Sunday, July 5, 2015

Design native mobile Apps in C# with Sitecore and Xamarin


Now build your mobile app in c# with Sitecore on Xamarin platform.
It's really very easy to develop and deploy the native mobile app for  c# developer on xamarin platform.

Recently Sitecore has announced the partnership with xamarin, Sitecore mobile SDK for xamarain is available for mobile app development in c#. For more information on this visit

In this article I am focusing on how we can start with xamarin development, including architecture, installation, development, calling Sitecore Web APIrest service and bug fixing.

Architecture:



Xamarian framework allows to develop native app using c# with Sitecore. sitecore expose Sitecore web item api to communicate with the xamarain using mobile SDK.
The SDK core conforms to the PCL (Portable Class Library) standard and has some platform specific plug-ins that are used to secure an end user's credentials.
All client-server communication is performed via the Sitecore Item Web API service.



Xamarian installation:
If you are new to Xamarin framework so visit the site http://xamarin.com/ and download Xamarin for window  http://xamarin.com/download download for windows




It's available for 30 day trial version after the sign up process.
Once we download the XamarinInstaller next step is to install the xamarian after installing the xamarian now  xamarian studio is available for native app development.





Choose a template>


Configure the project >


Create the project by entering any name>



Once you create the project, project file will open.


Notice that you can debug the native app by the simulator and any device.
For use simulator, we need to download the android player or use an existing supported device which is available in the framework itself.
Here we can download the device simulator  https://xamarin.com/android-player
Now all installations have been done and application is ready to run on simulator have a look on the device:





Now we are going to call the Sitecore API, once you have connected with Sitecore then we can use all operations that are available in the Sitecore Web API

We need to add below code to call the Sitecore API








using (var credentials = new SecureStringPasswordProvider(“username”, “password”)) // securing credentials, entered by the end user
using
(
  var session = SitecoreWebApiSessionBuilder.AuthenticatedSessionWithHost(instanceUrl)
    .Credentials(credentials)
    .WebApiVersion("v1")
    .DefaultDatabase("web")
    .DefaultLanguage("en")
    .MediaLibraryRoot("/sitecore/media library")
    .MediaPrefix("~/media/")
    .DefaultMediaResourceExtension("ashx")
    .BuildSession()
) // Creating a session from credentials, instance URL and settings
{
  // In order to fetch sample content we have to build a request
  var request = ItemWebApiRequestBuilder.ReadItemsRequestWithPath("/sitecore/content/home")
  .AddFieldsToRead("text")
  .AddScope(ScopeType.Self)
  .Build();

  // And execute it in a session asynchronously
  var response = await session.ReadItemAsync(request);

  // Now that it has succeeded we are able to access downloaded items
  ISitecoreItem item = response[0];

  // And content stored in its fields
  string fieldContent = item["text"].RawValue;
}


Important: Bug Fixing

If you are running your app with using local Sitecore hosting then you face the below exception, because the app is running on a device over the internet and not resolve remote server

System.Net.WebExceptionStatus.NameResolutionFailure

Solution:
Need to Configure Remote Access to IIS Express:

By default, Windows 8 and IIS Express will not accept remote connections. Before any remote devices, such as an Android device or an iPhone can communicate with our WCF service we must make the following changes:

  1. Configure IIS Express to Accept Remote connections - This step involves editing the config file for IIS Express to accept remote connections on a specific port and then setting up a rule for IIS Express to accept the incoming traffic.
  2. Add an Exception to Windows Firewall - We must open up a port through Windows Firewall that remote applications can use to communicate with the WCF service.

You will need to know the IP address of your workstation. For the purposes of this example we'll assume that our workstation has the IP address 192.168.1.143.

Let's begin by configuring IIS Express to listen for external requests. We do this by editing the configuration file for IIS Express at %userprofile%\documents\iisexpress\config\applicationhost.config, as shown in the following screenshot:

Locate the site element with the name HelloWorldWcfHost. It should look something like the following XML snippet:
<site name="HelloWorldWcfHost" id="2">
    <application path="/" applicationPool="Clr4IntegratedAppPool">
        <virtualDirectory path="/" physicalPath="\\vmware-host\Shared Folders\tom\work\xamarin\code\private-samples\webservices\HelloWorld\HelloWorldWcfHost" />
    </application>
    <bindings>
        <binding protocol="http" bindingInformation="*:9607:localhost" />
    </bindings>
</site>

We will need to add another binding to open up port 9608 to outside traffic. Add the following XML to the bindingselement:

<binding protocol="http" bindingInformation="*:9608:192.168.1.143" />

This will configure IIS Express to accept HTTP traffic from any remote IP address on port 9608 on the external IP address of the computer. This above snippet assumes the IP address of the computer running IIS Express is 192.168.1.143. After the changes, the bindings element should look like the following:

<site name="HelloWorldWcfHost" id="2">    <application path="/" applicationPool="Clr4IntegratedAppPool">        <virtualDirectory path="/" physicalPath="\\vmware-host\Shared Folders\tom\work\xamarin\code\private-samples\webservices\HelloWorld\HelloWorldWcfHost" />    </application>    <bindings>        <binding protocol="http" bindingInformation="*:9607:localhost" />        <binding protocol="http" bindingInformation="*:9608:192.168.1.143" />    </bindings></site>
1     Next, we need to configure IIS Express accept incoming connections on port 9608. Startup up an administrative command prompt, and run this command:

         >> netsh http add urlacl url=http://192.168.1.143:9608/ user=everyone

   The final step is to configure Windows Firewall to permit external traffic on port 9608. 

    From an administrative command prompt, run the following command:

>> netsh advfirewall firewall add rule name="IISExpressXamarin" dir=in protocol=tcp localport=9608 profile=private remoteip=localsubnet action=allo

         This command will allow incoming traffic on port 9608 from all devices on the same subnet as the Windows 8 workstation.

     I hope this article will help you :)

    Happy Sitecoring...






Monday, May 11, 2015

How to Make Sitecore Architecture More Powerful !

How to make Sitecore architecture more powerful!

Architecture begins where engineering ends. - Walter Gropius

Architecture is as important in software development as it is in building construction. No one breaks ground on a building without any plans and good architect.

With the non-functional requirements captured, the next step is to start thinking about how you're going to solve the problems set out by the stakeholders and define the architecture.

The architect should be very careful about IA architecture and initial back grounding of the project. He/she should know all the alternative and pros/cons of the technology and of course cost.
Architecture definition is about introducing structure, guidelines, principles and leadership to the technical aspects of a software project. So here I am adding some point that can help the Sitecore architect to build a robust system.

There are total 24 points that every Sitecore Architect Should Know:

1.       Identify the scope of the project: scope of the project must decide at the very begging  of the any project so accordingly we can design/architect the application, below are some few sample questions that needs to be asked for a customer for Sitecore applicable:
·         How will the website use the content?
·         Scope of data migration?
·         Scope of Web Forms?
·         Scope of any third party integration like CRM, Sales-force, Facebook
·         Infrastructure requirement would be on cloud or physical servers?
·         Any specific performance required?
·         Any rapid development requires like campaign etc.
·         Scope of multi-lingual and multi-site?
·         Scope of DMS, what type of reporting they want?
·         What kinds of content items exist?
·         What types of content elements will appear consistently on multiple pages (also known as reusable content)?
·         Where does the aforementioned, reusable content come from?
·         Does the reusable content display different content on different pages?
·         Does the system display content from other systems?
·         How do you integrate the content from the other systems?
·         Is the solution multilingual? If so, does the content on the multilingual versions differ?
·         What kinds of users will have access to the CMS?
·         What website regions or content types will each user have access to?

2.       Choose the Right Sitecore version:
Always choose the right version of Sitecore, before project getting started. It’s not always good to implement the latest version of Sitecore, it should be decided after considering the factors below
·         Team strength
·         Product version maturity and stability
·         Cost
·         Scope and timeline of the Project.
3.       Selection of technology:
Web Forms and MVC are two different approaches for building Sitecore application
Both can be excellent choices, and both can be very bad choices,
Depending the requirements of the application and the knowledge and experience of the team on technology.
4.       Setup Sitecore project and code deployment methodology:
There are two ways to set up the visual studio solution with Sitecore. Your solution is fully coupled with the Sitecore web site. Your solution is outside of Sitecore's website and you use some post build process to deploy. For more information please visit at http://sitecoresolution.blogspot.in/2015/02/setup-sitecore-development-environment.html
And it’s always recommended to keep your project outside the root directory
5.       Identify the build deployment process:
Architect need to be decided which methodology should be used for deployment purpose, obviously the cost can be the most important factor like TDS has license cost over serialization or package creation methodologies.
6.       Use of Sitecore Rocks: its need to be decided that Sitecore rock would be used in the project or not. Sitecore itself recommends using this tool for rapid development.
7.       Responsive design framework:  RWD is very common now’s a day, it need to be decided which framework would use for responsive design like bootstrap, htm5 etc. So, accordingly resource and design would be finalized.
8.       Third party integration: It should be proper planning for any third party integration with Sitecore application like CRM, Sales force, etc., so, accordingly IA architecture and solution can be designed.
9.       Defining IA: Information architecture design can be as significant as the coding of a CMS solution. Below are some important aspect that should be considered 
10.   Scope of DMS: Sitecore layout, template, DB design (Mongo-DB in Sitecore 7.5 or later) must be designed based on the DMS scope like personalization, email campaigning etc.
11.   Search selection: search is the backbone of any ECM system, so need to decide very carefully which search pattern or framework should be implemented like Lucence, Solr, Coveo, custom search pattern. You can find some  information on Coveo search here http://sitecoresolution.blogspot.in/2014/09/coveoindustrys-most-advanced-sitecore.html

12.   Setting multiple site solution: It is possible to have multiple sites in the same solution in Sitecore, but there are a few pitfalls and issues which need to be taken care while developing the solution.
13.   Identify the multi-lingual solution: Architect also needs to consider the factor of multi-lingual solution while creating an IA including template, layouts, presentation and standard value.
14.   Publishing architecture: publishing is very time consuming process in Sitecore application, sometime we required the dedicated Sitecore instance for publishing task to avoid long queue.
So here we need to decide and set up the accordingly
15.   Setup multiple CM and CD: By default, each Sitecore instance provides both content management (CM, for CMS users maintains the managed sites) and content delivery (CD, for visitors to those managed sites). But we can separate the CM and CD facilities into separate environments, typically involving separate servers. It’s always recommended to keep separate the CM and CD environment. Below are some advantage of separating CM and CD:
·         Scalability
·         Performance
·         Security
·         Administration
16.   Handling media library: we can manage a media library within Sitecore by two ways either in
Database or file system. Both have pros and cons so, at the time of designing the project we need to decide the best approach. Also, we need to consider some cloud based approaches like DAM with Sitecore etc.
17.   Caching implementation: Cache plays very important role in website performance. So, an understanding of all Sitecore caches is really important before implemented. If we understand all of them, then it would be easy to do performance tuning using cache settings.
18.   Web form implementation: architect also needs to identify the web form marketer scope and find out how it compatible with MVC.
19.   Logging mechanism: Sitecore uses log4net for its logging purposes, but in some situations we need to build a custom logging mechanism. One of the most common scenarios would be a multi-site solution in which the standard log will become huge and finding the exact trace information becomes painful. so we need to consider this factor at the time of designing the architecture of the application.
20.   Error handling in Sitecore: we need to consider various levels of exception/error handling like Custom Errors, Try... Catch... Finally Blocks, XSL Exception Management, Web Forms Exception Management, MVC Exception Management, Application (Global) Exception Management, Error Pages, Managing Exceptions. So after taking all error handling, need to decide the base architecture where it should be forcefully implemented.
21.   Sitecore customization: architect needs to identify the scope of customization in Sitecore like pipeline and some UI customization so accordingly template and project should be modified from the very beginning of the project.
22.    Consider Sitecore performance: Sitecore IA plays a very important role in performance point of view, below are some points that need to be considered for optimization purpose of the application:
·         Avoid Item which has more than 100 items.
·         Caching tuning
·         Enable CSS, JS Caching, Compression
·         IA architecture (avoid creating items with hundreds of children
·         Optimization in publishing wizard
·         Prevent use of Get Descendants
·         IIS level optimization
23.   Sitecore security:  Sitecore provides a comprehensive security infrastructure that you can use to secure any item in any Sitecore database. An architect should know all the aspect of Sitecore security and should implement at the time of designing the application. Sitecore also provides additional functionality that enables you to use Microsoft Dynamics Customer Relationship Management (CRM) and Active Directory (AD) for authentication.
Below are the some security topics that need to be considered at the time of designing the site.
·         Access rights
·         Users
·         User profile
·         Roles (groups)
·         Domains
·         Security inheritance
24.    Scope of data migration: scope of data migration requirement should be handled from beginning of the project here you can find the complete details on this topic.


I Hope this article will help you.

Happy Sitecore !!


Friday, May 8, 2015

Think before GO-Live - Check Sitecore Security First


All development has been done and planning to GO-Live? Stop thinks about security. Security is the major concern for any web application and it should be well implemented to avoid any vulnerability, security itself is a very big topic and difficult to implement from all aspect but yes we can secure our site as much as possible.

Is your Sitecore application secure? Ask this question again and again, what all are the check-list have followed for better security of the system?


Even if your Sitecore solution does not require authentication for users of the managed websites, you should consider Sitecore security when designing your information architecture.

 Here I am listing some checklist that should be implemented  before GO-LIVE.

1.       Protect your user password policy: enforce user to enter the strong password. Please refer the blog for complete details: http://sitecoresolution.blogspot.in/2014/05/sitecore-security-password-expiration.html

2.       Ensure you changed the default admin password: Changing the password prevents unauthorized users from using the default password to access the admin account
Step
1.        Login with admin user:


2.        Go to security editor >
3.        Go to user manager >


3.       Restrict Anonymous Access to Sitecore Folders from IIS:
We should restrict following folders
·         /App_Config
·         /sitecore/admin
·         /sitecore/debug
·         /sitecore/shell/WebService
Below are the steps to change the permission  level of this folder:
1.        Open the IIS > run> inetmgr
2.        Navigate to the Web Sites\your instance name\folder name.
3.        Double-click Authentication under feature view.
4.        Disable the anonymous user






4.       Ensure your login page on https: you can use If you do need HTTPS on some (but not all) of your website’s pages you might also want to consider the SSL Redirector module on the Sitecore marketplace. It allows serving of content items over HTTPS encryption by adding the template to the templates of the items you wish to be encrypted.
5.       Ensure that Client RSS Feeds is disabled if there is sensitive information: just disable the client rss feed setting from webconfig


6.       Ensure that the only way to upload files is from the Media Library: by disabled the Upload Watcher the  files that are placed in the /upload folder are not automatically uploaded to the Media Library.


7.       Ensure the correct license file on the production server:  Install the correct license in each environment. Most important, do not install a license that allows content management in a content delivery environment. An improper license can increase the solution’s vulnerability to attack.
8.       Ensure to follow best practice if importing users from another system.
9.       Ensure your custom error on: Remember to update your production web.config to <customErrors mode="RemoteOnly" />. This will allow to you have a friendly error message to your site visitors should an error occur.

10.   Ensure your custom administrative pages are fully protected never leave these pages unprotected.
11.   Prevent Cross Site Scripting (XSS) Attacks”: Cross Site Scripting (XSS) attacks are when a user submits HTML, script or SQL code to your site via form fields. Client-side validation should prevent malicious data being entered, but remember that this relies on JavaScript, which is trivial to disable in the browser. Add the following attribute to the <httpRuntime> element in your web.config file to enable request validation:
12.   Ensure that security rights is assigned to roles and not to users.
13.   Ensure that home item permission is Heavily restricted of each managed site, and grant access rights to its children and descendants instead.
14.   Use UserSwitcher wherever required instead of SecurityDisabler when editing programmatically.
15.   All non-implemented membership provider methods should throw non-supported exceptions
16.   Create the roles in Sitecore Domain instead of specific domain
17.   Use locally managed domains in the case of a multiple site implementations in single Sitecore instance.
18.   Turn off Auto Complete of Username in the Login Page
You can specify that Sitecore should not complete the username of users automatically when they log in. This is useful, for example, if you do not want user names to be disclosed when content authors log into Sitecore on a shared or public computer. In addition, you can disable the Remember me checkbox.
·         To disable auto complete of user names, open the web.config file and set the Login.DisableAutoComplete setting to true. This disables autocomplete on the Sitecore login forms on the /sitecore/login/default.aspx and /sitecore/admin/login.aspx pages.
·         To disable the Remember me checkbox on the login page, open the web.config file and set the Login.DisableRememberMe setting to true. This also ignores any existing Remember Me cookies, and all users have to log in again



Hope this will help you.

Happy Sitecore J