Getting Ready for Security in Sitecore XP 9

Security in Sitecore 9 Experience Cloud

The next step towards installing Sitecore Experience Platform 9 is making sure we can easily handle the creation of locally signed certificates.


Sitecore 9 by default is meant to run as a secure application. To help with managing these new security needs, the good (and smart) people at Sitecore have provided some PowerShell scripts to help. These scripts are found as part of the Sitecore Fundamentals module, which can be installed manually via a download from Sitecore, or through a custom MyGet Feed as shown here.

Sitecore Fundamentals Install

As I prefer to script for repeatability and ease of sharing with my dev team, this guide will be based on installing Sitecore Fundamentals via the MyGet feed approach.

Setup PowerShell to interact with the Sitecore MyGet feed

  1. Open a PowerShell command prompt, ensure you are running it as Admin
  2. Register the connection to MyGet feed, at the prompt enter (Note: if you have followed my SIF Install skip to step 3.)
    Register-PSRepository -Name SitecoreGallery -SourceLocation

    Sitecore Fundamentals - Register Sitecore Gallery

  3. Install the Sitecore Fundamentals module, at the prompt enter
     Install-Module SitecoreFundamentals
  4. PowerShell will ask if untrusted scripts can be ran, enter ‘A’ and hit Enter. (Note: If you have already set this value during SIF Install won’t apply to you.)Sitecore Fundamentals - Accept Untrusted Scripts
  5. Before performing any other steps, and each time before you use the module, you will want to perform a check and update of the module via
     Update-Module SitecoreFundamentals
  6. Confirming everything installed correctly is as easy as running the following command, at time of writing the current version is 1.1.0
    Get-Module SitecoreFundamentals -ListAvailable

    Sitecore Fundamentals - Available Versions

You should now be ready leverage Sitecore Fundamentals as needed in maintaining and installing Sitecore.


Load Test from the Cloud

Building a any application, but especially high traffic websites on Sitecore one of the final steps before launch is to tune ensure any caching mechanisms have been properly tuned to support the needs of the organization.

One of the difficulties my teams always have is finding a server or two or three with enough available horse power to pound on out site. Running from a simple local machine is good enough for about 2 minutes until it begins heating the entire office.

But this headache and a more reasonably temperature office exists. How did we achieve this utopian level? Through the cloud of course…Visual Studio Team Services to be specific, by the way it’s free to register and take advantage of even.

Visual Studio Team Services provides a number of different tools and services, many for free such as GIT repos, CI, team and task management. One of the services provided is the ability to run scaled load testing from the cloud. Depending on your needs, you have the opportunity to run four types of tests from VSTS, Visual Studio Test, HTTP Archive Based Test, URL Based Test, Apache jMeter Test.

Load Test Options

Two things I found great about the service is, A) I get a decent number of free testing units (called Virtual User Minutes) to perform my testing, and B) I don’t have to purchase a high level MSDN or Visual Studio license. Why? Because it supports my tool of choice Apache’s jMeter.

As easy as 1, 2, 3

I can build and even pre-test my jMeter test scenarios on my local or internal hardware to confirm it generates the proper simulated traffic. After this is as easy as 1,2,3,4..and maybe a 5th step.

  1. Login to Visual Studio Online
  2. Click over to the Load Test screen
  3. Create a new test of type jmeter from the selector
  4. Upload the jmx file representing you developed jMeter scenario
    Load Test Options
  5. Upload your jmx file that defines your test run. Note, that the name of the file is the name the test will be referenced in the other screens.
  6. Set yout number of agents, length of run, and region the test should run from.
  7. Click Run
    Load Test Setup
  8. Smile and sip your coffee as the data pours into convenient charts and table.

Not Accessible to the World, yet?

If your site is sitting behind a firewall and only has internal DNS, with some additional setup you can still leverage the power of the cloud to perform your test, Testing private/intranet applications using Cloud-based load testing.

Testing Sitecore

For testing Sitecore load check-out this pre-started jMeter test provided by Sitecore themselves One thing to note if you would also like to test out or populate out xAnalytics data you will want to disable robots detection via the following patch config. Robots detection needs disabled as the tester does not trigger page events as required by xAnalytics for identifying a ‘human’ user. (Just be sure to turn it back on before site launch.)

    Ignore requests and do not write information to the Analytics 
        database when the visitor       
        classification identifies the visitor as a robot.   
    Default: true
 -- >
<setting name="Analytics.Robots.IgnoreRobots">
    <patch:attribute name="value">false</patch:attribute>

If data still isn’t properly collecting you may also need to tweak the robot’s timeout value to allow the session to run longer.

        The ASP.NET Session Timeout for auto detected robots.
        When the automatic robot detection identifies a session as 
        being a robot, the ASP.NET Session Timeout 
        is set to this value (in minutes).  
    Default: 1  
-- >
<setting name="Analytics.Robots.SessionTimeout">
    <patch:attribute name="value">5</patch:attribute>

Its that simple, and now there is no longer any reason to avoid even basic site load tests for Sitecore or any other application.

During my exploration of leveraging this cloud based load testing I found the following links to be informative:

Multilist with Search Secret Sauce

Discover the Multilist with Search Formula

I find myself wanting to leverage the Multilist with Search field often when architecting a site. The ability to provide the users multiple pages of information to pick from while having the ability to perform a wildcard search makes it an excellent option for assigning taxonomy to a page or item. As many the benefits are for the editor, the headaches trying to recall the syntax to setup the source is always a pain for me. I spend an hour or so digging through old code snippets, notes, and google looking for the right syntax formula.

But that is to be no more, as this post will be my notes for future setup and hopefully yours too.

The Setup

Let’s say we have a product taxonomy which is made up of a series of nested folders for organizational purposes and a product can be assigned one or more. If we are building out taxonomy assignments for some products for our Coffeeshop, we may have list of items in the content tree, such as

Product Category Taxonomy

Our product template will be fairly simple and contain the following fields

Product Template

The field we are focused on is Product Taxonomy and how to properly point it at our taxonomy list as we want to allow the editor to pick one or more categories.

Gut Instinct

Your initial gut instinct, or at least mine, is to begin wiring up Product Taxonomy with DataSource= to set the pick list like any of the other pick types, so our value would be


Which ends up producing a list of everything. (If you try and get fancy and use the item ID you’ll end up with the same results.)
DataSource source

Start Search Location

The value we need to use is StartSearchLocation, which always points to a single item whose chidren and grand-children and great-*-grandchildren will be filterd and displayed. My gut feel would use a path like


And this to sadly ends with a list of everything in the content tree. The natural progression of trial and error means to use the ID, so we have



Template Filter

Feeling a little better now, but it includes the sub-folders which have been setup that we want to not allow for selection. To limit what is available for selection we can apply a second parameter appended via an ampersand (‘&’) to the source value. The addition is TemplateFilter, which accepts a list of pipe delimited (‘|’) template IDs. In this sample we want all Basic Setting items (7F289750-AA0F-49DB-B479-F7D4646061DB) and CSS Class items (B28694DA-2FE5-478E-A64F-AA918BA53796)


Template Filter

Page Size

If for some reason the default page size of 20 items doesn’t fit your editor’s needs, then there is an additional parameter that can be added PageSize which will limit the number of items shown. In this sample we only want to show 3 items per page.




In instances when you need to provide a very finely tuned list of items to pick for the editor, you can use the Filter parameter which supports simple to very complex Lucene queries. When using the filter, you must include a plus or minus sign with the field indicating the appropriate inclusion (plus sign) or exclusion (minus sign) you wish to achieve. In this example we want to only show the taxonomy items that include the sub-string ‘caff’


Filter with Lucene

Sitecore Query

Finally, for those who have really complex needs we can perform our filter via a traditional Sitecore query. Just by assigning it to the StartSearchLocation value. When using this method, note that you need to be sure to convert ‘=’ to ‘->’ to have them properly translated by the system. StartSearchLocation always needs to point to a single item of which the children will be selected and filtered for displaying.For this example, we only want the color items only, we could achieve this by filtering for specific items, or for the parent folder


Filter with a Sitecore Query


But wait there is some more

When working on building the perfect source for your field, and the field is always blank or you just keep getting the entire tree, be sure to check the log. Sitecore has provided some nice error logging to help you figure out what might need to be changed. These messages include

  • Content Editor – Multilist with search: Cannot find any item by query ‘{0}’ from the StartSearchLocation parameter. Location: ‘Source’ field of the ‘{1}’ field in the ‘{2}’ template
  • Content Editor – Multilist with search: Query ‘{0}’ from the StartSearchLocation parameter has incorrect format. Location: ‘Source’ field of the ‘{1}’ field in the ‘{2}’ template
  • Content Editor – Multilist with search: Cannot find any item by id ‘{0}’ from the StartSearchLocation parameter. Location: ‘Source’ field of the ‘{1}’ field in the ‘{2}’ template. ‘{3}’ will be used instead.
  • Content Editor – Multilist with search: Value ‘{0}’ from the StartSearchLocation parameter could not be treated as a valid GUID. Location: ‘Source’ field of the ‘{1}’ field in the ‘{2}’ template. ‘{3}’ will be used instead.

Finally, if you want to do some further exploring the full source to how the field parses the source into queries can be found with a little decompile magic of Sitecore.Buckets.dll, you’ll be looking for the SearchList class.


Cleaning up log messages for Geo IP Location

Starting with Sitecore 8.1 Geo IP lookup services come pre-installed and configured. All a site owner than need to do is log into the App Center and purchase the service. This is great from an implementer standpoint this is great as it’s one less configuration step that we have to take.

On the downside, if the site owners never purchase the lookup service the log will quickly clutter with ERROR messages.

ManagedPoolThread #12 16:01:15 ERROR Failed to perform GeoIp lookup for dd4795c0-1dca-ea8d-93c4-06d7f7aa5063
Exception: System.Net.WebException
Message: The remote name could not be resolved: ‘’
Source: System
at System.Net.HttpWebRequest.GetResponse()
at Sitecore.CES.Client.WebClient.ExecuteRequest(String requestUri)
at Sitecore.CES.Client.ResourceConnector`1.Request(String endpoint, Object[] parameters)
at Sitecore.CES.Discovery.EndpointSource.GetEndpoint(String serviceName)
at Sitecore.CES.GeoIp.SitecoreProvider.GetInformationByIp(String ip)
at Sitecore.Analytics.Lookups.GeoIpManager.GetDataFromLookupProvider(GeoIpHandle geoIpHandle)

The Fix

The fix isn’t hard; all it requires is a simple patch config to disable the lookup service.

<configuration xmlns:patch="">
            <setting name="Analytics.PerformLookup">
                <patch:attribute name="value">false</patch:attribute>

For the full details on the lookup service checkout the full documentation at

Guide To Creating Dimensions And Filters

Quick Refresher: The customer has asked the Sitecore team to provide additional reporting views using data already being collected by Experience Analytics. (To understand the full request take a look at the first part of the guide.)

This post covers the first two steps

Step 1: Create New Dimension

All of the data that is reported against, starts with a dimension. A dimension consist of a Sitecore Artifact in the Marketing Control Panel and a corresponding, compiled aggregation method and table(s) to support the proper data.

Therefore, creating new dimensions is a task that involves both developers and business intelligence analysts. The BI Analysts work with the customer to help define the questions that they want to ask of the data, and then help the developer understand how the currently collected data can be aggregated to get the needed answers.

This is a process in itself, which we will investigate further in future posts.

Step 2: Create New Filter

Filters are created once, and can be reused throughout different segments. Filters are built using the Sitecore Rules engine to define conditions that must be matched so the element will be added to the resulting data set.

  • Launch the Marketing Control Panel from the Sitecore Launchpad
  • In the content tree, expand Experience Analytics -> Filters
  • Right-click on Filters, choose Insert from the context menu, and then select Filter
  • In the dialog box, provide a Name for the filter
  • Click OK to close-out the Message Dialog
    Image One
  • There are minimal data fields to be filled out for a filter. Expand the Data section of the item and you will see a Rule field to complete
  • Click Edit Rule to open the standard rule editor
  • Choose the rule that best fits the data that you are looking to filter. Sitecore has done some backend magic, which spoofs the ‘current contact’ to allow rules to properly pull users into the filter in the form of Sitecore.ExperienceAnalytics.Aggregation.Rules.AggregationAdaptor.AggregationAdaptorTracker object
  • Finally, be sure to select the action ‘add visit to segment’ to ensure that the contacts are added to the resulting dataset
  • Click OK
    Image Two

As always, feel free to tweet me questions or comments @thecodeattic or on Sitecore Slack Community as @gillissm.

This post originally appeared at



Guide Book to Sitecore Reporting

Taking a journey without a good guidebook can be exciting and scary all at the same time. Having looked at the journey our data moves through from collection, squeezing through formatting to arrive at reporting, I thought we should have some more detailed guiding points (the cheap man’s guide book) as to what we can ‘do’ on the journey.

My first guide book takes a detailed look into the built-in reporting of Sitecore,

Sitecore Experience Analytics Quick Start

One of the awesome selling points of Sitecore Experience Manager is the vast amount of data that can fairly easily be collected on site visitors. The information can be used to trigger engagement plans, site personalization, etc.…to help the visitor feel a connection to your organization. When giving a demo, I always get the most ooohs and ahhhs when showing of the Experience Analytics Dashboard and the Experience Profiles, but behind all that flash is some serious data complexity and planning that is required.


My first post in a series exploring Experience Analytics is ready for your exploration,