Showing posts with label Sitecore: MinorButTricky. Show all posts
Showing posts with label Sitecore: MinorButTricky. Show all posts

Saturday 20 April 2019

Avoid Anonymous access for Sitecore Admin Pages on Live Site

On today post, will discuss on securing Sitecore admin page on live site from anonymous user to access.

But first I will tell you that how anonymous can access Sitecore admin page of any live Site with their basic common sense and smart guess. And then will know how to protect Admin pages to Save business from unknown users.


As a Anonymous user, 

How I can know which Web Application developed on Sitecore CMS?
Answer is very easy - https://whatcms.org/

Once knew web Application is on Sitecore, then follow approach of Hit-n-Try, by accessing Admin Page and if you are smart Guy then you may know what next to do.

But please avoid to do this as Anonymous user, Be a Good man. And if you are going to find any Site's admin page accessible as Anonymous user then please let them (Organization) Know.

Now come to the point, that how to avoid of anonymous access Sitecore Admin Pages on Live Site

And we can do this with different approaches by restriction on IP access or location. But here I will mention a very easy way to secure.

By disabling anonymous access in internet information services (IIS) manager

For that follow below steps:
  • Open the IIS
  • Navigate to the Sites\<Target WebSite>\App_Config folder.
  • In Features View, double-click Authentication.






  • In the Authentication window, select Anonymous Authentication and in the Actions panel, click Disable.

  • Repeat these steps for /sitecore directory.

Please share your comments/Feedback if any.
Posted by at 1 comment:
Labels: , ,
Location: Gurugram, Haryana, India

Wednesday 4 April 2018

Encrypt/Decrypt Sitecore Connection Strings


It's always good practice to encrypt connection strings for your Sitecore instance to keep safe from anonymous 😇 .
Since encryption and decryption are specific to each server, so we require to run encryption on every IIS server.
Like for CD server sometimes we require to encrypt Connection strings.

So let's start demo:
firstly open command prompt as administrator and run below command

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -pef "connectionStrings" "C:\websites\sxapoc\Website"




sitecore-encrypted-connection-string-command



       that's it. Now check your connection string for selected Sitecore instance
it will look like this

sitecore-encrypted-connection-string

now to decrypt run below command

         C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -pdf "connectionStrings" "C:\websites\sxapoc\Website"
sitecore-decrypted-connection-string-command


@Note: Maybe the path will differ based on OS
either C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe
or C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe


Happy Sitecore !!!
Posted by at No comments:
Labels: ,
Location: Gurugram, Haryana, India

Saturday 10 March 2018

Sitecore File Explorer access ?

Wanted to access files of sitecore instance, but not able to access physical files because that instance hosted on another Server/System?

Wanted to deploy files (includes: views/assets/dll/configs) on QA/UAT and you have access of Sitecore Instance CMS only?

Wanted to download for comparing files or upload your own files on QA/UAT quickly?

sitecore-file-explorer


So these all you can do with Sitecore existing feature, where you can access file explorer via Instance URL:

instancename/sitecore/shell/default.aspx?xmlcontrol=FileExplorer


Posted by at No comments:
Labels: ,
Location: India

Tuesday 6 February 2018

Default Values in Sitecore Configs


It will be great if we've idea about default values of configs Item in Sitecore, to do change on that.

Here I'm attaching the image for quick look.



Click here to get list of all the default value of Item in sitecore Config.



Happy Sitecore 😎 
Posted by at No comments:
Labels: ,
Location: Gurugram, Haryana, India

Wednesday 24 January 2018

How to check Sitecore Item Update without Publishing?

As Developer, We always looking to accelerate our development effort.

sitecore-live-mode


Here is a scenario where wanted to do some updates on sitecore item and wanted to see the presentation without publishing each time.
After doing some to and fro, found useful existing sitecore config change.

Sitecore have already LiveMode.Config (~/App_Config/Include/).
By default this config is disabled.

To enable LiveMode.Config remove example extension from config.

After enabling LiveMode.Config we can see the changes of sitecore item without publishing.

And now it's time for demo and unit testing:

1. Goto any page item on web database update any field with value (Say A)
2. Now on same page item on master database update that field with value (Say B)
3. Now check this page on live mode
and will see changes as A

4. and if LiveMode.Config is enabled then will see changes as B

So this is cool features, if we need to verify the presentation changes before publishing to Web Database.


Enjoy your Day!!!
Posted by at No comments:
Labels: ,
Location: Gurugram, Haryana, India

Friday 24 November 2017

Sitecore Licence Details Option and Login Screen Image

sitecore-login-screen

Actually I was just looking login page's code and found that we can also check Licence details from Login Screen without logging.


From sitecore.config we just need to make the value="true" for setting name="Login.DisableLicenseInfo" i.e.

 <setting name="Login.DisableLicenseInfo" value="true">

 and below is the screen after making the changes.

sitecore-login-licence-details-options

Here may be noticed that login screen background image has been changed.

Yes also did this one, there is a change from sitecore.config as

<setting name="Login.BackgroundImageUrl" value="/sitecore/login/drop_wallpaper.jpg">
Changed with

 <setting name=Login.BackgroundImageUrl" value="/sitecore/shell/themes/Backgrounds/Building.jpg">

 Have a Good Day!!!
Posted by at No comments:
Labels: ,
Location: Gurugram, Haryana, India

limit search result from Sitecore Content Tree

sitecore-search

Obviously it's not big issue, but sometime clients asking to limit search result while searching any Sitecore item from Content Tree.

we just need to change limit from setting to display search result.
So let's start

It's same as previously we did for limiting number of items for multi list field. from sitecore.config we need to change the value for setting for Search.ContentTreeSearch.MaxResults.

 By default 25 results are listed when we search any items from content tree, and we can decrease the results list and also can increase.

<setting name="Search.ContentTreeSearch.MaxResults" value="25">

And if wanted to list all the searched result then set value as 0 (But suppose a scenario, if we have 1000+ items for searched item then it may take time or may impact to performance).

Let's take an example:

Please have a look


Sitecore config changes:

sitecore-config

Sitecore Content Tree:

sitecore-search-result


Have a Good Day!!!



Posted by at No comments:
Labels: ,
Location: Gurugram, Haryana, India

Thursday 23 November 2017

Limit number of Items for multilist with sitecore

sitecore-config

Today got an scenario, where someone wants to limit the number of items for multi list field.

Really I had no idea that time so started r&d, and yes found that there is a setting into the sitecore.config. And the big thanks to Sitecore that already handled all the things only we need to give limitation.

By default there are total 100 number of items are allowed to multi list field.

<setting name="Query.MaxItems" value="100">

and if wanted to list all of the items into the multi list field then we can set value as 0 (i.e. value="0"), but it will impact to the performance.



Have a great day!!!
Posted by at No comments:
Labels: ,
Location: Gurugram, Haryana, India
Subscribe to: Posts (Atom)