Extranet security only applies when you restart IIS…

I was surfing accross SDN today and there I found at the known issues part for Sitecore 5.1.1 the following note:

Extranet security changes require IIS Restart
Access right assignments you make for the Extranet Users and Roles won’t take effect until IIS is restarted. This issue can be fixed by installing the Extranet Security Issue patch.

Now I finally understand why my all my script didn’t work in the first place but worked after I placed it between the using(new SecurityDisabler())-bracket.
When these problems occur at your installation. Login at SDN and download the patch

Upgrading or stay and wait?

One of the things that keep me busy these days are the things Runi Thomson wrote as a comment of this post.
He is reacting on the question of Alexey Rusakov about if SiteCore will be released in both .Net versions or just in one after the release of 5.2.
This is the reaction of Runi:

We certainly hope not. Sitecore version 5.1.1.x will be the last ASP.NET 1.1 version of Sitecore, unless a serious error emerges. We are currently working on version 5.3 which is an all ASP.NET 2.0 version.

I wouldn’t be Alex when I won’t have question about this decision. The questions are mostly technically, but also as partner LECTRIC got the idea that SiteCore would be released in both versions for a while at least till the end of 2006.
Ofcourse I know that ASP.Net 2.0 has got lots of advantages against version 1.1., I even don’t expect hard times developing for my collegues and me(as a matter of fact, I already studied a lot on the new features and am not so damn impressed by the new features, but all off that is another discussion). The main points of discussion are for me actually:
– Hosting of 2.0 definitelly requires Windows 2003. As most servers are still running on Windows 2000 it means that we can’t upgrade those sites easily.
– Developing for 2.0 requires SP2 on XP, some of our customers, which are developing intern, are not able to roll out SP2 for some reason or are not able to do it before Q4 2006. This means that we can not offer them new versions?
– SiteCore reports to the world that they won’t release a new 5.1.x version unless it will be unstable on lots of points. So I guess that SiteCore signs the version as the most stable release? When that’s actually the case, the decision for new projects is quite easy! We will stay on till one of our customers actually does require the new features.
– Practically, what can we expect from new versions? Will the core be fully rewritten so it will be native and not upgrade code? What does this mean for the API? Most developers are finally familiar with the 5.1 API.

I’m a little critical but this is also because I expected SiteCore would give us developers more time to get familiar with 2.0. As our sales department will actually sell the new versions before I can even move my mouth, I expect the first offers are already on their way to the customers. 😉 New technics… pfff 😛
Going to sleep now, tomorrow again a SiteCore day.. Going to release another tool of me, the SiteCore security tool, which makes you able to set the security on SQL Server(2000) without haveint to change the script manually(prefixes, role names and logins are configures just ones) guess my last tool in 1.1 :P.

Forgot something! Have to e-mail our sysop that he’s going to search for the stable Visual Studio 2005 CD for me 🙂

Login failed for user ‘sa’

Notthing is more frustrating then an installation where occur errors.
I got the following error:
Login Failed for User ‘sa’, Not Associated with a trusted SQL Server Connection.

Guess what, I’m working on a developer notebok of our customer and mixed authentation mode wasn’t allowed.
The solution is quite easy to find using Google: http://www.banmanpro.com/support/sql2k.asp

The way from 5.0.6 to 5.1.1 – Part I

Today I’m starting with upgrading from v5.0.6.1 tot v5.1.18.
Because of some database corruption we agreed that SiteCore will upgrade the databases(Thank you Alexander Shyba!). For me just the code left :P.

I need to upgrade in total 3 projects:
1. The layouts
2. Some custom workflow actions based on roles
3. A custom client control

At the moment I can’t really imagine yet if there will be very huge problems. Building the stuff will not be the problem, but then I’ve to run trough all the code, looking for preformence issues, bad code, etc.
Now building one big solution so I can easily and fast debug all the stuff.
Will keep you informed about my experiences.

First experiences with FireBird / 5.1.1

For a month of 2 or so, we didn’t start new SiteCore 5 problems.. I’m mean project ;). Too bad, you guess, but for us it means we just can finish the jobs for 2005. What also means that we can start all over with new versions, latest releases, in the start of 2006.
Couple of week ago I configured the latest 5.1.x.x release on my notebook. It was Beta. The main reason was that I’m quite interesting in FireBird and it’s preformence against the XML-Version of SC4 and ofcourse it’s preformence against our mainly preferred database: MS-SQL. The install was quite easy, and then I just had to replace the ‘.Sql(Server)’ part in FireBird. When you look a bit further, you’ll se that SiteCore distributes an web.firebird(FireBird enabled Web.config) with it’s distribution. But even without that, the installation(check SDN) went perfect.

Yesterday I’ve also installed this version on one of our staging-servers. Installed ‘Global Adventures’ and posted the link on on our intranet so it was public for everyone here. And guess what, even the boys from YourZine, you know PHP-Boys in the same company, where impressed!
Some quotes: “It actually does work in FireFox!”, “Wow, looks good, but what can I do with it?”
Or sysop had the funniest reaction: “What is SiteCore actually? I mean, can it be interesting for me? It is an OS isn’t it?”

Well that was everything about the internal reactions. Now about FireBird:
As a matter of fact, I’m highly impressed. The staging server which is serving the pages did even get a higher load after installing FireBird and running it. That was a good start-up :).
Just copied the files(including databases) from my notebook to the server and typed the internal url ‘sitecore511’ in my browser. Boooooom there was the site!
Without any prooblems, without crashing. Just there!

Now testing the DataProvider :).
The first thing what appaers when you just shutdown your FireBird is a nullpointer ‘The device cannot be null’. As a programmer I can image lot’s of devices except the database device. But it is a Beta so I don’t really care.
Then: adding, deletiong, trying to create delete and edit linked items, etc :). Ofcourse I know those features aren’t working yet but why am I not allowed to try ;).

After 20 yellow screens I quite… It seems to be better to test that kind of cruelty on a Stable release, not a Beta…
In Junari I’m going to write a stresstest for SiteCore 5 on the different databases and servers. Then we should be able to compare the databases and versions to each other.

HowTo start working on a Sheer UI

One of the main dificulties when you want to create your (first) Sheer UI is creating a good project.
With these steps you can make an easy, clear ‘workfloor’. Ofcourse you need to have Visual Studio installed(I’m talking about version 2003 now) and you should run a SiteCore 5 local :).

– Create a garbage folder on you desktop: for example ‘My First Garbage collecting folder’
– Now… Open Visual Studio
– File > New > Project
– Select ‘Empty Project’
– Give the project the namespace you want to use. That’s what I recommendate. I would use: Sitecore.Modules.Lectric.[ModuleName]
– Change the Location to the garbage folder on your desktop
– Now click ‘Ok’
– Close you Visual Studio now

– Browse to your Garbage folder and find the folder with the name of your project
– In another window, browse to your local installed Sitecore folder.
– Copy all files on the root of the project folder(in the Garbage folder) to your local installed Sitecore folder, but leave all subfolders untouched.
– Delete the garbage folder now including subfolders
– Now start the project again by doubleclicking on the project/solution file(*.vbproj/*.csproj/*.sln).

– Wait a minute, you’ve already done a lot. Take a cup of coffee ;). You are worth it!

– The only thing you have to do is changing some of the Project Properties. Todo that, just cloick right on the project and select ‘Properties’
– Change the name of the assembly and default namespace to the ones you want. My suggection: Keep them the same as each other. When you default namespace is Sitecore.Module.Lectric.AlexSheerUI, your dll should be Sitecore.Module.Lectric.AlexSheerUI.dll so you should always be able to find delete and manipulate it!
– Also don’t forget to select the default Output Type: Library
– Then select Configuration Properties.
– On the top of your screen next to the label Configuration select ‘Debug’ from the DropDownList. Change the ouput path to bin\
– Do the same as above for the Configuration ‘Release’.

Guess you are ready now to follow the tutorial on SDN: My First Sheer UI. Ofcourse you need to have access to SDN. Just contact your partner, as long as the partner isn’t on of the Dutch partners :P.

Oh yeah, I’ve got two last hints for you fooks!
1. When you use the CodeBeside, you have to inherit your class from the baseclass: Sitecore.Web.UI.Sheer.BaseForm
2. You can access your application directly outside of the client: http://[yourhost]/sitecore/shell/sitecore/content/Applications/[yourapplication].aspx

Soon more, as I’m currently heavy working on my first colelction of cool Sheer UI’s 😉

SiteCore Security: I do it my way – Part II

I’m starting my first serie of blogs in the third week :).
Here’s part two of my experiences with the SecurityModel. This is my reaction to the comment of Lars Nielsen:

I tried to use the SecuritySwitcher. To bad, but I couldn’t find the overloaded Constructor :(. Guess that I can find it in 5.2 or the next release of 5.1.1?
It didn’t really matter because, I guess, it will use Sitecore.Context.Domain to retrieve the UserItem from.:
Sitecore.SecurityModel.UserItem myUser = Sitecore.Context.Domain.GetUser("admin");
using(new Sitecore.SecurityModel.SecuritySwitcher(myUser))
//Your code

So to figure out if the SecuritySwitcher really uses just it’s own state-object in it’s own scope. I wrote some test code. You can download it here(for question about copyrights etc, please see the ‘Legal Notice‘).
I discovert 2 strange ‘functionalities’:
– Default the Sitecore.Context.Security.User is an empty object?! I don’t exactly can understand why this object isn’t filled. When I’m visiting a SiteCore website, I expect that by default my session would use the user ‘Anonymous’.
– When you run the code as a layout you’ll see that when you switch to the Sitecore-domain user ‘Admin’ when you are in the domain ‘Extranet’, you will stay in the domain ‘Extranet’. So Sitecore.Context.Domain.Name gives ‘Extranet’ but Sitecore.Context.Security.User.Domain.Name gives ‘Sitecore’. Isn’t this strange? The samething appears when you login to the user ‘Guest’ in the domain ‘Extranet’ and you change the ActiveWebsite to ‘shell'(so your domain changes to ‘Sitecore’), the Sitecore.Context.Security.User.Domain.Name gives still Extranet.
That’s what I’ve noticed till know.

Note: I’m using Sitecore at the moment. I guess I’ve to upgrade to for solving both problems :P?

SiteCore Security: I do it my way

Since, I customise Sitecore even more and more, I have to work with the SecurityModel in SiteCore.
One of the main issues, when manipulating items, is the full-control access. You can get access, in your code, to nearly everything using those two code snippets:

using (new Sitecore.SecurityModel.SecurityDisabler())
//your code


string userToLogin = "admin";
Sitecore.SecurityModel.DomainAccessResult result = Sitecore.Context.Domain.Login(Sitecore.Context.Domain.GetUser(userToLogin));
if (result.Success)
// your code

// log out for security reasons

By myself I prefer the second option. I know it’s slower(it has to contact the database, to login and create some new object in the ‘Domain-Context’), but that’s not the reason why you should choose for the other in the first place. My argument to choose for the second version is that you will use the SecurityModel in the way it is mentiont to be used. When you need such privileges ofcourse. The security disabler kicks your ass to Redmond where they also thin that by default ‘All Access / No rights defined’ is the best way to manage your security.
Ofcourse when you are manipulating your website at any page request you’ll receive it’s better to give the Extranet domain full access to your databases 😛

Last but not least, a hint, just for free: When you are using the code above, please mention that you carefully have to select your databases! Sitecore will change your current database, after logging in not directly points to the database ‘you want’. Based on the current website, the Sitecore.Context will not change till you change the current website. For more information about current databases, default sites, etc. I would suggest you to take a look at this post of Alexander Shyba, one of the Solution Consultants of Sitecore in the Ukraine.

Media Library… cool if the files are also ‘cool’

One of our customers had a problem with it’s Media Library.
I figures out that some of the files weren’t fisically on the cms-server. So I’ve created a small script which makes it very easy for you to check out the server…
About the code, it isn’t my best code ever, but for only one and a half hour work it’s definitelly good enough :). There are lots of improvements which I want to make in the following 12 years:
– Reading the database from the website section in the web.config(the ones which are linked as content databases, for now it’s just web and master)
– Better solution for retrieving upload-directory
– Improvement of variable names, so it’s also n00b proof 😉
– Export functionality
– Last file-editor name
– Etc…

For cool interfaces you should contact Sitecore. But for functionality, just contact me 😛

I wrote it in the namepase Sitecore.Diagnostics. So I guess it’s also on the good place.

Download it here and enjoy! Merry X-mas by the way.