Federated Identity in Visual Studio Online

This great post by Mitch Denny provides insights into federating Visual Studio Online using Azure Active Directory. The techniques described for enabling the federation without exposing either organization’s internal directories is of great use for consultant/integrator groups who are working with multiple clients and need to protect their information.

Mitch Denny

Earlier this week Sean McBreen from the Visual Studio Online team posted an announcement detailing the work that he and his team have been doing to streamline the process of creating a new Visual Studio Online accounts where users can authenticate using their corporate username and password.

This scenario is enabled through Azure Active Directory (AAD) which allows for synchronisation of corporate identity information to the cloud which can then be used by SaaS applications such as Office 365, Dynamics CRM and now Visual Studio Online.

If you want to get up and running with Visual Studio Online quickly, and link it to your corporate directory I recommend that you read Sean’s post. The purpose this post is to show how enabling authentication with AAD in Visual Studio Online is not only great for organisations who want to us corporately controlled user names and passwords, but also for projects that…

View original post 1,672 more words

Sitecore 7.1: CSRF form field is missing

Sitecore 122During a review of a solution we were delivering on Sitecore 7.1 Update 2 (rev 140324), our Page Editor dialogs no longer allowed users to expand tree lists when adding components. On the server, the logs were showing a CSRF exception,  specifically that a CSRF form field was missing.

6708 16:19:44 ERROR Application error.
Exception: Sitecore.Security.AntiCsrf.Exceptions.PotentialCsrfException
Message: CSRF form field is missing.
Source: Sitecore.Security.AntiCsrf
   at Sitecore.Security.AntiCsrf.SitecoreAntiCsrfModule.RaiseError(Exception ex, HttpContext context)
   at Sitecore.Security.AntiCsrf.SitecoreAntiCsrfModule.PreRequestHandlerExecute(Object sender, EventArgs e)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

The Cause

I discovered that the root cause of this is a missing line in the Sitecore.AntiCsrf.config file which seems to have disappeared from 7.1 as of revision 140130.

Previous versions of the file contained a line to ignore the TreeviewEx:

   <ignore contains="TreeviewEx" />

The Fix

In order to fix this in your installation, you can use a configuration file like the following to patch in the value.:

<configuration xmlns:patch=”http://www.sitecore.net/xmlconfig/”>
   <sitecore>
      <AntiCsrf>
         <rules>
            <rule name=”shell”>
               <ignore patch:before=”ignore[@contains='InstantSearch']” contains=”TreeviewEx” />
            </rule>
         </rules>
      </AntiCsrf>
   </sitecore>
</configuration>

How I know a project plan is total nutbars… and how it can be fixed

ScrumWe have all seen the magical project plans that have no grounding in reality. Schedules are far too aggressive, scope is beyond what the team can handle, not enough resources available to properly run the team… all to meet some magical “hard deadline” that has been imposed seemingly without any reason.

The folks in charge of these plans are not evil – they may just have somebody enforcing a deadline on them and are trying every possible thing to draw a picture to meet that deadline so they don’t get fired. These people are members of our team and we cannot leave them struggling alone. As architects and technical subject matter experts, we need to help our team members make their complete nutbar of a project plan into something that makes sense in the real world we live in.

Continue reading “How I know a project plan is total nutbars… and how it can be fixed”

Sitecore publishing: what does it mean?

Sitecore 122Over time, our team has realized that when we are speaking to a client about publishing in Sitecore, we may not all be talking about the same thing. There really are three “publish” contexts that a client may be referring to: workflow approval, web database publishing, and content delivery cache clearing. Trying to make this clear to a client isn’t always easy.

But it can be!
Continue reading “Sitecore publishing: what does it mean?”