Archive

Archive for the ‘ADX’ Category

ADX Portal – Forgot Password – ‘Invalid Party Object Type’ Error

February 21, 2020 2 comments

Few of our ADX portal users encountered an unhandled exception while resetting the Password using native ‘Forgot Password’ feature.

ADX_FgtPwd_1

Reason:

  • Its a sporadic issue only with few portal users.
  • When checked the ‘Event viewer’ logs on Portal’s web server, there was this following warning with ‘Invalid Party Object Type 9’ exception message.

ADX_FgtPwd_2

  • In CRM, ‘Object Type 9’ denotes OOB ‘Team’ entity and the issue turns out to be with the ‘From’ field of ‘Send Password Reset To Contact‘ ADX process.
  • In our requirement, we were setting ‘From’ field of ‘Send Password Reset To Contact’ process to owner of the ‘Portal User’ (i.e.,Contact).
  • Portal user’s (i.e.,Contact) who owned by teams encountering this issue while triggering ‘Forgot Password’. As Email can’t be delivered when a ‘Team’ set as ‘From’.

Fix:

  • Modified the ‘Send Password Reset To Contact‘ process by setting ‘From’ field to a ‘System User’ with Mail Box enabled. This made sure no ‘Team’ renders in ‘From’ field.

ADX_FgtPwd_3

🙂

 

ADX Portal – Display ‘Message’ during maintenance window

February 14, 2020 Leave a comment

There might be times when your Portal is under scheduled maintenance or is down due to temporary outage. When a user accesses the portal during maintenance, unpredictable behavior and intermittent unavailability might be experienced.

In ADX portal we can display a message to users during a maintenance activity by following below steps:

  • Create a HTML page with the message you would want to display.
  • Save it as ‘App_Offline.htm‘.
    • Make sure the name of the file is exactly same.
  • Place this file in root folder of ADX website.

Portal_Maintainence_1

  • ADX always opens ‘App_Offline.htm’ page, if it finds in root folder.
  • Hit the portal URL and you would get the ‘App_Offline.htm’ page, which displays your maintenance message.

Portal_Maintainence_2

🙂

 

Categories: ADX Tags: ,

ADX Portal – Prevent URL redirection

January 28, 2020 Leave a comment

Recently our ADX portal underwent Penetration testing (Also called ‘Ethical hacking’) and we got a following recommendation:

Prevent on-domain URL redirection. All URL redirection should be validated to only redirect to approved domains and/or URLs.

Reason:

  • In ADX portal, when ever you signed out or the session expires from a particular ‘web page’, Portal will take you back to the ‘web page’ you were before you signed out.
  • ADX portal achieves this behavior by appending ‘ReturnURL‘ parameter to the URL. ‘ReturnURL’ contains the web page path before you signed out.

ADX_Redirect_2

Whats the harm with this behavior?

  • ADX portal, will try to redirect to the URL formed in ‘ReturnURL’.
  • An attacker can redirect users from portal to a specific URL (Phishing).
    • As an example, attacker can mail you a link with Portal URL along with ‘ReturnURL?myphishingsite.com‘.
    • If the user think, its a genuine Portal URL and sign-in, ADX portal would redirect you the myphishingsite.com as the same was mentioned in ‘ReturnURL‘.

How to handle this in ADX website?

  • We modified the ‘Login’ logic to ignore ‘ReturnURL’ and redirect Users to portal’s Home page always.
  • All we need to do is
    • Set returnUrl=”/” on ‘LoginController.cs -> Login’ function.

ADX_Redirect_1

  • We can also modify the logic to allow redirection only to a set of URLs.

🙂

 

Categories: ADX Tags: , ,

Obsolete Secure Communications Protocol Supported – InfoSec – Fix

December 9, 2019 Leave a comment

Last week our web application (i.e., ADX portal website) underwent Penetration testing (Also called ‘Ethical hacking’) and we got following recommendation:

Disable all affected protocols identified above. If possible, implement TLSv1.3, or TLSv1.2 otherwise.

Reason:

  • In our application’s web server (IIS), TLSv1.0 and TLSv1.1 communication protocols were enabled.
  • TLSv1.0 and TLSv1.1 were deprecated in major browsers as of Q1 2019 and will be disabled completely in early 2020.

Fix:

  • We’ve used IIS Crypto tool to disable TLSv1.0 and TLSv1.1 protocols.
  • IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Servers.
  • Download the IIS Crypto GUI tool in your windows server where your application is hosted.

IIS Crypto_1

  • Open the tool and un-check TLSv1.0 and TLSv1.1 options.

IIS Crypto

  • You must restart the server for changes to take effect.

🙂

 

Categories: ADX, Misc Tags: , ,

BotDetect Captcha – 404 error – images are not loading

November 29, 2019 Leave a comment

Recently we leveraged BotDetect libraries in our Aspx MVC application to generate CAPTCHA.

After configured all the steps, CAPTCHA images were not showing up on web page.

CAPTCHA_1

Using browsers F12 option, we could notice there were 404 (i.e., Not Found) error codes.

CAPTCHA_2

Fix:

  • Issue in our case was all the BotDetect requests getting routed, which should not be.
  • Add below statement in your project’s ‘RouteConfig.cs’ file, which prevents BotDetect requests routing.

// BotDetect requests must not be routed
routes.IgnoreRoute(“{*botdetect}”,  new { botdetect = @”(.*)BotDetectCaptcha\.ashx” });

CAPTCHA_3

  • Rebuild the project and run and you should get the CAPTCHA code.

CAPTCHA_4

Refer article for the steps to configure CAPTCHA in MVC application.

🙂

Categories: ADX Tags: , ,

ADX Portal – Prevent unauthorized access of custom pages

November 26, 2019 Leave a comment

For one of our requirements, we built a custom .aspx page and placed under ‘Areas’ folder of OOB ADX website’s ‘MasterPortal’ project.

ADX_Prevent_UnAuthAccess

Issue:

  • The .aspx page was accessible without signing in to the portal by using the following URL convention
    • https://base_portal_url/Areas/folderName/Pages/filename.aspx

Fix:

  • On Page_Load of the aspx page, check whether the request is from authenticated user or not.
  • If unauthenticated request, set 401 error code (i.e., Unauthorized error) to the Response object and redirect to portals ‘SignIn’ page.
  • Below is the code snippet need to be placed in Aspx page’s ‘Page_Load’ event, which redirects unauthenticated requests to Portal’s ‘SignIn’ page.

protected void Page_Load(object sender, EventArgs e)
{
if (!Request.IsAuthenticated)
{
Response.StatusCode = 401;
Response.End();
}
}

🙂

Categories: ADX Tags: , ,

ADX/Dynamics portal – Setting up password policies

November 21, 2019 Leave a comment

If you want to imply password policy (i.e., Certain length, must have a digit, etc…) during the portal registrations, following entries need to be added to ‘Site Settings’ entity.

ADX_PasswordPolicy_1.PNG

Name Value
Authentication/UserManager/PasswordValidator/AlphanumericUserNames TRUE
Authentication/UserManager/PasswordValidator/RequireDigit TRUE
Authentication/UserManager/PasswordValidator/RequiredLength 9
Authentication/UserManager/PasswordValidator/RequireLowercase TRUE
Authentication/UserManager/PasswordValidator/RequireNonLetterOrDigit TRUE
Authentication/UserManager/PasswordValidator/RequireUppercase TRUE

If the password does not meet any of the configured setting values, you gonna get OOB validation error as follows:

ADX_PasswordPolicy

For more ‘Authentication’ related settings, refer the article

Refer this article for portals client scripting.

🙂

ADX Portals – Cannot register for ‘OnSendingHeaders’ event

November 5, 2019 Leave a comment

Other day, while configuring portal on a new CRM instance, portal shown error page, up on clicking the ‘Apply’ button.

License_Error1

There were no details on error screen to deduce the reason. So we had to go to the server where our portal website hosted.

When checked the ‘Event Viewer’ logs in Portal server, there was this following exception:

Exception type: InvalidOperationException

Exception message: Cannot register for ‘OnSendingHeaders’ event after response headers have been sent.

Reason & Fix:

  • CRM instance was missing ‘Adxstudio License Key’ record.
  • Post CRM connection, ADX would first check for the valid ‘License Key’. Since there was no ‘License Key’ record, Portal thrown error.
  • To fix this, add the ‘License Key’ by going to ‘Advanced Find -> ADXStudio License Keys‘, add a key.

License_Error2

🙂

 

Web Development – Useful jQuery Syntax’s

In this article, I am compiling the useful jQuery syntax’s which comes handy during your Dynmaics/ADX portal development or any other web development.

Prerequisite

  • Add jQuery library to your web page using <script> tag.
  • You can get the jQuery CDN here

Get Operations:

  • Get HTML element by Id

$(“#HTMLelementId“)

  • Get element by Class name

$(“.ClassName“)

  • Get element by ‘partial’ Id name.
    • As an example, if you want to get a Checkbox control which has ID ‘myChkBox‘, you can either get the element using full id with $(“#myChkBox”) or use partial id $(“[id$=’ChkBox‘]”).

$(“[id$=’PartialId‘]”)

  • Get Value

$(“#HTMLelementId“).val()

  • Get selected drop down text

$(“#DropdownId option:selected”).text()

Set Operations:

  • Set Text box

$(“#HTMLelementId“).val(“Hello World”);

  • Set Checkbox

$(“#checkboxId“).prop(“checked”, true); //true is checked; false is unchecked.

Add or Remove CSS Class

  • $(“#HTMLelementId“).addClass(“YourClassName“); // Add Class
  • $(“#HTMLelementId“).removeClass(“YourClassName“); // Remove Class

Hide/Show Element

  • Hide element

$(“#HTMLelementId“).hide();

  • To hide Parent
    • This is useful to hide a control along with Label.

$(“#HTMLelementId“).parent().hide()

  • Show element

$(“#HTMLelementId“).show();

Check if element exists on page

if ($(“#HTMLelementId“).length > 0){}

Iteration syntax

  • Loop through all Radio boxes which set to False.

$(“input[id][type=’radio’][value=’0′]”).each(function () {
var radioBox = this;
});

Attach events to HTML elements

  • To add ‘keypress’ event to Text box

$(“#HTMLelementId“).on(“keypress”, keyPressHandler);

function keyPressHandler(){
// Read the textbox value
var controlValue = this.val();
}

Remove event handler

  • To remove ‘onChange’ event from a control use ‘unbind’ method.

$(“#dropDownID“).unbind(“change”);

Trigger event

  • To trigger button ‘Click’ event

$(“#ButtonId“).click();

Remove option from Drop down:

  • Below script, removes ‘Mango’ from the Drop down control.

jQuery(“#dropdownId option:contains(‘Mango’)”).remove();

Read Query String Parameter

  • To read ‘country’ param value from current URL http://helloworld?country=India, call getParamValue(‘country’)
  • Function will return false, if no matching param found.

function getParamValue(paramName) {
var results = new RegExp(‘[\?&]’ + paramName + ‘=([^&#]*)’)
.exec(window.location.search);

return (results !== null) ? results[1] || 0 : false;
}

Get/Set elements in IFrame

  • To Get or Set the values of elements in IFrame, below is the syntax.

$(“#YourIframeID“).contents().find(‘#txtBoxId‘).val(); // Get the value

$(“#YourIframeID“).contents().find(‘#txtBoxId‘).val(“Hello World”); // Set the value

  • To access IFrame with in another IFrame

$(“#Iframe1ID“).contents().find(“#Iframe2ID“).contents().find(‘#txtBoxId‘).val(“Hello World”);

Create a new element:

  • Below is the snippet to create HTML button and add that next to an existing HTML element.

$(‘<input type=”button” id=”newBtn” class=”Your class name” value=”My New Button”/>’).insertAfter($(“#existingHTMLElementId“));
$(“#newBtn”).click(function () {

// Write your onclick script here
});

File Upload Control – Clear selected file:

  • We cannot clear the selected file from ‘File Upload’ control, by using $(“#fileuploadcontrolID”).val(“”).
  • We have to create a new element and replace the existing one.
  • Below statement clones the existing element, with blank file name and replaces the existing element.

$(“#fileuploadcontrolID“).replaceWith($(“#fileuploadcontrolID“).val(”).clone(true));

🙂

ADX Portals – adx_webformsession.adx_currentwebformstep is null

I got following exception while navigating through my ‘Web Form’ steps in ADX Portal.

adx_webformsession.adx_currentwebformstep is null

Reason:

  • I had redesigned a ‘Web Form’ by deleting couple of existing ‘Web Form’ steps.
  • However the associated ‘Session’ records, of deleted ‘Web Form’ steps, were still exists in the system causing the specified issue.

Fix:

  • Delete all orphan ‘Web Form Sessions’ records from the system.
  • Query all the ‘Web Form Sessions’ records which does not contain a ‘Web Form’, using ‘Advanced Find’ as below.

Portal_Session_1

  • Delete all records.

Portal_Session_2

  • Clear Portal Cache
  • Issue should go away.

🙂