Friday, 6 May 2016

My notes on security

Basic Authentication in ASP.NET Web API

Internet standard.
Supported by all major browsers.
Relatively simple protocol.
User credentials are sent in the request.
Credentials are sent as plaintext.
Credentials are sent with every request.
No way to log out, except by ending the browser session.
Vulnerable to cross-site request forgery (CSRF); requires anti-CSRF measures.

HMAC: Hash base Message Authentication Code

Data integrity: The data sent by the client is intact and not tampered.
Request origination: The request comes from a trusted client.
Not a replay request: The request is not captured by an intruder and being replayed.

aws: Authenticating Requests Using the REST API

aws api gateway

Azure: Secure ASP.NET Web API 2 using Azure Active Directory

var clientCredential = new ClientCredential(clientId, secret);
 var authContext = new AuthenticationContext("" + Maccount, false);

 AuthenticationResult authenticationResult = authContext.AcquireToken(MclientId, clientCredential);

Tuesday, 12 April 2016

Migrating cloned item to Sitecore 8.1 and above

After migrating content from 7.2 (rev. 140526) to 8.1 (rev. 151003). We noticed Sitecore shows the standard value like $name token instead of original value for unchanged fields on cloned items. Also, “Created from” field on cloned items shows “unknown” instead of linkage to the source item.

As you can see in the following link, Sitecore has introduced a new field named “__Source Item” in version 8.1 to increase the performance of getting item operation for regular and cloned items.

To solve this problem we have to run a query on items and updated the cloned items. After setting the value for “__Source Item” field on cloned items, Sitecore shows the expected values for all of the unchanged fields and showing linkage to source item on “Created from” field.
For having better performance making sure we are not killing the web server I followed the following strategies:

1- Created a new sitecore admin page to update the fields, It's password protected and only accessible to administrators

2- Disabling indexing while updating the cloned items fields

3- Running the updates asynchronously by splitting the update process into 11 tasks (11 threads)

Monday, 25 January 2016

Web forms for marketers missing formItem

I encountered the following issue in our test environment I thought it worth to share it here.
If you get the following issue it means WFFM couldn't find the location of your forms.
By default forms are stores under "/sitecore/system/Modules/Web Forms for Marketers/Website" sitecore item node. The forms root can be overwritten in site node.

To resolve the issue make sure formsRoot is pointing to valid path

<configuration xmlns:patch="">
      <site name="llcomauthortest" patch:before="site[@name='website']" hostName="" virtualFolder="/authortest" physicalFolder="/test" rootPath="/sitecore/content/xxxx/test" startItem="/home" database="master" domain="extranet" allowDebug="true" cacheHtml="true" htmlCacheSize="10MB" enablePreview="true" enableWebEdit="true" enableDebugger="true" disableClientData="false" mvcarea="xxxx" mvcNamespaces="xxxxxx" formsRoot="/sitecore/content/xxxx/Shared/Forms" enableItemLanguageFallback="true" appendSlashes="true" siteResolving="true" />


Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.InvalidOperationException: formItem

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[InvalidOperationException: formItem]
   Sitecore.Form.Core.Configuration.ThemesManager.RegisterCssScript(Page page, Item form, Item contextItem) +822
   Sitecore.Forms.Shell.UI.CreateFormWizard.OnLoad(EventArgs e) +599
   Sitecore.Forms.Shell.UI.InsertFormWizard.OnLoad(EventArgs e) +108

[TargetInvocationException: Exception has been thrown by the target of an invocation.]
   System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor) +0
   System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments) +76
   System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) +211
   System.Reflection.MethodBase.Invoke(Object obj, Object[] parameters) +35
   Sitecore.Web.UI.Sheer.ClientPage.OnLoad(EventArgs e) +337
   System.Web.UI.Control.LoadRecursive() +71
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3178

Thursday, 21 January 2016

All you need to know about creating branch and sending git pull request with Visual Studio Team Services

We can benefit a lot from by simply adding pull request and code review in our process of application development. In my opinion code review should be must and not optional. It may take time to bring everyone on board but every single person can benefit from the change later.

1- Reduce number of bugs because we find bugs early
2- It helps to keep code consistent 
3- More people are across the same user story (business rules, code implementation)
4- Developers have better view and bigger picture of solution
5- Teaching and sharing knowledge on best practices 

Mapping working item and git commit:

It would be a good practice if we ask everyone to add #{work item id} in their commit. It will help to track commits in TFS.
It would be easier for testers/managers to see if any work has been done for the particular bug or task, also it will save time for trouble shooting in future.

If you add #taskID in your commit visual studio team services picks the commit and maps it with work item


Creating New branch:

For creating branch we need to follow the following steps

1-     Switch  to your master branch
2-     Make sure having the latest version on our local
3-     Create a new branch based on  your master branch

Using Team Explorer:

Open Team Explorer  view in visual studio

1-     Switch  to your master branch
open branches tab
2-     Make sure you have the latest version running
right click on your master branch and select checkout

3-     create a branch
right click on the local master branch ( the one you want to create a branch from ) and select New Local Branch from... 

Using visual studio Online:

Go to https://{yourdomain}
Select Project and then click on Code then select Explorer

Using git bash:

Open git bash, go to your repository directory

1-     switch  to your master branch
git checkout feature
2-     make sure you have the latest version by running
git pull origin <master branch name>
3-     create a branch
git checkout –b <branch name>

More read:

Pull Request:

Using team Explorer:

Click on New Pull Request

Using visual studio Online:

Go to https://{yourdomain}
Select Project and then click on Code then select Pull Requests
https://{yourdomain}{project name}

Add Reviewers:

Approve review:

https://{yourdomain}{project name}

More resource:

Friday, 8 January 2016

Are you behind proxy?

node js and proxy

npm config edit --global


or run this following command lines
npm config set proxy http://yourIP:Port/
npm config set https-proxy http://yourIP:Port/

Bower and proxy
add proxy to your .bowerrc file

  "directory": "./packages",
  "proxy": "http://yourIP:Port/",
  "https-proxy": "http://yourIP:Port/",
  "strict-ssl": false


Git and Proxy

git config --global -e

        proxy = http://yourIP:Port/
        sslVerify = false 
        proxy = http://yourIP:Port/

or directly run this following commands

git config --global http.proxy http://yourIP:Port/
git config --global https-proxy http://yourIP:Port/
git config --global strict-ssl false

Showing markers on google map v3 with dynamic zoom level by leveraging sql server to show closest landmarks to the specific latitude and longitude

Latitude measures how far north or south of the equator a place is located. The equator is situated at 0°, the North Pole at 90° north (or 90°, because a positive latitude implies north), and the South Pole at 90° south (or –90°). Latitude measurements range from 0° to (+/–)90°.

Longitude measures how far east or west of the prime meridian a place is located. The prime meridian runs through Greenwich, England. Longitude measurements range from 0° to (+/–)180°.

Well-known text (WKT) is a text markup language for representing vector geometry objects on a map

POINT(Longitude  Latitude )


1- Create a table in sql server database to store all of your landmarks latitudes and longitudes. 
2- Create a web API/Service that gets the position (latitude and longitude) and returns back the list of land marks closest to the point – it’s configurable to set number of expected landmark and radius of search)
3- Implement UI 

Good reads:

Similar scenarios:

Wednesday, 6 January 2016

How to set windows authentication for sitecore websites on IIS

These are few steps that you need to follow to have windows (AD) authentication on your local environment.

1- Add windows Authentication Feature to IIS
2- Enable Windows Authentication
3- For making sure TDS is working as expected enable Anonymous Authentication
4- Add DisableLoopbackCheck to your registery

1.          Click Start, click Run, type regedit, and then click OK.

2.          Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

3.          Right-click Lsa, point to New, and then click DWORD Value.

4.          Type DisableLoopbackCheck, and then press ENTER.

5.          Right-click DisableLoopbackCheck, and then click Modify.

6.          In the Value data box, type 1, and then click OK.

Tuesday, 5 January 2016

How to reuse web forms for marketers forms in sitecore - without coding

The problem that I had to find a solution for was basically our content editors wanted to create a form with WFFM and reuse it on different pages. 
By default if you use page editor and try to insert form. You have two options one is creating a new form and another one is coping form existing form which you will end up with multiple copies of a same form.

The solution that I came up with is 

1- Copy /sitecore/layout/Renderings/Modules/Web Forms for Marketers/Mvc Form and give it a name "Custom Form"

2- Set the Data source location

3- Add the new rendering to place holder settings 
/sitecore/layout/Placeholder Settings/content


When I twitted about my post I got a message from @jammykam that he solved same issue with coding which is nicer approach.

You can read his post here

Saturday, 5 April 2014

Sitecore and BLOB

Sitecore stores images as image type, which it has its own advantages which is listed in following.

1-BLOB data is backed up with the database. Having a single storage system can ease administration.
2-Databases efficiently handle large numbers of small objects

In other hand it has its own disadvantages comparing saving images as File system on hosting on web server or CDN

1-By adding more images to database,  the database size gets a lot larger and retrieving an image from a database incurs significant overhead compared to using the file system
2-You can't do incremental backups with blobs in a database, you can with files on a file-system
3-It makes the database size grow so fast .Disk storage on database servers is typically more expensive than storage on disks used in Web server farms.
4-Big size database takes more administration time to  get backup or restore

based on the research has done by Microsoft ( This study shows that when comparing the NTFS file system and SQL Server 2005 database system on a create, {read, replace}* delete workload, BLOBs smaller than 256KB are more efficiently handled by SQL Server, while NTFS is more efficient BLOBS larger than 1MB.
It’s hard to ask your sitecore content users to upload images smaller than 256KB for better efficiency.

Microsoft introduced a new way of storing blob data in sql server 2008, which combines the benefit of saving images in database and efficiency of using NTFS (

Some experts are saying a valid point that Sitecore caches all the images in the media library, then having images in DB or on file system doesn't affect the web application performance. But, the growing database size is still an issue.

I suggest to change sitecore default setting  and start saving your images as file system and take advantage of it for your next sitecore build.

Sitecore allows you to do it with two simple line of settings .
<setting name="Media.UploadAsFiles" value="true">
<setting name="Media.FileFolder" value="/App_Data/MediaFiles">


Saturday, 1 March 2014

Google + authentication and Facebook authentication with java script (social-authentication-seed)

I started to write a java script wrapper for connecting to social medias like facebook and google +.

You can find the source code at

1- Clone the repository from - if you don't know how to do it check 

2- Open your node js command prompt and go to "social-authentication-seed" folder and then run node scripts\web-server.js

3- Browse http://localhost:8000/app/index.html
4- For using facebook authentication you only need to change appId
To create a new appId go to and create app

5- For using google + authentication you only need to change your clientId

To create a new clientId go to and create a new project
turn on google + from Apis

Then create your clientId from credentials tab

Monday, 17 February 2014

step by step - bootstrapping Angular js

Angularjs is a framework which allows you to have a clean single page apps. It's introduced by Google.
let's bootstrap it first

2- Install you can use any other text editor

3-  Open sublime then select "Add folder to project" from project menu and then select "angular-seed" folder

4- install node.js from

5- Open Node.js command prompt and go to "angular-seed" folder and then run node scripts\web-server.js

6- Open a browser and navigate to http://localhost:8000/app/index.html

Sunday, 16 February 2014

Step by step - clone a repository from Github

1- download and install git - no need to change default settings
If you like to use graphical user interface for git install git extension too

2- Open up Git Bash

3- Create public key and add it to your github account
Follow the steps from

4- Create a folder on local drive for your saving the cloned repositories
for example  C:\My Lab\Cloned projects

5- to switch to a drive type following in the git bash
cd c:

6- then you need to switch to the folder type
type cd my then press tab and as you can see in the following image. It completes the name of folder for you

7- Open a repository page from github website like
and copy the ssh clone url

8- type git clone and right click on the git icon on the top bar of Git bash window then select edit then paste the clone url
for example :
git clone

Thursday, 6 February 2014

Should you upgrade your Sitecore from 6.5 to 7.1?

I recently had a chance to work with sitecore cms. Our client requested to upgrade their CMS so they would be able to use the newly added functionality of sitecore.
After we upgraded our sitecore I was quiet surprised that we found a few bugs in their system. The good news is their support team helped us and the bugs are fixed now.
If you decided to upgrade your sitecore my recommendation to you is to add at least a week of buffer to your estimation.

Thursday, 13 December 2012

How to fix common errors in sitecore

How to fix common errors in sitecore

Check Connection strings in \Website\App_Config\ConnectionStrings.config

The network path was not found
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.Exception Details: System.ComponentModel.Win32Exception: The network path was not foundSource Error: 

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace: 

[Win32Exception (0x80004005): The network path was not found]

[SqlException (0x80131904): A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)]
   System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection     owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection) +671
   System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection     owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection) +116
   System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection) +1012
   System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions) +6711619
   System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry) +152
   System.Data.SqlClient.SqlConnection.Open() +229
   System.Web.DataAccess.SqlConnectionHolder.Open(HttpContext context, Boolean revertImpersonate) +150
   System.Web.DataAccess.SqlConnectionHelper.GetConnection(String connectionString, Boolean revertImpersonation) +4874450
   System.Web.Security.SqlMembershipProvider.GetUser(String username, Boolean userIsOnline) +1729
   Sitecore.Security.SitecoreMembershipProvider.GetUser(String username, Boolean userIsOnline) +51
   System.Web.Security.Membership.GetUser(String username, Boolean userIsOnline) +175
   Sitecore.Security.Domains.Domain.CreateAnonymousUserIfNeeded() +56
   Sitecore.Pipelines.Loader.EnsureAnonymousUsers.Process(PipelineArgs args) +143
   (Object , Object[] ) +80
   Sitecore.Pipelines.CorePipeline.Run(PipelineArgs args) +191
   Sitecore.Nexus.Web.HttpModule.Application_Start() +160
   Sitecore.Nexus.Web.HttpModule.Init(HttpApplication app) +619
   System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers) +530
   System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context) +304
   System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr     appContext, HttpContext context) +404
   System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext) +475

[HttpException (0x80004005): A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)]
   System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +12881540
   System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +159
   System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +12722601

It’s because .net framework 4.5 is installed on the server
Change the  \Website\Web.config

<setting name=”Login.RememberLastLoggedInUserName” value=”false” />

 Server Error in '/' Application.

Object of type 'System.Int32' cannot be converted to type 'System.Web.Security.Cryptography.Purpose'.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.ArgumentException: Object of type 'System.Int32' cannot be converted to type 'System.Web.Security.Cryptography.Purpose'.

Source Error: 
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace: 
[ArgumentException: Object of type 'System.Int32' cannot be converted to type 'System.Web.Security.Cryptography.Purpose'.]
   System.RuntimeType.TryChangeType(Object value, Binder binder, CultureInfo culture, Boolean needsSpecialCast) +185
   System.Reflection.MethodBase.CheckArguments(Object[] parameters, Binder binder, BindingFlags invokeAttr, CultureInfo culture, Signature sig) +122
   System.Reflection.RuntimeMethodInfo.InvokeArgumentsCheck(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) +206
   System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) +126
   Sitecore.SecurityModel.Cryptography.CookieProtectionHelperWrapper.Encode(CookieProtection cookieProtection, Byte[] buf, Int32 count) +175
   Sitecore.sitecore.login.LoginPage.WriteCookie(String name, String value) +94
   Sitecore.sitecore.login.LoginPage.Login_LoggingIn(Object sender, LoginCancelEventArgs e) +133
   System.Web.UI.WebControls.Login.AttemptLogin() +108
   System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e) +93
   System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +84
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3804

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.17929

Thursday, 20 September 2012

How I solved 'permission to view' issue after publishing my website with git to windows Azure website

I  published my website (MVC 3.0) with git to Azure for the first time. when I browsed my website I got the following message:

You do not have permission to view this directory or page.

After spending an hour. I tried to publish it with .net by using publish profile. After following the  publish steps.I noticed that in the preview tab. It returns an error when you click on preview. I had broken js file in my solution.after removing that. everything works fine.

My solution for you if you got the same error
1- Build your solution in release mode.
2- Try to publish it with using publish option of project then check if you can preview all the files.


Wednesday, 19 September 2012

How to set function keys in windows to do the standard functions on mac!

I started to use windows on mac through boot camp. It's so weird, but it feels really great. The horrible thing is function keys don't work as you expected unless you do the following steps.

1- Open Boot Camp
2- Go To Keyboard Tab
3- Select the check box : Use all F1, F2, etc. keys as standard function keys.


Friday, 7 September 2012

Add or Update KeyValuePair in Dictionary


What's the easiest way to add new key or update its value if it's already exists?

you can check if the key contains in the keys collection and then update the value of key and if the key doesn't exists you can add new item, but is it a best way ?


var tempDic = new Dictionary<string, string>();
if (tempDic.ContainsKey("Key1"))
tempDic["key1"] = "value";

The best way is :

var tempDic = new Dictionary<string, string>();
tempDic["key1"] = "value";

you cannot use Add(TKey key, TValue value) method and you will get the following exception