For Sitecore, specify MongoDB connections in lower case…

2017-03-31 Andy BurnsMongoDBLeave a comment

You wouldn’t think this was 2017, but here we are again struggling with upper and lower case again.

In a Sitecore instance I had the following connection string to MongoDB:

<add name="analytics" connectionString="mongodb://mongo.ourserver.local/XXXX_analytics" />

However, something was wrong with the instance; installing packages on it didn’t work (which is VERY strange – why does it need MongoDB? That doesn’t make sense! Anyway…)

Looking in the log, I found:

36404 00:00:26 ERROR Exception when executing agent processing/taskAgent Exception: MongoDB.Driver.MongoCommandException Message: Command 'findAndModify' failed: exception: db already exists with different case already have: [xxxx_tracking_live] trying to create [XXXX_tracking_live] (response: { "errmsg" : "exception: db already exists with different case already have: [xxxx_tracking_live] trying to create [XXXX_tracking_live]", "code" : 13297, "ok" : 0.0 }) Source: MongoDB.Driver at MongoDB.Driver.Operations.CommandOperation`1.Execute(MongoConnection connection)

Ah. So MongoDB would happily:

Try to find the repository with the name containing capitals (“XXXX_analytics”)
Correctly fail (repository doesn’t exist), and then create the repository with the name rendered to lower case (“xxxx_analytics”)
Try to find the repository with the name containing capitals again (“XXXX_analytics”)
Incorrectly fail to find the repository due to the case difference, and then try to create the repository a second time with the name renadered to lower case.

This is stupid. If one method ignores case, so should the others. I don’t mind which way it works – obey or ignore case – but it needs to be consistent.

Turn off Auth on Solr

2017-03-30 Andy BurnsSearch, solrLeave a comment

Okay, so you probably shouldn’t be doing this – but should you install Solr using the Bitnami stack – like I usually would – it will ask you to set up a usename and password to connect with.

This is a good thing (much better than MongoDB’s “Insecure by default” configuration) – but what if you don’t want it (e.g. for your shared dev Solr instance)?

Edit \solr-xxxx\apache-solr\conf\solr.conf
Set AuthType to “None”
Remove “Require User ” line
Restart service.

That should do it.

Securing MongoDB (Brief Notes)

2017-02-28 Andy BurnsMongoDB, SitecoreConfigLeave a comment

So, Sitecore uses MongoDB, a product that has an interesting approach to security. When you install it, by default, it doesn’t have any. By Default:

Mongo does not require authentication
Communication is unencrypted
In fact, if you can connect to it, you can bugger about with the data

This is, ahem, “suboptimal”. It is, however, possible to to set it up. Options:

Restrict IP address access at the firewall. Good practice, to be honest, and not covered here.
Configure to use SSL
Configure to use a username/password in connection strings

Continue reading “Securing MongoDB (Brief Notes)” →

Sitecore Serialization – System.ArgumentException: Illegal characters in path

2017-01-262017-01-18 Andy BurnsSerialization, SQL1 Comment

So, I was trying to use Sitecore Serialisation, and I got the following error:

System.ArgumentException: Illegal characters in path.
at System.IO.Path.CheckInvalidPathChars(String path, Boolean checkAdditional)
at System.IO.Path.IsPathRooted(String path)
at Sitecore.Data.Serialization.PathUtils.MapItemPath(String itemPath, String root)

Joy. Sadly, this pad doesn’t give a clue what the problem item actually is. The log files don’t show an exception – but I can see the last item processed, and it looks funny:

So, if that’s the item throwing the exception then a) serialisation isn’t logging the exception, which sucks, and b) some items in this tree have newline or carriage return characters (\n or \r)

To try and find these, I ran SQL against the database…

SELECT * FROM [MASTER].[dbo].[Items] where Name like '%' + CHAR(10) + '%' or Name like '%' + CHAR(13) + '%'

This found a bunch of items with \r in their names. Lord knows how they were put there. I suspect copy and paste from some of the actual content.

Sitecore Permissions

2017-01-182017-01-13 Andy BurnsPermissions, SecurityLeave a comment

Sitecore permissions are always a bit of a pain to figure out. You’ve got the question of inheritance of rights from parent nodes, and how role rights conflicts are resolved.

Well, these two links are particularly useful, I found:

Assigning Access Rights
The Inherit Access right
… and the section of the Sitecore documentation that they’re in

There’s quite a lot of reading there, but it’s good content. The easiest way I’ve found for considering permissions is:

Unspecified (effectively no-access) is beaten by Inherited rules (variable) is beaten by Allowed (has access) which is beaten by Deny (No access).

In other words, an explicit Deny will block access to a user.

If there is a conflict between explicitly assigned roles, Deny wins.

If rights are assigned directly to a user (rather than a role) they win – though you shouldn’t be assigning rights directly to users. It’s unmanagable in the long term.

Simple, right?

Useful Post on using USING() with EditContext

2017-01-162017-01-13 Andy BurnsEditContextLeave a comment

Kam Figy of Kam’s Idea Log has a helpful post on “EditContext Considered Harmful” which is well worth a read.

The short form – USING() is bad, as it always disposes, which commits some (but not necessarily all) updates. Item.Editing.BeingEdit() and Item.Editing.EndEdit() are preferred.

Sitecore Azure (8.1)

2017-01-132017-01-12 Andy BurnsazureLeave a comment

So, the fun and games of a new technology. I had to install Sitecore Azure (documentation); here are some of the issues I found…

Continue reading “Sitecore Azure (8.1)” →

Custom Download from Sitecore User Manager

2017-01-042016-12-20 Andy BurnsRibbon, Sheer, UserManagerLeave a comment

I had a requirement on a recent project to download a .CSV from within Sitecore User Manager. Basically, it was to download all users within a particular domain. The ‘download’ bit proved tricky, though. Continue reading “Custom Download from Sitecore User Manager” →

Checking HSTS headers

2016-12-222016-12-21 Andy BurnsChrome, HSTS, HTTPHeaders, HTTPSLeave a comment

A quick note to myself – in Chrome you can check your HSTS headers for a site using:

chrome://net-internals/#hsts

This was a problem for me yesterday, and the UAT system I was configuring wasn’t visible to sites like https://securityheaders.io/ that I’d normally use.

Minifying JS – Skip removing line numbers?

2016-12-142016-11-16 Andy BurnsAppInsights, JavaScript, LoggingLeave a comment

I’m a big fan of App Insights, and I’m loving it’s increasing integration with Visual Studio. To me, it’s just great.

However, I did find myself laughing a bit at this. App Insights was recording JavaScript errors from a (third party’s) .JS file.

This is showing an error on Line 93. The thing is, the file has been minified – and all the code in the file is on line 93.

Hmm. All this would save is a couple of hundred bytes over the wire. I’m just not sure it’s worth it for most of the projects I work on. I think having the new-lines still in (albeit otherwise minified).

To be honest, we’d save more space by stripping out the 92 lines of Licensing information above the code. I’m not sure that that shouldn’t reside in a text file, and just have a comment referencing the licence information.

Andy Burns' Blog

Whatever I'm working on