Simple tip for identifying Sharepoint site (server information leakage) 29 august 2013 Allan CMS, Sharepoint Just the other day, when implementing a new Sharepoint solution I spotted a strange behaviour in Sharepoint 2010. For the current solution some querystring parameters had to be passed around between various pages. One of these parameters happened to have a name of "id". When using this I started seeing a strange behaviour on my Sharepoint site. Suddenly it started throwing exceptions when navigating to pages with this parameter. After testing it on some other websites (that I knew to be Sharepoint sites) I succeeded in invoking the same behaviour and thus forcing a exception to be thrown. An example can be seen here http://danskebank.dk/da-dk/Privat/Pages/Privat.aspx?id=5 Based on the issue and the behaviour of Document libraries it seems to be related somehow to the fact that pages are stored in document libraries and then when adding the "id" parameter to the url, Sharepoint begins searching for a item with that id in the library, which it may have trouble finding and then throwing an error. This is most likely by design, but it also leaks information about the website and if not locked down properly it might even reveal information about the server running the site. So always remember using af custom error page on a public facing website to prevent information leakage.
Virtual Sitecore users and editorlicenses 27 juli 2011 Allan CMS, Sitecore As you may have read previously I just got Sitecore Xpress running as my new website. This was all fine and I have even configured it to use my own SSO solution (which I will discuss in another post), but suddenly I encountered a strange problem. I suddenly started experiencing issues when both my wife and I wanted to edit content at the same time. I had set up my login routine to use my SSO solution and then build a virtual user and login this virtual user to Sitecore and all was fine. I used the following snippet to login my virtual user Sitecore.Security.Accounts.User virtualUser = Sitecore.Security.Authentication.AuthenticationManager.BuildVirtualUser("sitecore\\" + user.Username, true); virtualUser.RuntimeSettings.IsAdministrator = user.IsAdministrator; Sitecore.Security.UserProfile profile = virtualUser.Profile; profile.FullName = user.Username; profile.IsAdministrator = virtualUser.RuntimeSettings.IsAdministrator; profile.Save(); Sitecore.Security.Authentication.AuthenticationManager.Login(virtualUser.Name); Response.Redirect("~/sitecore", true); where the user object is my user gained from SSO. But what we suddenly experienced was a continous loop from the login page to /sitecore back to the login page, which returned to /sitecore and so forth untill the browser eventually gave up. I started debugging and could see that my user was logged in correctly and was a Sitecore administrator, but still the redirect occurred. So I didn't know what was happening and it all seemed very strange. I tried to remove my SSO solution and used the regular Sitecore login page, and suddenly it became clear what the problem was. My Sitecore Xpress license is limited to only 1 Sitecore editor, so once I attempted to login another user (even just another browser), this user was just sent back to the login page. Here I just checked to see if the user was logged in (which he was) and then returned to /Sitecore, which then did a license verification to see if the content editor was accessible. So after having spent some hours trying to figure out what was going on, I then added the following lines to my login page if (!Sitecore.Web.Authentication.DomainAccessGuard.IsNewUserAllowed()) { Response.Redirect("/sitecore/shell/Applications/Login/Users/Users.aspx?su=/sitecore", true); } and suddenly everything made more sense. Now if my wife was logged on I was sent to a page where I could log her off and then afterwards login correctly. (Thanks to http://istern.dk/blog/2010/6/7/usersessions-in-sitecore-(logout-users-from-backend).aspx for showing me where to look in the Sitecore API for this information) So this is a small gotcha when working with Virtual users, since you go around the regular Sitecore login there are some things that you still need to test for, and that you need to verify on your own. So the lesson to be learned here, is that if your Sitecore login is not working, first check out your license restrictions before you do anything else. As a small curiosity this license check seemed to be easy to circumvent using a little bit of reflection and setting of private fields, but that would not be the ethical way to go, so instead I will appreciate my solution giving me the option to see why I cannot login and then logout my wife if she is no longer editing in Sitecore.
Running Sitecore 6 on a single database 26 juli 2011 Allan CMS, Sitecore This is a short and simple blog post describing the actions that I took to get Sitecore Xpress running on a single MS SQL database instead of 3 which is default when Sitecore 6 is installed. This was a requirement because my website is running at a webhost where you by default only can have one SQL database. I knew that this was possible since the datastructure of the three databases is the same with the only exception that in the Core database the required tables/procedures used for ASP.NET Profiles is added. I also knew that this would have some consequences for the functionality in Sitecore. The primary missing feature using this procedure is that the normal publishing logic is not supported and the site needs to use the Sitecore live mode. But for my personal site, this was definitely a feature that I could live without. I'm bound to find that more features are unavailable as I progress on my adventure, but so far I just need the basic editing functionality, and that is running smoothly now. But to get straight to the point I took the following steps. Downloaded and installed the Sitecore Xpress solution Then I simply deleted the master database and the webdatabase from the sql server just to clean up. As I said before the core database is a bit more special which is why I'm keeping that. Besides the core database also contains everything needed to run the Sitecore editor, which I also wanted. Then I modified the /app_config/connectionstrings.config file, where I deleted the connectionstrings pointing to the master and web database (just to ensure that no references where left behind) Then came the more tricky part. I had to modify the web.config file to remove all references to the two databases that I have deleted. Actually it wasn't that complicated and I only had to make these modifications <IDTable type="Sitecore.Data.$(database).$(database)IDTable, Sitecore.Kernel" singleInstance="true"> <param connectionStringName="master"/> <param desc="cacheSize">500KB</param> </IDTable> was changed to the following so the id table is stored in the core database instead of the master database <IDTable type="Sitecore.Data.$(database).$(database)IDTable, Sitecore.Kernel" singleInstance="true"> <param connectionStringName="core"/> <param desc="cacheSize">500KB</param> </IDTable> Then I simply deleted the following entire section (again just for cleanup) <!-- master --> <database id="master" singleInstance="true" type="Sitecore.Data.Database, Sitecore.Kernel"> <param desc="name">$(id)</param> <icon>People/16x16/cubes_blue.png</icon> <dataProviders hint="list:AddDataProvider"> <dataProvider ref="dataProviders/main" param1="$(id)"> <prefetch hint="raw:AddPrefetch"> <sc.include file="/App_Config/Prefetch/Common.config"/> <sc.include file="/App_Config/Prefetch/Master.config"/> </prefetch> </dataProvider> </dataProviders> <securityEnabled>true</securityEnabled> <proxiesEnabled>false</proxiesEnabled> <publishVirtualItems>true</publishVirtualItems> <proxyDataProvider ref="proxyDataProviders/main" param1="$(id)"/> <workflowProvider hint="defer" type="Sitecore.Workflows.Simple.WorkflowProvider, Sitecore.Kernel"> <param desc="database">$(id)</param> <param desc="history store" ref="workflowHistoryStores/main" param1="$(id)"/> </workflowProvider> <indexes hint="list:AddIndex"> <index path="indexes/index[@id='system']"/> </indexes> <archives hint="raw:AddArchive"> <archive name="archive"/> <archive name="recyclebin"/> </archives> <Engines.HistoryEngine.Storage> <obj type="Sitecore.Data.$(database).$(database)HistoryStorage, Sitecore.Kernel"> <param connectionStringName="$(id)"/> <EntryLifeTime>30.00:00:00</EntryLifeTime> </obj> </Engines.HistoryEngine.Storage> <Engines.HistoryEngine.SaveDotNetCallStack>false</Engines.HistoryEngine.SaveDotNetCallStack> <cacheSizes hint="setting"> <data>20MB</data> <items>10MB</items> <paths>500KB</paths> <standardValues>500KB</standardValues> </cacheSizes> </database> <!-- web --> <!-- REMOVED FOR STARTER KIT <database id="web" singleInstance="true" type="Sitecore.Data.Database, Sitecore.Kernel"> <param desc="name">$(id)</param> <icon>Network/16x16/earth.png</icon> <securityEnabled>true</securityEnabled> <dataProviders hint="list:AddDataProvider"> <dataProvider ref="dataProviders/main" param1="$(id)"> <disableGroup>publishing</disableGroup> <prefetch hint="raw:AddPrefetch"> <sc.include file="/App_Config/Prefetch/Common.config" /> <sc.include file="/App_Config/Prefetch/Web.config" /> </prefetch> </dataProvider> </dataProviders> <proxiesEnabled>false</proxiesEnabled> <proxyDataProvider ref="proxyDataProviders/main" param1="$(id)" /> <archives hint="raw:AddArchive"> <archive name="archive" /> <archive name="recyclebin" /> </archives> <cacheSizes hint="setting"> <data>20MB</data> <items>10MB</items> <paths>500KB</paths> <standardValues>500KB</standardValues> </cacheSizes> </database> --> Then I changed the following reference (I haven't yet decided whether or not to use the search database for anything, so I'm not fully aware of the consequnces of this yet <master type="Sitecore.Search.Crawlers.DatabaseCrawler, Sitecore.Kernel"> <Database>master</Database> <Tags>master content</Tags> </master> to <master type="Sitecore.Search.Crawlers.DatabaseCrawler, Sitecore.Kernel"> <Database>core</Database> <Tags>master content</Tags> </master> Then I removed this agent since my master database is now missing <!-- Agent to process schedules embedded as items in a database --> <agent type="Sitecore.Tasks.DatabaseAgent" method="Run" interval="00:10:00"> <param desc="database">master</param> <param desc="schedule root">/sitecore/system/tasks/schedules</param> <LogActivity>true</LogActivity> </agent> I removed the publish agent (it was already disabled, but I just removed it to do some cleanup, while I was at it) <!-- Agent to publish database periodically --> <agent type="Sitecore.Tasks.PublishAgent" method="Run" interval="00:00:00"> <param desc="source database">master</param> <param desc="target database">web</param> <param desc="mode (full or incremental)">incremental</param> <param desc="languages">en, da</param> </agent> Then I changed the following setting <setting name="Publishing.AutoScheduleSmartPublish" value="true"/>to false (since publishing is not supported for this setup anyhow) And then finally I changed the most important section of it all. The <sites> section. I changed it from <sites> <site name="shell" virtualFolder="/sitecore/shell" physicalFolder="/sitecore/shell" rootPath="/sitecore/content" startItem="/home" language="en" database="core" domain="sitecore" loginPage="/sitecore/login" content="master" contentStartItem="/Home" enableWorkflow="true" xmlControlPage="/sitecore/shell/default.aspx" browserTitle="Sitecore" htmlCacheSize="2MB" registryCacheSize="3MB" viewStateCacheSize="200KB" xslCacheSize="5MB"/> <site name="login" virtualFolder="/sitecore/login" physicalFolder="/sitecore/login" database="core" domain="sitecore"/> <site name="testing" virtualFolder="/sitecore/testing" physicalFolder="/sitecore/testing" rootPath="/sitecore/content" database="master" domain="sitecore" enableWorkflow="true"/> <site name="admin" virtualFolder="/sitecore/admin" physicalFolder="/sitecore/admin" enableWorkflow="true" domain="sitecore" loginPage="/sitecore/admin/login.aspx"/> <site name="service" virtualFolder="/sitecore/service" physicalFolder="/sitecore/service"/> <site name="modules_shell" virtualFolder="/sitecore modules/shell" physicalFolder="/sitecore modules/shell" rootPath="/sitecore/content" startItem="/home" language="en" database="core" domain="sitecore" content="master" enableWorkflow="true"/> <site name="modules_website" virtualFolder="/sitecore modules/web" physicalFolder="/sitecore modules/web" rootPath="/sitecore/content" startItem="/home" language="en" database="web" domain="extranet" allowDebug="true" cacheHtml="true"/> <site name="website" virtualFolder="/" physicalFolder="/" rootPath="/sitecore/content" startItem="/home" database="web" domain="extranet" allowDebug="true" cacheHtml="true" htmlCacheSize="10MB" registryCacheSize="0" viewStateCacheSize="0" xslCacheSize="5MB" filteredItemsCacheSize="2MB" enablePreview="true" enableWebEdit="true" enableDebugger="true" disableClientData="false"/> <site name="scheduler" domain="sitecore"/> <site name="system" domain="sitecore"/> <site name="publisher" domain="sitecore" enableWorkflow="true"/> </sites>to the following, where the major differences just are related to modifying the setup of the various sites, so they read from the core database instead of their default database. Also the website-site has the filterItems set to true in order to simulate the publishing logic, so that I can have pages that are not published. Also the startitem for the website-site was also changed to /default instead /home, since /home is already in use in the core database to support the content editor <sites> <site name="shell" virtualFolder="/sitecore/shell" physicalFolder="/sitecore/shell" rootPath="/sitecore/content" startItem="/home" language="da" database="core" domain="sitecore" loginPage="/sitecore/login" content="core" contentStartItem="/default" enableWorkflow="false" xmlControlPage="/sitecore/shell/default.aspx" browserTitle="Sitecore" htmlCacheSize="2MB" registryCacheSize="3MB" viewStateCacheSize="200KB" xslCacheSize="5MB"/> <site name="login" virtualFolder="/sitecore/login" physicalFolder="/sitecore/login" database="core" domain="sitecore"/> <site name="testing" virtualFolder="/sitecore/testing" physicalFolder="/sitecore/testing" rootPath="/sitecore/content" database="core" domain="sitecore" enableWorkflow="true"/> <site name="admin" virtualFolder="/sitecore/admin" physicalFolder="/sitecore/admin" enableWorkflow="false" domain="sitecore" loginPage="/sitecore/login"/> <site name="service" virtualFolder="/sitecore/service" physicalFolder="/sitecore/service"/> <site name="modules_shell" virtualFolder="/sitecore modules/shell" physicalFolder="/sitecore modules/shell" rootPath="/sitecore/content" startItem="/home" language="en" database="core" domain="sitecore" content="master" enableWorkflow="true"/> <site name="modules_website" virtualFolder="/sitecore modules/web" physicalFolder="/sitecore modules/web" rootPath="/sitecore/content" startItem="/default" language="da" database="core" domain="extranet" filterItems="true" allowDebug="true" cacheHtml="true"/> <site name="website" virtualFolder="/" physicalFolder="/" rootPath="/sitecore/content" startItem="/default" database="core" domain="extranet" allowDebug="true" cacheHtml="true" content="core" contentStartItem="/default" htmlCacheSize="10MB" registryCacheSize="0" viewStateCacheSize="0" xslCacheSize="5MB" filteredItemsCacheSize="2MB" enablePreview="true" enableWebEdit="true" enableDebugger="true" disableClientData="false" filterItems="true"/> <site name="scheduler" domain="sitecore"/> <site name="system" domain="sitecore"/> <site name="publisher" domain="sitecore" enableWorkflow="true"/> </sites> As a final step I created a new "Home" node in the core database, that I called "Default" (which is referenced in the <sites> section), and then I was good to go and could build up my new site So as simple as that I now have my Sitecore solution running on just a single database. Rather then modifying the actual web.config I could have used the /app_config/include folder instead and create a modification configuration file, but that I guess is a task left up to the reader. As I progress and extend my solution I will try to keep you posted on my blog as to what my experiences are with this customized solution
Picking the right CMS 26 juli 2011 Allan CMS, Sitecore I have a personal website hosted on http://a-dahl.dk. This should just be a very simple easy maintab [More]