Skip to content

Instantly share code, notes, and snippets.

Avatar

Grant Killian grant-killian

View GitHub Profile
View SitecoreSecurityPatch.SC2019-001-302938.ps1
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
Import-Module WebAdministration
$url = "https://kb.sitecore.net/~/media/7A638A36A71D4494981A8655E297AD23.ashx?la=en"
$tempLocation = "C:\tempLocation"
$zippedPatch = "$tempLocation\SitecoreSupportPackage.302938.zip"
$unzippedPatch = "$tempLocation\SitecoreSupportPackage"
$sitecoreRoot = "C:\InetPub\Your\Sitecore\Website"
if (!(Test-Path $tempLocation))
@grant-killian
grant-killian / UpdateIdentityServerHashAlgorithm.ps1
Last active Jan 2, 2019
Update Sitecore's Identity Server to use a more robust hash algorithm for .Net membership. See https://grantkillian.wordpress.com/2019/01/02/sitecore-commerce-security-hardening-note/ for more context.
View UpdateIdentityServerHashAlgorithm.ps1
$siteNamePrompt = Read-Host "enter Identity Server website name"
$site = get-website -name $siteNamePrompt
$appSettingsPath = "{0}\wwwroot\appsettings.json" -f $site.physicalPath
<# replace:
"PasswordHashAlgorithm":"SHA1"},
with:
"PasswordHashAlgorithm":"SHA512"},
@grant-killian
grant-killian / ReferenceSample.sc.publishing.xml
Last active Dec 17, 2018
I discuss this at https://grantkillian.wordpress.com/2018/12/17/how-i-add-custom-sitecore-publishing-service-targets/. Essentially, there are 3 main locations to update the sc.publishing.xml file to support additional publishing targets. This sample illustrates the 3 (under Publishing/ConnectionStrings, under Services/DefaultConnectionFactory/Op…
View ReferenceSample.sc.publishing.xml
<?xml version="1.0" encoding="UTF-8"?>
<Settings>
<Sitecore>
<Publishing>
<InstanceName>${SITECORE_InstanceName}</InstanceName>
<ConnectionStrings>
<Service>${Sitecore:Publishing:ConnectionStrings:Master}</Service>
<!-- Add any additional publishing targets you may use (first location for changes to this file) -->
@grant-killian
grant-killian / ArtifactTableRetentionPatch.config
Last active Dec 10, 2018
For tuning data retention rules (beware of the alpha order in which .config files are processed)
View ArtifactTableRetentionPatch.config
<?xml version="1.0" encoding="utf-8" ?>
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/" xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<sitecore>
<scheduling>
<agent type="Sitecore.Tasks.CleanupEventQueue, Sitecore.Kernel">
<patch:delete />
</agent>
<agent type="Sitecore.Tasks.CleanupEventQueue, Sitecore.Kernel" method="Run" interval="01:00:00">
<IntervalToKeep>06:00:00</IntervalToKeep>
</agent>
View ConfigureSitecoreCommerceJSON.ps1
<#
Author: Grant Killian
Created Date: Sept 1, 2017
Ease the human-error potential in step 3 and 4 covered at http://commercesdn.sitecore.net/SitecoreCommerce/DeploymentGuide/en-us/index.html#Concepts/c_M_ChangesToDefaultSettings.html
For repetitive installs, it's a pattern that can be used to update a site name etc, too. Here I focus on the SQL Server and Sitecore credentials but other settings could be updated too (just be certain you have the right pattern to match/replace).
#>
$dbServer ="your db server" #for Azure SQL, something like "qa2-proj-sql.database.windows.net,1433" is what you'd use
$dbuser ="SQLuser"
$dbpwd = "secret"
View SecureSitecoreConnectionStrings.ps1
<#
Note:
- The encyption is specific to each server, so this needs to be run separately on every IIS server
- ASPNet_RegIIS requires a web.config file to operate, so we have to massage our Sitecore .config into a web.config format it will understand
Steps:
1) Copy current Connectionstrings.config to a file named "web.config"
2) insert <configuration> node surrounding the <connectionStrings> XML
3) run this new web.config file through aspNet_RegIIS...
@grant-killian
grant-killian / ResetSitecorePassword.aspx
Last active May 5, 2017
Example of how we would reset the sitecore\admin password after changing the Membership hash algorithm
View ResetSitecorePassword.aspx
<%@ Page Language="C#" AutoEventWireup="true" %>
<script runat="server">
protected void Page_Load(object sender, EventArgs e)
{
MembershipUser user = Membership.GetUser(@"sitecore\admin", false);
/*
@grant-killian
grant-killian / gist:c734e7287f7c27182182ed9d17d29730
Last active Nov 11, 2016
Sitecore perf counter installation
View gist:c734e7287f7c27182182ed9d17d29730
$zipFileURI = "https://your.cdn.with.the.Sitecore.zip.resources/sitecorecounters%207.5.zip"
$stageFolder = "C:\staging"
if( !(test-path $stageFolder) )
{
mkdir $stageFolder
}
$downLoadZipPath = $stageFolder + "/SitecoreCounters.zip"
Invoke-WebRequest -Uri $zipFileURI -OutFile $downLoadZipPath
View Rackspace9stepSitecoreSecurityHardening.ps1
<#
Author(s): Bruce Lee, Grant Killian, Kelly Rusk, Jimmy Rudley
Created Date: August 4, 2016
Modified Date: May 3, 2017
This is the Rackspace Managed Services for Sitecore (https://www.rackspace.com/digital/sitecore) script for security hardening a Sitecore environment
If the Execution Policy does not allow execution, you may need to run the following interactively to allow a scoped session bypass.
This is secure as it requires interaction on server and cannot be executed from a script:
@grant-killian
grant-killian / Rackspace.SecurityHardening.Step8.ProtectMediaRequests.config
Last active Aug 5, 2016
Set Media.RequestProtection.SharedSecret in the App_Config/Include/Sitecore.Media.RequestProtection.config file. This ensures a unique key to your implementation, instead of using the common OOTB key provided by the Sitecore installation. Be sure to use the *same* key for all the Sitecore servers in the solution!
View Rackspace.SecurityHardening.Step8.ProtectMediaRequests.config
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/">
<sitecore>
<settings>
<setting name="Media.RequestProtection.SharedSecret">
<patch:attribute name="value">your-implementation-custom-guid-here</patch:attribute>
</setting>
</settings>
</sitecore>
</configuration>
You can’t perform that action at this time.