Develop Reference

Sitecore 7.5 to other MVC Solution

I am trying to add sitecore to an existing solution where we already have an MVC Application.Now after adding Sitecore,I will make sitecore as start up project and add the reference of existing MVC Application as a reference to Sitecore MVC Application.
Since the existing application was using 4.5.1 and MVC 5.2.3,I am also using the same for my sitecore application.But the existing MVC application is using below:
1. System.Web.Http (Version:5.2.3.0)
2. System.Web.Http.WebHost (Version:5.2.3.0)
3. System.Net.Http.Formatting (Version:5.2.3.0)
So can I use the same for Sitecore?.If yes then I will have to Modify Web Config
From:
<compilation defaultLanguage="c#" debug="false" targetFramework="4.5.1">
<assemblies>
<add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Data.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Web.Helpers, Version=3.0.0.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Mvc, Version=5.2.3.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.WebPages, Version=3.0.0.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Http, Version=5.1.0.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Http.WebHost, Version=5.1.0.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Net.Http.Formatting, Version=5.1.0.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
To:
<compilation defaultLanguage="c#" debug="false" targetFramework="4.5.1">
<assemblies>
<add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Data.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<add assembly="System.Web.Helpers, Version=3.0.0.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Mvc, Version=5.2.3.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.WebPages, Version=3.0.0.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Http, Version=5.2.3.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Http.WebHost, Version=5.2.3.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Net.Http.Formatting, Version=5.2.3.0, Culture=neutral,PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
Is this change fine?.Please suggest.

Instead of adding Sitecore to your solution you should probably look at it the other way around I.e getting your Mvc application to work in Sitecore.
You shouldn't really change the assembly versions Sitecore is using and you should try to get your Mvc application to work with Sitecore. You can't 100% guarantee that Sitecore will work using higher or lower versions of assemblies that it needs. Whereas with your Mvc solution (I'm assuming you have the source code) you can always try to modify this to work with Sitecore.

Verified with sitecore support and they confirmed that all the above changes are fine.

Redirecting Users from Unauthorized Page

I have an MVC application that I recently converted the authentication/authorization method from forms to federated. Everything works fine, but on the home page I have to create a cookie for the authorization of the rest of my site to work properly. When users navigate to the home page first it works great, if they navigate to a different page first where authorization is required they get a 401 unauthorized error page.
When I had the forms authentication implemented it would redirect users that were unauthorized to the login page, with federation I no longer have a login page so I would like to redirect to the home page. With forms authentication the redirection was automatic, how would I setup something similar for my federated application?
Here are the federated portions of my web.config that are relevant. Again, federated authentication/authorization works, just the unauthorized redirect that isn't.
<system.web>
<customErrors mode="Off"/>
<authentication mode="None"/>
<authorization>
<deny users="?"/>
</authorization>
<membership defaultProvider="ADMembershipProvider">
<providers>
<add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionProtection="Secure" attributeMapUsername="sAMAccountName" connectionStringName="ADConn" connectionUsername="UName" connectionPassword="Pass" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="ActiveDirectoryRoleProvider" cacheRolesInCookie="true" cookieName=".ADLibraryROLES" cookiePath="/" cookieTimeout="1440" cookieRequireSSL="false" cookieSlidingExpiration="true" createPersistentCookie="true" cookieProtection="All">
<providers>
<clear />
<add name="ActiveDirectoryRoleProvider" connectionStringName="ADConn" connectionUsername="UName" connectionPassword="Pass" attributeMapUsername="sAMAccountName" type="MyApp.ActiveDirectoryRoleProvider" />
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules>
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler"/>
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler"/>
</modules>
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://fed.example.com/"/>
</audienceUris>
<securityTokenHandlers>
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
</securityTokenHandlers>
<certificateValidation certificateValidationMode="None"/>
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://myfedservice.example.com/adfs/services/trust">
<keys>
<add thumbprint="mythumb"/>
</keys>
<validIssuers>
<add name="http://fed.example.com/adfs/services/trust"/>
</validIssuers>
</authority>
</issuerNameRegistry>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true"/>
<wsFederation passiveRedirectEnabled="true" issuer="https://fed.example.com/adfs/ls/" realm="https://fed.example.com/" reply="https://fed.example.com/" requireHttps="true" persistentCookiesOnPassiveRedirects="true"/>
</federationConfiguration>
</system.identityModel.services>

You can configure this in the wsFederation section, see MSDN for further details. By setting the “passiveRedirectEnabled” to true, the WSFederationAuthenticationModule will look at all outgoing responses, trying to find HTTP 401s. If it finds a 401, it will modify the response and turn it into a redirect to the STS. Please note that in production you want to change requireHttps to true.
<system.identityModel.services>
<federationConfiguration>
<wsFederation passiveRedirectEnabled="true"
issuer="http://localhost:15839/wsFederationSTS/Issue"
realm="http://localhost:50969/" reply="http://localhost:50969/"
requireHttps="false"
signOutReply="http://localhost:50969/SignedOutPage.html"
signOutQueryString="Param1=value2&Param2=value2"
persistentCookiesOnPassiveRedirects="true" />
<cookieHandler requireSsl="false" />
</federationConfiguration>
Please note that you also need to add these modules:
<modules>
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
and the following config sections:
<configSections>
<!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />

Cookies Set but not Sent in Subsequent Requests

I'm preparing a demo of MembershipReboot for my local user group. I'm experiencing a strange scenario whereby the 2 cookies:
FedAuth; and
FedAuth1
are being set in the headers of the Response. However, in subsequent Requests, they are not part of the headers. I confirmed this using Fiddler and it explains why User.Identity.IsAuthenticated is always false after successful logins.
Is the anything which may be leading to this weird scenario?
Cheers

I had a few subtle errors in my Web.config file.
In the configSections element
Instead of:
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
I had:
<section name="system.identitymodel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
In the system.webServer > modules element
Instead of:
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler"/>
I had:
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
For the system.identityModel.services element
Instead of:
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="false" persistentSessionLifetime="30:00:00"/>
</federationConfiguration>
</system.identityModel.services>
I had:
<system.identitymodel.services>
<federationconfiguration>
<cookiehandler requiressl="false" persistentSessionLifetime="30:00:00" />
</federationconfiguration>
</system.identitymodel.services>
This was tough to diagnose, so always be careful when configuring your application!
MembershipReboot rocks!!!

RememberMe and RememberBrowser not working when browser is closed

I am using asp net mvc 5 + Identity 2.0 + Owin + IdentityReboot project on my website. For login, I am using a two-factor login with email code confirmation as second login pass. Everything looks fine, except for the fact that the rememberMe functionality and the rememberBrowser are not working when I close the browser. It looks like the cookies created are not persistent. Here is my full web.config
<?xml version="1.0"?>
<configuration>
<configSections>
<sectionGroup name="system.web.webPages.razor" type="System.Web.WebPages.Razor.Configuration.RazorWebSectionGroup, System.Web.WebPages.Razor, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<section name="host" type="System.Web.WebPages.Razor.Configuration.HostSection, System.Web.WebPages.Razor, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" />
<section name="pages" type="System.Web.WebPages.Razor.Configuration.RazorPagesSection, System.Web.WebPages.Razor, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" />
</sectionGroup>
</configSections>
<system.web.webPages.razor>
<host factoryType="System.Web.Mvc.MvcWebRazorHostFactory, System.Web.Mvc, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<pages pageBaseType="System.Web.Mvc.WebViewPage">
<namespaces>
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Optimization"/>
<add namespace="System.Web.Routing" />
</namespaces>
</pages>
</system.web.webPages.razor>
<appSettings>
<add key="webpages:Enabled" value="false" />
</appSettings>
<system.web>
<httpHandlers>
<add path="*" verb="*" type="System.Web.HttpNotFoundHandler"/>
</httpHandlers>
<!--
Enabling request validation in view pages would cause validation to occur
after the input has already been processed by the controller. By default
MVC performs request validation before a controller processes the input.
To change this behavior apply the ValidateInputAttribute to a
controller or action.
-->
<pages
validateRequest="false"
pageParserFilterType="System.Web.Mvc.ViewTypeParserFilter, System.Web.Mvc, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
pageBaseType="System.Web.Mvc.ViewPage, System.Web.Mvc, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"
userControlBaseType="System.Web.Mvc.ViewUserControl, System.Web.Mvc, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
<controls>
<add assembly="System.Web.Mvc, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" namespace="System.Web.Mvc" tagPrefix="mvc" />
</controls>
</pages>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<remove name="BlockViewHandler"/>
<add name="BlockViewHandler" path="*" verb="*" preCondition="integratedMode" type="System.Web.HttpNotFoundHandler" />
</handlers>
</system.webServer>
</configuration>
Can anyone give me an advice here?

Possibly some confusion on rememberBrowser. If you enable 2FA and don't rememberBrowser, then you will need to go through 2FA to log on. If you enable 2FA and rememberBrowser, it won't go through 2FA on that computer/browser combo.
Can you test this out with the latest sample?
Follow my tutorial and use Install-Package Microsoft.AspNet.Identity.Samples -Version 2.1.0-alpha1 –Pre
The idea behind this is on your home/trusted computer, you don't want to go through 2FA each time, but every other place you log in you want to make sure it's not the bad guy.

It is an error to use a section registered as allowDefinition='MachineToWebRoot' beyond the root web.config file

I'm developing an application and I ran into this error (that you can see in the title of this post) and I can't find the solution anywhere. This error points to the following lines of code:
<protocols>
<add name="net.tcp" processHandlerType="System.ServiceModel.WasHosting.TcpProcessProtocolHandler, System.ServiceModel.WasHosting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
appDomainHandlerType="System.ServiceModel.WasHosting.TcpAppDomainProtocolHandler, System.ServiceModel.WasHosting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
validate="false" />
<add name="net.pipe" processHandlerType="System.ServiceModel.WasHosting.NamedPipeProcessProtocolHandler, System.ServiceModel.WasHosting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
appDomainHandlerType="System.ServiceModel.WasHosting.NamedPipeAppDomainProtocolHandler, System.ServiceModel.WasHosting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
validate="false" />
<add name="net.msmq" processHandlerType="System.ServiceModel.WasHosting.MsmqProcessProtocolHandler, System.ServiceModel.WasHosting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
appDomainHandlerType="System.ServiceModel.WasHosting.MsmqAppDomainProtocolHandler, System.ServiceModel.WasHosting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
validate="false" />
<add name="msmq.formatname" processHandlerType="System.ServiceModel.WasHosting.MsmqIntegrationProcessProtocolHandler, System.ServiceModel.WasHosting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
appDomainHandlerType="System.ServiceModel.WasHosting.MsmqIntegrationAppDomainProtocolHandler, System.ServiceModel.WasHosting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
validate="false" />
</protocols>
I was having no problem debugging the app, but now I always get this error.
Can anybody help me?
Thanks so much for your time!