Archive

Posts Tagged ‘ADX’

ADX Portal – Display ‘Message’ during maintenance window

February 14, 2020 Leave a comment

There might be times when your Portal is under scheduled maintenance or is down due to temporary outage. When a user accesses the portal during maintenance, unpredictable behavior and intermittent unavailability might be experienced.

In ADX portal we can display a message to users during a maintenance activity by following below steps:

  • Create a HTML page with the message you would want to display.
  • Save it as ‘App_Offline.htm‘.
    • Make sure the name of the file is exactly same.
  • Place this file in root folder of ADX website.

Portal_Maintainence_1

  • ADX always opens ‘App_Offline.htm’ page, if it finds in root folder.
  • Hit the portal URL and you would get the ‘App_Offline.htm’ page, which displays your maintenance message.

Portal_Maintainence_2

🙂

 

Categories: ADX Tags: ,

ADX Portal – Prevent URL redirection

January 28, 2020 Leave a comment

Recently our ADX portal underwent Penetration testing (Also called ‘Ethical hacking’) and we got a following recommendation:

Prevent on-domain URL redirection. All URL redirection should be validated to only redirect to approved domains and/or URLs.

Reason:

  • In ADX portal, when ever you signed out or the session expires from a particular ‘web page’, Portal will take you back to the ‘web page’ you were before you signed out.
  • ADX portal achieves this behavior by appending ‘ReturnURL‘ parameter to the URL. ‘ReturnURL’ contains the web page path before you signed out.

ADX_Redirect_2

Whats the harm with this behavior?

  • ADX portal, will try to redirect to the URL formed in ‘ReturnURL’.
  • An attacker can redirect users from portal to a specific URL (Phishing).
    • As an example, attacker can mail you a link with Portal URL along with ‘ReturnURL?myphishingsite.com‘.
    • If the user think, its a genuine Portal URL and sign-in, ADX portal would redirect you the myphishingsite.com as the same was mentioned in ‘ReturnURL‘.

How to handle this in ADX website?

  • We modified the ‘Login’ logic to ignore ‘ReturnURL’ and redirect Users to portal’s Home page always.
  • All we need to do is
    • Set returnUrl=”/” on ‘LoginController.cs -> Login’ function.

ADX_Redirect_1

  • We can also modify the logic to allow redirection only to a set of URLs.

🙂

 

Categories: ADX Tags: , ,

ADX Portal – Prevent unauthorized access of custom pages

November 26, 2019 Leave a comment

For one of our requirements, we built a custom .aspx page and placed under ‘Areas’ folder of OOB ADX website’s ‘MasterPortal’ project.

ADX_Prevent_UnAuthAccess

Issue:

  • The .aspx page was accessible without signing in to the portal by using the following URL convention
    • https://base_portal_url/Areas/folderName/Pages/filename.aspx

Fix:

  • On Page_Load of the aspx page, check whether the request is from authenticated user or not.
  • If unauthenticated request, set 401 error code (i.e., Unauthorized error) to the Response object and redirect to portals ‘SignIn’ page.
  • Below is the code snippet need to be placed in Aspx page’s ‘Page_Load’ event, which redirects unauthenticated requests to Portal’s ‘SignIn’ page.

protected void Page_Load(object sender, EventArgs e)
{
if (!Request.IsAuthenticated)
{
Response.StatusCode = 401;
Response.End();
}
}

🙂

Categories: ADX Tags: , ,

ADX/Dynamics portal – Setting up password policies

November 21, 2019 Leave a comment

If you want to imply password policy (i.e., Certain length, must have a digit, etc…) during the portal registrations, following entries need to be added to ‘Site Settings’ entity.

ADX_PasswordPolicy_1.PNG

Name Value
Authentication/UserManager/PasswordValidator/AlphanumericUserNames TRUE
Authentication/UserManager/PasswordValidator/RequireDigit TRUE
Authentication/UserManager/PasswordValidator/RequiredLength 9
Authentication/UserManager/PasswordValidator/RequireLowercase TRUE
Authentication/UserManager/PasswordValidator/RequireNonLetterOrDigit TRUE
Authentication/UserManager/PasswordValidator/RequireUppercase TRUE

If the password does not meet any of the configured setting values, you gonna get OOB validation error as follows:

ADX_PasswordPolicy

For more ‘Authentication’ related settings, refer the article

Refer this article for portals client scripting.

🙂

ADX Portals – Cannot register for ‘OnSendingHeaders’ event

November 5, 2019 Leave a comment

Other day, while configuring portal on a new CRM instance, portal shown error page, up on clicking the ‘Apply’ button.

License_Error1

There were no details on error screen to deduce the reason. So we had to go to the server where our portal website hosted.

When checked the ‘Event Viewer’ logs in Portal server, there was this following exception:

Exception type: InvalidOperationException

Exception message: Cannot register for ‘OnSendingHeaders’ event after response headers have been sent.

Reason & Fix:

  • CRM instance was missing ‘Adxstudio License Key’ record.
  • Post CRM connection, ADX would first check for the valid ‘License Key’. Since there was no ‘License Key’ record, Portal thrown error.
  • To fix this, add the ‘License Key’ by going to ‘Advanced Find -> ADXStudio License Keys‘, add a key.

License_Error2

🙂

 

‘Address Suggestions’ in Portals using Esri ArcGIS

September 15, 2019 2 comments

In our Dynamics Portals, we got a requirement to show ‘Address Suggestions’ as and when the end user start typing the address.

We implemented the solution by consuming the Esri ArcGIS mapping service, from our Portal’s web page.

ESRI_1

‘Entity Form’ with Address Suggestions

In this article lets see how to implement this at a high level.

What is ESRI ArcGIS?

  • Its a cloud based mapping and analytics platform.

ESRI_3

  • For our ‘Address Suggestions’ requirement, we have consumed ESRI ArcGIS’s World Geocoding Service
  • World Geocoding Service:
    • Its part of ESRI ArcGIS.
    • This Service finds addresses and places in all supported countries from a single endpoint.
    • The service can find point locations of addresses, business names, and so on.

Steps to fetch ‘Address Suggestions’:

  • To fetch the ‘Address Suggestions’, we have used findAddressCandidates operation of ‘World Geocoding Service’.
  • findAddressCandidates operation is REST based and takes ‘Input address’ as parameter.
  • As an example, to fetch the ‘Microsoft Office’ addresses in ‘Redmond’ the REST URL would be as follows:

https://geocode.arcgis.com/arcgis/rest/services/World/GeocodeServer/findAddressCandidates?SingleLine=Microsoft+Redmond&sourceCountry=USA&category=&outFields=*&forStorage=false&f=pjson

ESRI_2

  • In the above URL,
    • ‘findAddressCandidates’ –  Operation name.
    • ‘SingleLine’ – Parameter which you need to pass address you are looking for (i.e., Microsoft+Redmond). Use + symbol to combine the words.
    • ‘sourceCountry’ – Optional parameter. if provide, results will be specific to provided country code.
  • Below is the sample script to call the service from Portal Web Page/Entity Form/ Web Templates.

function GetAddressrecommendations(address) {
var url = https://geocode.arcgis.com/arcgis/rest/services/World/GeocodeServer/findAddressCandidates?SingleLine=”+address+”&category=&outFields=*&forStorage=false&f=pjson;
// To limit the address to ‘United States’ country uncomment below line
// url += “&sourceCountry=USA”;

var xhr = createCORSRequest(“GET”, url);
if (!xhr) {
throw new Error(“CORS not supported”);
}
xhr.onload = function () {
var text = xhr.responseText;
// Success and add logic to Parse the Response.
};
xhr.onerror = function () {
alert(“Unable to fetch addresses.”);
};
xhr.send();
}

function createCORSRequest(method, url) {
var xhr = new XMLHttpRequest();
if (“withCredentials” in xhr) {
xhr.open(method, url, true);
} else if (typeof XDomainRequest != “undefined”) {
xhr = new XDomainRequest();
xhr.open(method, url);
} else {
xhr = null;
}
return xhr;
}

How to call the method?

  • Call the GetAddressrecommendations function by passing the address you are looking for
    • GetAddressrecommendations(‘Microsoft+Redmond’)

Notes:

  • Esri ArcGis platform provides both hosted GIS services and a portal with a web UI and APIs for publishing, sharing, and managing content, maps, applications, and users.
  • It has both Free and Paid services. Read the documentation before making the decision.

🙂

Dynamics/ADX Portals – Create Notes using SDK

As part of an integration requirement, we had to create ‘Notes’ (i.e., Annotation) with attachment using SDK.

Key Notes:

  • ‘Subject’ and ‘Notetext’ field values of Portal Notes follows a specific pattern than that of Dynamics.  Values must be set as follows:
    • SubjectNote created on {DateTime.Now.ToString()} by {Portal User Name} [contact:{PortalUserGUID}]
      • If the Portal user name is ‘Rajeev P’ and Portal user GUID(i.e.,Contact record’s GUID) is ‘2510ae27-7289-e911-a958-001dd800d97c’, Subject will be Note created on {DateTime.Now.ToString()} by Rajeev P [contact:2510ae27-7289-e911-a958-001dd800d97c]
    • Notetext*WEB*
  • If you don’t pass Portal User’s GUID in ‘Subject’ field, Portal shows the Notes record created by as User whom the Portal was configured.

Code to create Annotation:

Below is the code snippet

var noteSubject = “Note created on {DateTime.Now.ToString()} by Rajeev P [contact:2510ae27-7289-e911-a958-001dd800d97c]“;

var entAnnotation = new Entity(“annotation”);
entAnnotation[“subject“] = noteSubject;
entAnnotation[“notetext“] = “*WEB*”;
entAnnotation[“filename”] = {File_name}; // Set FileName
entAnnotation[“documentbody”] = {Base64String}; // Pass document body in Base64 format
entAnnotation[“isdocument”] = true;
entAnnotation.Attributes[“objectid”] = new EntityReference({RegardingSchemaName}, {RegardingGuid}); // Set Schema and GUID
entAnnotation.Attributes[“objecttypecode”] = {RegardingSchemaName}; // Set Schema

var noteId = crmService.Create(entAnnotation);

  • Note : Replace values in {} with actual values.

🙂