Archive

Archive for the ‘ADX’ Category

Obsolete Secure Communications Protocol Supported – InfoSec – Fix

December 9, 2019 Leave a comment

Last week our web application (i.e., ADX portal website) underwent Penetration testing (Also called ‘Ethical hacking’) and we got following recommendation:

Disable all affected protocols identified above. If possible, implement TLSv1.3, or TLSv1.2 otherwise.

Reason:

  • In our application’s web server (IIS), TLSv1.0 and TLSv1.1 communication protocols were enabled.
  • TLSv1.0 and TLSv1.1 were deprecated in major browsers as of Q1 2019 and will be disabled completely in early 2020.

Fix:

  • We’ve used IIS Crypto tool to disable TLSv1.0 and TLSv1.1 protocols.
  • IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Servers.
  • Download the IIS Crypto GUI tool in your windows server where your webย  application is hosted.

IIS Crypto_1

  • Open the tool and un-check TLSv1.0 and TLSv1.1 options.

IIS Crypto

  • You must restart the server for changes to take effect.

๐Ÿ™‚

 

Categories: ADX, Misc Tags: , ,

BotDetect Captcha – 404 error – images are not loading

November 29, 2019 Leave a comment

Recently we leveraged BotDetect libraries in our Aspx MVC application to generate CAPTCHA.

After configured all the steps, CAPTCHA images were not showing up on web page.

CAPTCHA_1

Using browsers F12 option, we could notice there were 404 (i.e., Not Found) error codes.

CAPTCHA_2

Fix:

  • Issue in our case was all the BotDetect requests getting routed, which should not be.
  • Add below statement in your project’s ‘RouteConfig.cs’ file, which prevents BotDetect requests routing.

// BotDetect requests must not be routed
routes.IgnoreRoute(“{*botdetect}”, ย new { botdetect = @”(.*)BotDetectCaptcha\.ashx” });

CAPTCHA_3

  • Rebuild the project and run and you should get the CAPTCHA code.

CAPTCHA_4

Refer article for the steps to configure CAPTCHA in MVC application.

๐Ÿ™‚

Categories: ADX Tags: , ,

ADX Portal – Prevent unauthorized access of custom pages

November 26, 2019 Leave a comment

For one of our requirements, we built a custom .aspx page and placed under ‘Areas’ folder of OOB ADX website’s ‘MasterPortal’ project.

ADX_Prevent_UnAuthAccess

Issue:

  • The .aspx page was accessible without signing in to the portal by using the following URL convention
    • https://base_portal_url/Areas/folderName/Pages/filename.aspx

Fix:

  • On Page_Load of the aspx page, check whether the request is from authenticated user or not.
  • If unauthenticated request, set 401 error code (i.e., Unauthorized error) to the Response object and redirect to portals ‘SignIn’ page.
  • Below is the code snippet need to be placed in Aspx page’s ‘Page_Load’ event, which redirects unauthenticated requests to Portal’s ‘SignIn’ page.

protected void Page_Load(object sender, EventArgs e)
{
if (!Request.IsAuthenticated)
{
Response.StatusCode = 401;
Response.End();
}
}

๐Ÿ™‚

Categories: ADX Tags: , ,

ADX/Dynamics portal – Setting up password policies

November 21, 2019 Leave a comment

If you want to imply password policy (i.e., Certain length, must have a digit, etc…) during the portal registrations, following entries need to be added to ‘Site Settings’ entity.

ADX_PasswordPolicy_1.PNG

Name Value
Authentication/UserManager/PasswordValidator/AlphanumericUserNames TRUE
Authentication/UserManager/PasswordValidator/RequireDigit TRUE
Authentication/UserManager/PasswordValidator/RequiredLength 9
Authentication/UserManager/PasswordValidator/RequireLowercase TRUE
Authentication/UserManager/PasswordValidator/RequireNonLetterOrDigit TRUE
Authentication/UserManager/PasswordValidator/RequireUppercase TRUE

If the password does not meet any of the configured setting values, you gonna get OOB validation error as follows:

ADX_PasswordPolicy

For more ‘Authentication’ related settings, refer the article

Refer this article for portals client scripting.

๐Ÿ™‚

ADX Portals – Cannot register for ‘OnSendingHeaders’ event

November 5, 2019 Leave a comment

Other day, while configuring portal on a new CRM instance, portal shown error page, up on clicking the ‘Apply’ button.

License_Error1

There were no details on error screen to deduce the reason. So we had to go to the server where our portal website hosted.

When checked the ‘Event Viewer’ logs in Portal server, there was this following exception:

Exception type: InvalidOperationException

Exception message: Cannot register for ‘OnSendingHeaders’ event after response headers have been sent.

Reason & Fix:

  • CRM instance was missing ‘Adxstudio License Key’ record.
  • Post CRM connection, ADX would first check for the valid ‘License Key’. Since there was no ‘License Key’ record, Portal thrown error.
  • To fix this, add the ‘License Key’ byย going to ‘Advanced Find -> ADXStudio License Keys‘, add a key.

License_Error2

๐Ÿ™‚

 

Web Development – Useful jQuery Syntax’s

In this article, I am compiling the useful jQuery syntax’s which comes handy during your Dynmaics/ADX portal development or any other web development.

Prerequisite

  • Add jQuery library to your web page using <script> tag.
  • You can get the jQuery CDN here

Get Operations:

  • Get HTML element by Id

$(“#HTMLelementId“)

  • Get element by Class name

$(“.ClassName“)

  • Get element by ‘partial’ Id name.
    • As an example, if you want to get a Checkbox control which has ID ‘myChkBox‘, you can either get the element using full id with $(“#myChkBox”) or use partial id $(“[id$=’ChkBox‘]”).

$(“[id$=’PartialId‘]”)

  • Get Value

$(“#HTMLelementId“).val()

  • Get selected drop down text

$(“#DropdownId option:selected”).text()

Set Operations:

  • Set Text box

$(“#HTMLelementId“).val(“Hello World”);

  • Set Checkbox

$(“#checkboxId“).prop(“checked”, true); //true is checked; false is unchecked.

Add or Remove CSS Class

  • $(“#HTMLelementId“).addClass(“YourClassName“); // Add Class
  • $(“#HTMLelementId“).removeClass(“YourClassName“); // Remove Class

Hide/Show Element

  • Hide element

$(“#HTMLelementId“).hide();

  • To hide Parent
    • This is useful to hide a control along with Label.

$(“#HTMLelementId“).parent().hide()

  • Show element

$(“#HTMLelementId“).show();

Check if element exists on page

if ($(“#HTMLelementId“).length > 0){}

Iteration syntax

  • Loop through all Radio boxes which set to False.

$(“input[id][type=’radio’][value=’0′]”).each(function () {
var radioBox = this;
});

Attach events to HTML elements

  • To add ‘keypress’ event to Text box

$(“#HTMLelementId“).on(“keypress”, keyPressHandler);

function keyPressHandler(){
// Read the textbox value
var controlValue = this.val();
}

Remove event handler

  • To remove ‘onChange’ event from a control use ‘unbind’ method.

$(“#dropDownID“).unbind(“change”);

Trigger event

  • To trigger button ‘Click’ event

$(“#ButtonId“).click();

Remove option from Drop down:

  • Below script, removes ‘Mango’ from the Drop down control.

jQuery(“#dropdownId option:contains(‘Mango’)”).remove();

Read Query String Parameter

  • To read ‘country’ param value from current URLย http://helloworld?country=India, call getParamValue(‘country’)
  • Function will return false, if no matching param found.

function getParamValue(paramName) {
var results = new RegExp(‘[\?&]’ + paramName + ‘=([^&#]*)’)
.exec(window.location.search);

return (results !== null) ? results[1] || 0 : false;
}

Get/Set elements in IFrame

  • To Get or Set the values of elements in IFrame, below is the syntax.

$(“#YourIframeID“).contents().find(‘#txtBoxId‘).val(); // Get the value

$(“#YourIframeID“).contents().find(‘#txtBoxId‘).val(“Hello World”); // Set the value

  • To access IFrame with in another IFrame

$(“#Iframe1ID“).contents().find(“#Iframe2ID“).contents().find(‘#txtBoxId‘).val(“Hello World”);

Create a new element:

  • Below is the snippet to create HTML button and add that next to an existing HTML element.

$(‘<input type=”button” id=”newBtn” class=”Your class name” value=”My New Button”/>’).insertAfter($(“#existingHTMLElementId“));
$(“#newBtn”).click(function () {

// Write your onclick script here
});

File Upload Control – Clear selected file:

  • We cannot clear the selected file from ‘File Upload’ control, by using $(“#fileuploadcontrolID”).val(“”).
  • We have to create a new element and replace the existing one.
  • Below statement clones the existing element, with blank file name and replaces the existing element.

$(“#fileuploadcontrolID“).replaceWith($(“#fileuploadcontrolID“).val(”).clone(true));

๐Ÿ™‚

ADX Portals – adx_webformsession.adx_currentwebformstep is null

I got following exception while navigating through my ‘Web Form’ steps in ADX Portal.

adx_webformsession.adx_currentwebformstep is null

Reason:

  • I had redesigned a ‘Web Form’ by deleting couple of existing ‘Web Form’ steps.
  • However the associated ‘Session’ records, of deleted ‘Web Form’ steps, were still exists in the system causing the specified issue.

Fix:

  • Delete all orphan ‘Web Form Sessions’ records from the system.
  • Query all the ‘Web Form Sessions’ records which does not contain a ‘Web Form’, using ‘Advanced Find’ as below.

Portal_Session_1

  • Delete all records.

Portal_Session_2

  • Clear Portal Cache
  • Issue should go away.

๐Ÿ™‚