Showing posts with label SECURITY. Show all posts
Showing posts with label SECURITY. Show all posts

Monday, 1 May 2023

DNS Switch for Sitecore SSO Enabled Application

Recently I worked on a scenario where after an application upgrade and before go live, we were looking to switch DNS for SSO enabled Sitecore Web Application.



There are few and simple steps to follow:

There will be 2 URLs (Live and Upgraded Application), let's say L and U

  • From Site Definition configuration file, swap hostName and targetHostName values between L and U config files.
  • Since we were using WSO2 for SSO authentication, and input request SAML settings were done in web.config, So just need to swap SAML setting values between L and U.
  • Please connect with your WSO2 team mate for SSO Url updates, by adding new ACS Url to authenticate with SSO.

That's it. For us after above 3 changes - it worked.

Saturday, 20 April 2019

Avoid Anonymous access for Sitecore Admin Pages on Live Site

On today post, will discuss on securing Sitecore admin page on live site from anonymous user to access.

But first I will tell you that how anonymous can access Sitecore admin page of any live Site with their basic common sense and smart guess. And then will know how to protect Admin pages to Save business from unknown users.


As a Anonymous user, 

How I can know which Web Application developed on Sitecore CMS?
Answer is very easy - https://whatcms.org/

Once knew web Application is on Sitecore, then follow approach of Hit-n-Try, by accessing Admin Page and if you are smart Guy then you may know what next to do.

But please avoid to do this as Anonymous user, Be a Good man. And if you are going to find any Site's admin page accessible as Anonymous user then please let them (Organization) Know.

Now come to the point, that how to avoid of anonymous access Sitecore Admin Pages on Live Site

And we can do this with different approaches by restriction on IP access or location. But here I will mention a very easy way to secure.

By disabling anonymous access in internet information services (IIS) manager

For that follow below steps:
  • Open the IIS
  • Navigate to the Sites\<Target WebSite>\App_Config folder.
  • In Features View, double-click Authentication.






  • In the Authentication window, select Anonymous Authentication and in the Actions panel, click Disable.

  • Repeat these steps for /sitecore directory.

Please share your comments/Feedback if any.