Saturday 20 April 2019

Avoid Anonymous access for Sitecore Admin Pages on Live Site

On today post, will discuss on securing Sitecore admin page on live site from anonymous user to access.

But first I will tell you that how anonymous can access Sitecore admin page of any live Site with their basic common sense and smart guess. And then will know how to protect Admin pages to Save business from unknown users.


As a Anonymous user, 

How I can know which Web Application developed on Sitecore CMS?
Answer is very easy - https://whatcms.org/

Once knew web Application is on Sitecore, then follow approach of Hit-n-Try, by accessing Admin Page and if you are smart Guy then you may know what next to do.

But please avoid to do this as Anonymous user, Be a Good man. And if you are going to find any Site's admin page accessible as Anonymous user then please let them (Organization) Know.

Now come to the point, that how to avoid of anonymous access Sitecore Admin Pages on Live Site

And we can do this with different approaches by restriction on IP access or location. But here I will mention a very easy way to secure.

By disabling anonymous access in internet information services (IIS) manager

For that follow below steps:
  • Open the IIS
  • Navigate to the Sites\<Target WebSite>\App_Config folder.
  • In Features View, double-click Authentication.






  • In the Authentication window, select Anonymous Authentication and in the Actions panel, click Disable.

  • Repeat these steps for /sitecore directory.

Please share your comments/Feedback if any.

Saturday 19 January 2019

Find Sitecore Item Path with the help of Item Id using SQL Script

Sometimes it's difficult to find the Item path if you are working on multi-site and their Sitecore Search is not working.

The same issue I was facing today, tried as much as possible. And came up with one approach to write SQL Script for this.


For this only need to write one SQL Function and then run the query with Item Id for which you are finding the item path.


Below is the SQL Function which you have to create in the Instance SQL Database where you are finding Item Information

USE [DBNAME]
GO
/****** Object:  UserDefinedFunction [dbo].[GetItemPath]   ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE FUNCTION [dbo].[GetItemPath] 
(
 @ItemID [uniqueidentifier],
 @RootItemPath [uniqueidentifier]
)
RETURNS varchar(MAX)
AS
BEGIN
 DECLARE @Result varchar(MAX);

 with scpath(Name, ParentID, id)
 as
 (
  select Cast(a.Name as varchar(MAX)), a.ParentID, a.ID
  from [Items] a
  where a.ID = @ItemID
  union all
  select Cast(b.Name + '/' + c.Name as varchar(MAX)), b.ParentID, b.ID
  from [Items] b
    inner join scpath c on b.ID = c.ParentID
  where c.ParentID is not null
 )

 select top 1 @Result = '/' + d.Name  from scpath d
  where d.ID = @RootItemPath
 RETURN @Result

END


Once function created now run the below script with Item Id

SELECT [Name], [dbo].[GetItemPath] (ID,'{11111111-1111-1111-1111-111111111111}') AS ItemPath 
 FROM [dbo].[Items]
 WHERE [ID] = '{45BC606D-21CE-4D03-B204-9EBAC0ABDF0B}'

sitecore-item-path


Hope it will help you, Enjoy your day :-)        

Sunday 13 January 2019

Cannot process argument transformation on parameter 'Signer' during CreateSignedCert : NewSignedCertificate: Sitecore 9 Installation Issue

Getting this issue when i was trying to install another Sitecore 9 instance, did some google and found that need to first remove all the existing Sitecore certificates for CurrentUser and LocalMachine.
After this it works fine for me. 
Remember if already any Sitecore instance is running, then do not need to remove certificate for that instance

NewSignedCertificate-Sitecore


Below are the steps to fix this issue:

  • Open mmc (by win+R and type mmc)
  • Click on file and open Add/Remove Snap-in (CTRL+M)
  • Select Certificates from Left hand side and click on Add

  • Select as Computer Account - Next - Local Computer - Finish - OK
  • Console Root - Certificates (local Computer) -  Personal - Certificates
    • And now delete all the *.xconnect, *_SIF, *_sitecore_* related certificates
  • Same follow for Console Root - Certificates (local Computer) -  Trusted Root Certification Authorities - Certificates
    • And now delete all the *.xconnect, *_SIF, *_sitecore_* related certificates

removing-sitecore-certificate

  • Now again Click on file and open Add/Remove Snap-in (CTRL+M)
  • Select Certificates from Left hand side and click on Add
  • Select as Computer Account - Next - My User Account - OK - OK
  • Console Root - Certificates (local Computer) -  Personal - Certificates
    • And now delete all the *.xconnect, *_SIF, *_sitecore_* related certificates
  • Same follow for Console Root - Certificates (local Computer) -  Trusted Root Certification Authorities - Certificates
    • And now delete all the *.xconnect, *_SIF, *_sitecore_* related certificates
remove-sitecore-certificate-currentuser

After these steps, remove physical certificate files from directory c:certificates/

Now again run the final installation script, hope this will help to fix coming issue while installation.


Friday 11 January 2019

All about Package.json ?

Usually, when we are going to start development with any Javascript Framework related project, Package.json is the first step to know all about. And today we will know all about Package.json

sitecore-jss-package.json


What is Package.json?

It's a plain JSON file
Kind of manifest for the project
Help others to easily use, manage and install dependencies
List packages on which project depends on
Packages are in ranges or the specific version
File must contain packages in "name" and "version" format
Used to give information to npm that allows it to identify the project
And help to handle the project's dependencies
Also contain other metadata such as license, distribution, configuration data
Also recommended to put DevDependencies, which makes dev life smooth by fast development

Package.json contains?

All the information are listed in ascending order as below:

name
 sets the application/package name
version
indicates the current version
description 
is a brief description of the app/package
main
set the entry point for the application
private
if set to true prevents the app/package to be accidentally published on npm
scripts
defines a set of node scripts you can run
dependencies
 sets a list of npm packages installed as dependencies
devDependencies
 sets a list of npm packages installed as development dependencies
engines
sets which versions of Node this package/app works on
browserslist
is used to tell which browsers (and their versions) you want to support


Role of package.json?

Whenever user run "npm install" command on root level, all the dependencies related to project which is listed in Package.json will be installed.
and put all dependencies to "node_modules" directory