Saturday, 20 April 2019

Avoid Anonymous access for Sitecore Admin Pages on Live Site

On today post, will discuss on securing Sitecore admin page on live site from anonymous user to access.

But first I will tell you that how anonymous can access Sitecore admin page of any live Site with their basic common sense and smart guess. And then will know how to protect Admin pages to Save business from unknown users.


As a Anonymous user, 

How I can know which Web Application developed on Sitecore CMS?
Answer is very easy - https://whatcms.org/

Once knew web Application is on Sitecore, then follow approach of Hit-n-Try, by accessing Admin Page and if you are smart Guy then you may know what next to do.

But please avoid to do this as Anonymous user, Be a Good man. And if you are going to find any Site's admin page accessible as Anonymous user then please let them (Organization) Know.

Now come to the point, that how to avoid of anonymous access Sitecore Admin Pages on Live Site

And we can do this with different approaches by restriction on IP access or location. But here I will mention a very easy way to secure.

By disabling anonymous access in internet information services (IIS) manager

For that follow below steps:
  • Open the IIS
  • Navigate to the Sites\<Target WebSite>\App_Config folder.
  • In Features View, double-click Authentication.






  • In the Authentication window, select Anonymous Authentication and in the Actions panel, click Disable.

  • Repeat these steps for /sitecore directory.

Please share your comments/Feedback if any.

Saturday, 19 January 2019

Find Sitecore Item Path with the help of Item Id using SQL Script

Sometimes it's difficult to find the Item path if you are working on multi-site and their Sitecore Search is not working.

The same issue I was facing today, tried as much as possible. And came up with one approach to write SQL Script for this.


For this only need to write one SQL Function and then run the query with Item Id for which you are finding the item path.


Below is the SQL Function which you have to create in the Instance SQL Database where you are finding Item Information

USE [DBNAME]
GO
/****** Object:  UserDefinedFunction [dbo].[GetItemPath]   ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE FUNCTION [dbo].[GetItemPath] 
(
 @ItemID [uniqueidentifier],
 @RootItemPath [uniqueidentifier]
)
RETURNS varchar(MAX)
AS
BEGIN
 DECLARE @Result varchar(MAX);

 with scpath(Name, ParentID, id)
 as
 (
  select Cast(a.Name as varchar(MAX)), a.ParentID, a.ID
  from [Items] a
  where a.ID = @ItemID
  union all
  select Cast(b.Name + '/' + c.Name as varchar(MAX)), b.ParentID, b.ID
  from [Items] b
    inner join scpath c on b.ID = c.ParentID
  where c.ParentID is not null
 )

 select top 1 @Result = '/' + d.Name  from scpath d
  where d.ID = @RootItemPath
 RETURN @Result

END


Once function created now run the below script with Item Id

SELECT [Name], [dbo].[GetItemPath] (ID,'{11111111-1111-1111-1111-111111111111}') AS ItemPath 
 FROM [dbo].[Items]
 WHERE [ID] = '{45BC606D-21CE-4D03-B204-9EBAC0ABDF0B}'

sitecore-item-path


Hope it will help you, Enjoy your day :-)