Monday, June 25, 2018

Securing Access to Your MongodDB Databases

Recently I needed to setup authentication to my mongodb databases which used by Sitecore xDB.

I found following article written by @ankitjoshi2409 which was very helpful and informative.

Below i'm trying to mention the extra steps and some improvements that I did to fully secure our mongoDB instance.

To achieve that, first you need to open Windows Powershell in your MongoDB installed server and run the following commands as necessary.

#Connect to mongo server
> mongo

 #Switch database to "admin" database
> use admin

#Create root user
> db.createUser({

#Verify user with given password created correctly. This command should return "1" if authentication successful
> db.auth("admin", "adminPwd")

#Adding user to access other databases collections. We are creating the user in the "admin" database and give read/write permission to access all 4 xDB databases for this user.

> db.createUser(
    user: "mongouser",
    pwd: "mongoPwd",
    roles: [
        role: "readWrite",
        db: "Sitecore_analytics"
        role: "readWrite",
        db: "Sitecore_tracking_live"
        role: "readWrite",
        db: "Sitecore_tracking_history"
        role: "readWrite",
        db: "Sitecore_tracking_contact"

As you can see, we created the user in the "admin" database and gave necessary read/write permission for sitecore xDB databases for that user. This approach is recommended by MongoDB instead of creating the same user on each and every database.
If you intend to have a single user with permissions on multiple databases, create a single user with roles in the applicable databases instead of creating the user multiple times in different databases.  

So, now we have created users and assign correct database permissions for those users, its time to adjust our Sitecore connection string.

<add name="analytics" connectionString="mongodb://mongouser:mongoPwd@localhost:27017/Sitecore_analytics?authSource=admin" />
  <add name="" connectionString="mongodb://mongouser:mongoPwd@localhost:27017/Sitecore_tracking_live?authSource=admin" />
  <add name="tracking.history" connectionString="mongodb://mongouser:mongoPwd@localhost:27017/Sitecore_tracking_history?authSource=admin" />
  <add name="" connectionString="mongodb://mongouser:mongoPwd@localhost:27017/Sitecore_tracking_contact?authSource=admin" />

Note that "?authSource=admin" at the end of each connection string. This is to inform mongoDB server that the authentication user is created under "admin" database and use that user for the authentication.

Securing MongoDB Server Access by Disabling Anonymous Access

Once you have confirmed your sites are running with new mongoDB users/passwords, its time to disable anonymous access to your mongoDB database.

To do that,

1. Open you mongoDB configuration file (usually named as mongod.conf OR under your mongoDB installed folder and add following link
             authorization: enabled

2. Restart your MongoDB service to changes to take effect

Happy Sitecore !!!

Monday, May 28, 2018

Sitecore User Group Conference - India - 2018

It was the first User Group Conference in Asia, "SUGCON India - 2018" -

Organized by Sitecore and sponsored by Microsoft & Horizontal Integration, around 200 participated for the event. As the first time organized in Asia region, it was a huge success.

I was given the task of doing the first technical presentation of the conference to start the technical track. (

Note: Special thanks to Akshay Sura for encouraging me to do this presentation and to Akshay, Pieter Brinkman and Rob Earlam for all the hard work put to organized the event.

My session was titled "Taking Sitecore Headless with Sitecore JSS", where I discussed newly introduced module in Sitecore - Sitecore JavaScript Services. It is the first step by Sitecore to implement/provide Headless CMS architecture features into Sitecore Experience Management System.

You can find presentation slides from my presentation from here

Also, there were other great presentations which provided valuable information to all the participants. You can find all those events slides from below link.

All and all, it was a great experience. Meeting all the great & friendly people from India...

Hope to see you all next time...

Wednesday, January 31, 2018

SitecoreFootsteps Chaturanga Ranatunga Wins Sitecore “Most Valuable Professional” Award 2018

Elite distinction awarded for exceptional contributions to the Sitecore ecosystem

COLOMBO, SRI LANKA — 31, January, 2018 — Chaturanga Ranatunga also know as SitecoreFootsteps, today announced that Chaturanga Ranatunga, Independent Sitecore Consultant has been named a “Most Valuable Professional (MVP)” in the Technology by Sitecore®, the global leader in experience management software. Chaturanga Ranatunga was one of only 208 Technology MVPs worldwide to be named a Sitecore MVP this year.

Now it its 12th year, Sitecore’s MVP program recognizes individual technology, strategy, and commerce advocates who share their Sitecore passion and expertise to offer positive customer experiences that drive business results. The Sitecore MVP Award recognizes the most active Sitecore experts from around the world who participate in online and offline communities to share their knowledge with other Sitecore partners and customers.

This is 3rd consecutive year that I received Sitecore Technology MVP award and the only person from Sri Lanka to win Sitecore MVP award. - SitecoreFootsteps, Chaturanga Ranatunga

“The Sitecore MVP awards recognize and honor those individuals who make substantial contributions to our loyal community of partners and customers,” said Pieter Brinkman, Sitecore Senior Director of Technical Marketing. “MVPs consistently set a standard of excellence by delivering technical chops, enthusiasm, and a commitment to giving back to the Sitecore community. They truly understand and deliver on the power of the Sitecore Experience Platform to create personalized brand experiences for their consumers, driving revenue and customer loyalty.”

The Sitecore Experience Platform™ combines web content management, omnichannel digital delivery, insights into customer activity and engagement, and strategic digital marketing tools into a single, unified platform. Sitecore Experience Commerce™ 9, released in January 2018, is the only cloud-enabled platform that natively integrates content and commerce so brands can fully personalize and individualize the end-to-end shopping experience before, during, and after the transaction. Both platforms capture in real time every minute interaction—and intention—that customers and prospects have with a brand across digital and offline channels. The result is that Sitecore customers are able to use the platform to engage with prospects and customers in a highly personalized manner, earning long-term customer loyalty.

More information can be found about the MVP Program on the Sitecore MVP site: 

Friday, November 10, 2017

Sitecore Symposium & MVP Summit 2017 - Las Vegas

This years (2017) Sitecore Symposium was at The Mirage Hotel, Las Vegas which was attended by around 3000 Sitecore customers/partners/employees. ( Sitecore Symposium is the main event of the year organized by Sitecore.

Sitecore was generous to provide all the Sitecore MVPs who attended the Sitecore Symposium with a chance to take newest Sitecore 9 Certification examination for free.

I was also able to do the online Sitecore 9 course and take the certification examination at the Symposium. And got pass with 98% pass mark for the examination, highest marks with few other MVPs from the first batch of people who took Sitecore 9 certification.

After attending the Sitecore Symposium, Sitecore MVP Summit started. Sitecore MVP Summit is the event organized by Sitecore to provide insights into Sitecore product and future plans to Sitecore MVPs. This was one and half-day event which also organized at The Mirage Hotel, Las Vegas.

After keynotes by Sitecore product teams, we attended the Sitecore MVP party which was organized at the TopGolf at Las Vegas. It was a fun event.

Overall, it was fun week with lot of knowledge sharing and also meeting all the Sitecore community friends.

Until next Sitecore Symposium & MVP Summit, Happy Sitecore !!

Saturday, November 4, 2017

Sitecore 9 Admin Tool to View Config Layers & Config Roles

With the latest release of Sitecore 9, Sitecore has introduced lots of good changes to config file patching. These includes categorizing configurations to Configuration Layers & Configuration Roles.

+Kamruz Jaman has written a great blog post on what are these new changes here

With these new additional configuration patching options, it might be bit difficult to track which configs are patch to which Configuration Layers OR which Configuration Role.

But not to worry.

Sitecore has provide a new Sitecore admin tool, Showconfiglayers.aspx, which will allow you to view the configurations filter by Configuration Layers, Configuration Roles or any combination of those.

For example, if you have selected following options and click on the "click to see result configuration" link, a new webpage will be open with showconfig.aspx file with the selected filters added as query string parameters.


Also, it support custom configuration roles also, by allowing you to add those into filters. 

Just type the custom role into text box and click "Add role" button. 

As I mention earlier, this new showconfiglayers.aspx file will open showconfig.aspx file with those selected Config layers & config roles added as query string parameters. So, most easiest way is to directly type those parameters into good old showconfig.aspx admin tool url, which should provide you with the same results.


UPDATE : 05/11/2017There is an official documentation regarding the same topic which I found today, you can refer it from following url

Happy Sitecore!!

Thursday, November 2, 2017

Validate Sitecore Web Forms for Marketers Telephone field for Length

I know Sitecore Web Forms for Marketers module will be deprecated with Sitecore 9 release, with the introduction of Sitecore Forms module.

Nevertheless I thought to write a quick post on a recent simple issue that I had to try and find a solution for.

In one of my current projects, I had to add a length validation to Telephone field in WFFM form.

So, I just added another validation to Telephone field definition item in WFFM (see Image-1).

Image-1 : Adding "count chars" validation to Telephone field

Then I tested the form. Even thought validation worked, it was considering 0 as Minimum Length & 256 as Maximum Length of that field value. There were the default values define for Single-line text field class in Sitecore.

Even though we can see Minimum Length & Maximum Length fields for WFFM Single-line text field (see in image-2), WFFM Design interface for Telephone field does NOT display any Minimum Length & Maximum Length field (see image-3).

Image-2 : WFFM Single-line Text Field Design Interface

Image-3 : WFFM Telephone Field Design Interface

But, If you look at the Telephone field definition in WFFM (see Image-4), you can see it is using "Sitecore.Forms.Mvc.ViewModels.Fields.TelephoneField,Sitecore.Forms.Mvc".

Image-4 : Telephone Field Definition Item

So, once I looked into the code base for that class by decoding the Sitecore.Forms.Mvc.dll, I could see it was extending the Single-line text field class (see Image-5)

Image-5 : TelephoneField Class

So, as you know, SingleLineTextField is created to use Maximum Length & Minimum Length properties.

Finally, to get these length validations to work, all I had to do is add following parameters to "Parameters" field of that Telephone field item (see Image-6)


That was it. After that, Telephone field validation works as I needed with 10 characters as Minimum Length and 15 characters as Maximum length.

Hope this helps to someone ! :-)

Sunday, August 20, 2017

Useful Extra Settings to be used with Multi-Site Clones

Recently we worked on a Sitecore solution where Clones are in multi-site scenario with each site have its own home node. So, for example, blogs that are created in global Home node is migrated to country home nodes.

Force Update on Clones

One major option that was useful in this scenario was Auto Accepting changes done to the source item in clones. Otherwise editors have to go into clone items and accept changes if any modification done to the source items.

This feature was added to most recent releases by default, but some older releases needs code implementation to get this functionality to work. Following article in Sitecore knowledge base explains this.

The setting which should be enable displays below

<setting name="ItemCloning.ForceUpdate" value="true"/>  

Inherit Workflow State to Clones

Next important setting to be set was making the clone items inherit the workflow status from the source item. This should be set to true to prevent any unwanted items getting published to publich website. In my opinion, this setting should be set to true by default by Sitecore.

<setting name="ItemCloning.InheritWorkflowData" value="true"/> 

Delete Clones when Original Item Deleted

Setting this one depends on your project requirement. But, in our scenario we didn't wanted to keep the clones when original items were deleted. So, we set the following setting to true.

<setting name="ItemCloning.DeleteClonesWithOriginalItem" value="true"/> 

Relink Clones to Its Sub Tree

This is also an important setting to be set to true. When in a multi-site scenario with multiple home nodes for each site, it is NOT enough to just clone the items into country nodes. Those item links should also be pointing to its own home node paths.

By default this setting is set to false. We enabled it in our site

<setting name="ItemCloning.RelinkClonedSubtree" value="true" />