful module.

I hope this helps somebody, and stay tuned for more.

References:

http://blog.najmanowicz.com/sitecore-powershell-console/

https://michaellwest.blogspot.in/

Happy learning 🙂

How to customize Sitecore workflow email action

Sitecore Workflow is a series of steps/process that shows and explains how the content is been created in Sitecore, and how it’s get reviewed,published or rejected.

Content has to go to different states, before it gets pushed to live site, on the very least we can have following Sitecore workflow states which needs to be reviewed:

workflowstates

We can also add other steps or states in our Sitecore workflow, in case if there is a complex approval process in a specific organization.

In this example, I want to show how we can customize the existing Sitecore workflow email action to include more details to it, we also assume as part of this sample that once the content editor is done with adding/updating the content, they would move it to the next step where content approver will be reviewing the content and provide his/her feedback.

Once content editor assign the content for approval, we would like to send an email to the concerned person, so that they are notified that there is some content which needs to be reviewed, before it goes to live site.

We would like to extend the existing Sitecore workflow email action which is based on “/sitecore/templates/system/workflow/emailaction”

default-email-action

and send more details to reviewer about the content item, which includes:

  1. Full path of the content item and
  2. Customized Message text-which includes language and URL, and any other details which are required.

email-action-fields

We will then write a custom class which read all our tokens from Message field of email action template, replace it with the content item values and send it over, we need to update the Type field of email action template to include custom class/assembly details.

custom-email-action

In the above snippet we are reading the values from email action template, and then calling “GetFieldText()” method which basically replace any tokens which are added to the field(s).

Here, we will be replacing language,version,URL tokens which are added to Message field of email action template.

replace-tokens

Once this is done, you should be able to send customized email to reviewer, same customization is possible if you want email alert if the reviewer approves or rejects the content, and you want these details in your email.

I hope this helps somebody.

Happy learning 🙂

Improve Content Authors Experience in Sitecore

Sitecore site that is easy to use for Editors, developers and users is considered as best Implementation, we should always consider content editors while designing Sitecore, because any change afterwords can results in lot of back and forth and cost as well.

Sitecore

I would like to share my thoughts based on real time experience, and i think we should try to consider these in every project from beginning.

  • Experience Editor : Sitecore setup cannot be considered as complete or good, unless all the components are Experience Editor (Page Editor)friendly, this includes:
    1. Should be able to add components and datasource.
    2. Making sure components can be moved.
    3. Should be able to set the personalization.
    4. Should be able to configure test.
    5. Proper configuration of placeholders, which takes care of adding relevant components in proper section of the page.
    6. Edit page metadata.
    7. Editor should be able to add field values from Experience editor like (background Image, multi-list fields and etc)

A fully functional experience editor page is the first sign which shows your commitment towards client and quality of your delivery, and same time you are also making use of Sitecore at it’s best.

  •  Insert Rules: 
    1. Insert rules helps establishing information architecture of content tree, which increases consistency, with Insert rules you can restrict what content types can be added under specific location of content tree, which helps in defining scope and helps running queries as well.
    2. We can go to Configure -> Assign and set the Insert options, we also have a way to dynamically define it by using “Insert Option Rules“.
    3. Insert rules helps your content author, and guide them how and what can be added into specific location of content tree, this will help reducing any type of content error in the site, assist developers to define scope while writing programs which makes your code more stable.
  • Standard Values:  The standard values item is an item of the given template type, which will be used to hold the default field values.
    1. By defining default values we can make sure to pre-populate  the standard field values, so that content authors doesn’t have to populate it over and over again.
    2. We can set the default values explicitly, or use of token is a also a great way to populate the values.
    3. We can populate following fields every time when new item gets created in Sitecore:
      1. Title
      2. Description
      3. Date (if exists)

This a great way to help content authors to give them a feel that page doesn’t looks incomplete while adding a new page to content tree, and editors can of course go back and change the default values if required, you can configure default data sources for you renderings in required.

  • Help text : How content authors are comfortable with Sitecore, determines if your Implementation is successful, so, as a developer we always have to think about content author experience, and that should be our high priority.
    1. We should make sure field labels are optimized in such a way they serve the needs of both the developer as well as the content editors, we can achieve this following three ways:
      1. Title
      2. Short description and
      3. Help link
    2. The title field and the short description of a field item enable us to provide the content editor with useful information and have a technical field name for developers to work with.
    3. If you go to specific field item in Sitecore, you can set these values which helps content authors in understanding what this field is meant for, and what value should be added.
  • Clean Sitecore tree:
    1. A clean Information structure helps in making Site more consistent, and we should always remember that site will be used by content editors and not by developers, so it should be as clean as possible.
    2. A new content editor, who just joined the team shouldn’t find any difficulty understanding the site, and it’s component structure.
    3. Good information architecture is a key to successful Sitecore Implementation and maintenance.
  • Components/placeholder configuration(s):
    1. Proper configuration should be done for placeholders, so that content authors can add only those components which are meat for specific placeholder, this way we can make sure to maintain the design, and can prevent any sort of compatibility issues with the page.
    2. We can use allowed control that exists on the placeholder level, which defines the list of component(s) which can be added.
    3. Also, on each rendering we should define “datasource location” and “datasource template” which helps content authors to understand that these data items are compatible for specific rendering(s).
  • Thumbnail for Renderings:
    1. We should try to add thumbnails for all renderings, so that content authors can visualize that what rendering is meant for what, if there are no thumbnails added, it can creates a confusion to content editors, in case if no friendly names has been given to renderings.
    2. If friendly name has been given, it still makes more sense and add value to assign thumbnails.

As a Sitecore consultant and developer, we should keep an eye on every part of your solution from day 1, this helps you in understanding the system as a whole, and also gives you an opportunity to make sure that best practices has been followed while developing the solution,and also that we are using Sitecore features at it’s best.

I hope this helps somebody.

Happy learning 🙂

fixing end of string expected at position error in Sitecore

Recently while verifying some of the components in Experience Editor, I observed that while adding datasource to the renderings, it was throwing “End of string expected at position 75” error.

I checked following things to troubleshoot the issue:

  1. If Datasource location specified in the rendering exists or not, and it exists.
  2. If Datasource template is defined in rendering or not, and it was there.
  3. Check the errors in log file, and there was an error there, please see the below screen shot what error it was.log
  4. Following error was visible in front end while adding datasource.end-of-string-error

 

It turns out Sitecore doesn’t like hyphens “-” in query path, and few other which includes:

  1. If you query contains keyword “and
  2. If query contains keyword “or
  3. If query contains hyphen “

In my case when i checked the query and it contains keyword “and“, which was basically failing and not allowing me to add  datasource from Experience editor.

Solution:

In order to fix this issue we can add escape character “#” before and after of the items that contains any of these keywords or hyphen “-“, so, for example:

Before : query:./ancestor::*[@@templatename=’SitecoreRoot’]/Global//Modules/Image and Media Module

After : query:./ancestor::*[@@templatename=’SitecoreRoot’]/Global//Modules/#Image and Media Module#

After making this change, the issue was fixed.

It seems this issue was there in Sitecore 6, but it can be replicated in Sitecore 8.1 (rev 160302) as well.

I have raised this with Sitecore support team, and they have registered this as Wish/Feature, so, we may see this issue resolved in coming product versions.

I hope this helps somebody.

Happy learning 🙂

http://sdn.sitecore.net/Reference/Using%20Sitecore%20Query/Sitecore%20Query%20Syntax.aspx

 

Test changes without publishing to web DB in Sitecore

In your development environment, did you ever felt that publishing is not providing a great value, but acting like a hindrance?

PublishItem

In Sitecore you can directly test your changes without publishing your changes to web DB, and configure Sitecore to use content from master DB.
This can be done in two ways:

  1. If you don’t have any custom Site configuration config file exist, please go to App_Config/Include/LiveMode.config.example file and rename it to LiveMode.config or
  2. If you have custom Site configuration file exists, you can change the database value to “master” from “web”.

Please make sure to revert your changes, before deploying the solution to QA or production environment.

Happy learning 🙂

 

Versioned-Unversioned and Shared fields in Sitecore

This blog contains information about items, more importantly languages of items, versions of items in languages, and sharing the values of individual item in different supported languages and numbered versions.

This post is focused on explaining the differences between Versioned,Unversioned and shared fields in Sitecore.

Versioning of an item is controlled in three ways:

  1. Versioned fields
  2. Unversioned fields and
  3. Shared fields

VersionedFields

Versioned fields:

By default all the fields are versioned, which means the the field value will be different across different numberd versions and different language versions as well,
example of numbered version-  title/description and etc, or any such field whose field will be different across different languages/versions.

Unversioned fields:

There are certain fields whose value is same for all the numbered versions for a specific language, such as “Country Name”, “Employee Name” and etc, if we want to have such configuration, we should make that field as “Unversioned” in template definition.
When this(“Unversioned”)  checkbox is selected, the field has the same value for every numbered version within a language, but may have different values between supported languages.

Shared fields:

When the field value doesn’t change across languages and number versions, we should mark that field as shared, shared field value will be common across supported languages and versions.
When the Shared property is set, changes to the field value in any language or numbered version of the item will be reflected in all the other language versions and numbered versions.Example- “Id” or some unique identifier which will be commons across languages and versions.

I hope this helps someone in understanding the core concepts and versioned fields.

Please let me know your feedback, or your thoughts on the same.

Happy learning 🙂