Sitefinity 10.0 Beta Announced

Sitefinity 10.0 Beta is available for download on this link. 

Nuget packages are available on http://nuget.sitefinity.com/ (use pre-release tag)

This version contains 

Authentication reinvention, SVG Images Support, System Health Check, Built-In Site Warmup, Diagnostic module improvements and extended functionality, Cache Control Policy Management support, Site Shield, Delete Add-On, Tools updates, multiple bug fixes and more. 

Authentication & Security

Integration with third-party Identity Providers

(documentation)

Оut-of-the-box integration added with the most popular authentication types/providers:

• ADFS (over SAML or JWT)
• Windows authentication
• Basic authentication  
• Facebook
• Google
• Microsoft
• Twitter
• LinkedIn
• GitHub

OpenID Connect-Based User Authentication

(documentation)

OpenID Connect allows clients of all types, including Web-based, mobile, and JavaScript clients, to request and receive information about authenticated sessions and end-users. Here are the main benefits:

• Interoperability
• Security
• Ease of deployment
• Flexibility
• Wide support of devices
• Enabling Claims Providers to be distinct from Identity Providers

For more information you could check the official OpenID Connect site.

Login by Email

(documentation)

Sitefinity 10.0 supports login with email (instead of username). There is no more a need to specify both username and email when registering a user in Sitefinity. The email is sufficient making the login process more convenient as you don't have to remember specific username.

If a user has a registration with username (different than email) both username and email will work successfully for login.

Association of Sitefinity roles and external claims

(documentation)

IT administrators can configure a mapping between external claims (e.g. AD groups/roles) and Sitefinity roles for implementing external role management of the new web site users.

Site Shield

(documentation)

While developing a website that only a chosen group of people should be able to see, Website Managers can invite people to the secured site and monitor when they access the site and from what devices. Stakeholders are able to review the progress even without being CMS users.

This feature will be available only for Sitefinity license holders who have Multisite Management capability.

Roles and Permissions Management Improvements

(documentation)

Better user experience and functionality for managing permissions in Мultisite environments with several providers.

Application Status Page Improvements

(documentation)

In order to hide the CMS utilized by the web site from the web site visitors, Sitefinity allows administrators to configure the application status page relative URL.

Performance and Scalability

Cache Control Policy Management

(documentation)
Support for client cache based on standard cache control HTTP response headers such as Cache-Control max age, public etc. 

• Improved overall performance for website pages by obtaining a cached responses.
• New UI screen for working the Cache control headers.
• Separate cache profiles for media items – different profiles can be configured for different media items (images, videos, documents)

System Health Check service

(documentation)
Developers and System Administrators can use the Sitefinity health check API endpoint to easily get the current status of a website in terms of database access, NLB communication, Internet connectivity and Redis access.  

Built-In Site Warmup

Diagnostics Module Improvements

(documentation)
Multiple improvements in profiling capabilities, while in the same time reducing potential performance impact on live environments of the profiling process. The new reports and tracking capabilities include:

• MVC Widgets Profiler - instead of page level only, profiling is going deeper to the widget level 
• Added Razor templates compilation profiler
• Site re-initialization profiler - track restarts of the web site
• SQL Profiling without performance impact (statistics only)
• NLB requests tracking
• Light mode is introduced - web and database requests are tracked separately
• Data truncation for historical records

Marketing

SVG Images Support

(documentation)

Content Marketers can easily use SVG images for better website performance and visitor experience, especially on mobile devices.

Multisite Data Tracking

(documentation)
Sitefinity 10 makes it possible to isolate customer journey data for individual websites powered by a single CMS instance (codebase) in separate data centers in the Digital Experience Cloud. Thus, Digital Marketers can get data-driven insights that are specific to the brand or website they manage.

MVC-Based Widgets Tracking

All MVC widgets now match the behavioral tracking capabilities of web forms

Persona Scoring Improvements

(documentation)
A new capability of the Persona Scoring rules allows Digital Marketers to score every visit of a particular web site section or page, rather than the first time only, which simplifies the Scoring Model definition and reduces the model maintenance costs.

Lead Scoring Improvements

(documentation)
A new capability of the Lead Scoring rules allows Digital Marketers to score repetitive interactions measuring an increased engagement of a particular contact.

Administration

Export and import a ZIP file

(documentation)

Allows for the export and import of content and structure to and from a .zip file. The .zip file can be used to import the data in another Sitefinity instance,thus providing the opportunity to use starter kits for new projects.

Delete Add-ons

(documentation)

Add-ons can now be uninstalled by uninstalling the NuGet packages holding them. After the website initializes, Sitefinity will automatically remove all functionality, structure and content that were part of that Add-on.

Export user  profiles

(documentation)

User Profile structure is included in the export/import functionality for deployment, add-on or .zip file, so new projects with similar user profiling can easily benefit from previous structures.

Other Improvements

Tools Updates

• RadControls Q1 2017 SP2 ( version 2017.1.118). Release notes here
• Kendo UI R3 2016 SP2( version 2016.3.11.18). Release notes here
• MaxMind latest database, Release March 2017
• Service Stack - version 4.5.6
• Azure .NET SDK version 2.9.6. Release notes here.
• Newtonsoft Json version 9.0.0.0. Release notes here.

Web Services

• Support for managing folders - clients of the service layer can execute CRUD operations on folders
  (documentation)
• A set of properties for folders and libraries are now marked as non-editable due to functional limitations
  (documentation)
• Login/Logout endpoints are now deprecated. Authentication works with Bearer tokens according to the new mechanism.

New Supported OS and Databases

(documentation)

• Windows Server 2016
• MS SQL Server 2016

Development Platform Enhancements

(documentation)

• Random GUIDs - the system will automatically assign random GUIDs to new items added, instead of the previously utilized sequential GUIDs

Discontinued and deprecated

• DAM module (Lightening )
• Mobile App Builder
• Connector for Telerik Backend Services
• Blogging with Windows Live Write
• Old Twitter Widget (TwitterWidget)

What's fixed 

• Revision History: Viewing an entry for an Event will show incorrect information (FP)
• ElasticSearch: Fields containing underscore are renamed in the TocamelCase method, making impossible to return results from them (FP)
• Scheduling creates revision history entry from System user (FP)
• Responsive design rules are always applied when editing pages in the backend (FP)
• Images: Performance degradation (FP)
• Media content items throw 404 Not Found in multilingual site (FP)
• Missing Analytics config in advanced settings (FP)
• Pages: Discard Draft option does not work on users with Author or Editor roles (FP)
• Database: Historical information of deleted items are not removed from tables sf_version_items and sf_version_chnges (FP)
• Web forms tags widget does not generate correct URLs if content widget is on different page (FP)
• Email Campaigns: Send check message does not work as expected (FP)
• Analytics: User list for permissions displays only 40 users (FP)
• Feather Taxon selector: Selecting a child category causes the designer to load incorrectly (FP)
• Responsive Design: CSS transformations null reference when invalid page ID is passed (FP)
• WebApi: Concurrency issue - item strategies are singleton
• Security: Unable to change permissions of libraries under Administration -> User files in Мultisite (FP)
• Cannot change library URL to upper case
• Add additional logging in SiteSync
• Comments have two href attributes (FP)
• Ecommerce: Product additional url removed when new one is added for alternate language (FP)
• Redirect page converted to regular page persists properties in database (FP)
• Cannot delete custom classification item in multilingual and multisite project (FP)
• Content Block: Users are able to see edit options for restricted shared content blocks after adding the widget (FP)
• Feather: Cannot set attributes values that contain spaces in forms validation attributes (FP)
• Feather: Pager is throwing exception if pages are more than 10 (FP)
• Feather: Captcha is not validated client-side form (FP)
• Feather: Classification field for a custom classification throws exception in Dynamic Content details view (FP)
• Feather: No client-side validation of custom rule in MVC Form (FP)
• Feather: Required attribute is encoded in MVC Form (FP)
• Feather: Media field confusing label when no media item selected (FP)
• MVC Forms: Changing the FieldName value will cause the form to crash in a page (FP)
• Feather Forms: Cannot submit if one form is using Ajax Submit and other form is not (FP)
• Feather: Change Password Url Action is case sensitive
• Feather: MVC Widget templates of a Dynamic module disappear after any change is made in the template (FP)
• Feather: SfPlaceHolder inside a PartialView doesn`t render (FP)
• Feather: MVC Calendar - Events won't appear on page with URL contains special characters (FP)
• Feather: After upgrade there is NullReferenceException thrown if page is open for edit of non-default culture 
• Feather: Filter search results by view permissions not working (FP) 
• Feather: Angular error while editing Image Widget (FP)
• Feather: MVC Form: Does not sync with Marketo when AjaxSubmit is used (FP)
• Twitter feed widget uses http:// protocol for the user avatar image when the page requires SSL (FP)
• Module builder permissions: Breaking permissions inheritance for dynamic content type for non-default provider doesn't work as expected (FP)
• Dynamic Module permissions for non-default providers: Delete permissions not working (FP)
• Pages: Restricted pages are retrieved by the service regardless the user permission to View the page (FP)
• Advanced settings: Cannot set Value of field definition element (FP)
• FormsControl: the selected form is not marked (FP)
• Content Block: Users are not able to select shared content block if one of the content block is with permission <View this content block> set to Administrators only
• Cannot edit Content blocks (both MVC and WebForms) using Inline Editing if the widget is from a template but “Editable on pages”. (FP)
• Responsive design Basic settings view broken (FP)
• Forums: Permalinks wrongly generated when different Forums widgets placed in different pages (FP)
• Publishing images in another language from the More actions menu does not translate the images properly (FP)
• Fedex shipping provider: PackagingType is not included in the XML that is send to Fedex service
• User Profile widget: Edit view shows cached data if page is Output cached (FP)
• Events: Calendars from different provider are not displayed in Events widget > Narrow selection by calendars
• Events: Unable to add event to calendar using 'iCal' in iOS and Safari (FP)
• Page URL of the imported translations is not validated (FP)
• Ecommerce: Broken links in custom LongText fields (FP)
• Unlicensed modules are with status "Failed" after the project is created (FP)
• Items with different values of long text field in default culture and in invariant culture are modified on checkout (FP)
• URLRulesClient does not work (FP)
• Unable to place widgets on page (FP)
• Analytics: Permissions user list paging returning different number of users on each page
• Fluent API for pages allows deletion of all widgets in the whole site (FP)
• Sitefinity "Cannot save file:[Row not found: GenericOID]" error when uploading large file to Amazon S3 (FP)
• Content items: It is not possible to delete an item (News, Blog post, Dynamic module, etc.) when accessing to its Edit vew from the Dashboard (FP)
• Inline editing adding style to links (FP)
• Feather: MVC forms Success/Error message cannot be customized
• Feather: Performance improvements for Dynamic modules
• Multiple MVC AJAX Forms on the same page create entry in the wrong form (FP) 
• MVC Navigation overlaps the subpages after sub-level 3 (FP)
• Labels: Deleting a label from Labels and Messages page in the backend will open a 404 message (FP)
• Additional URLs with a path for child pages throw 404 (FP)
• Reordering of  images in content item on Chrome escape the cursor position (FP)
• Editing Pages backend page shows a widget with Object Reference error (FP)
• Documents from the recycle bin downloaded (FP)
• Chrome: HTML field height overlap in Designer (FP)
• REST services help page is now configurable through web.config. In order to enable help page which is disabled by default you need to add the following code in endpointBehaviors section in web.config  <webHttp helpEnabled="true" />
• "File not found" error when deleting media items (FP)
• Selectors: Link selector not removing sfref attribute from anchor tag (FP)
• WebServices: Choices field checkboxes throwing "Operation is not valid" error (FP)
• Form subscription does not permit emails with a top level domain of 5 characters or more (FP)
• SiteSync: Page permissions are synced although sync of permissions is disabled
• Pages: Unpublished Page in Multilingual staying in Navigation (FP)
• Forms: Fields cannot be identified by field name in form responses
• "Allow site search to index this page" requires re-index (FP)
• Kendo: Unknown DataSource transport type 'json' in the backend (FP)
• Revision history does not work after upgrade to Internal Build of 9.2 (FP)
• Module Builder Dashboard generates wrong url when "Enable non-default Site URL Settings" is activated (FP)
• SiteSync status page is blank ("The added or subtracted value results in an un-representable DateTime")
• Changing parent page URL causes some child URLs to become the same as their additional URLs
• Synchronizing a page that publishes and unpublishes at specific time is not working (FP)
• Time picker disappears when content item is a child (FP)
• RadEditor's LinkSelector does not work correctly on links inserted through the HTML editor (FP)
• When Sitefinity is sub-folder and custom error page is under https the status page do not redirect to the home page after initialization (FP)
• LibraryHttpHandler: WriteEntireResponse does not work when serving items from blob storage 

Known issues in the beta release

• Authentication: LDap user without email does not work in Sitefinity
• Authentication: When user is logged in Sitefinity, not in STS, and try to logout it from Logout link in Sitefinity, the browser redirects multiple times and is not responding
• SiteSync: Random URL (EN or BG) in summary error message for duplicate urls in multilingual mode
• SiteSync: Resourses labels are not synced correctly
• MVC Language selector doesn't  work in frontend when you are not logged in 
• MVC calendar widget - Agenda view is not displaying all day events properly

Lots of great stuff here! I'm looking forward to trying them out. Content import/export and the new sign-on options probably are my favorites. Plus lots of bug fixes!

Some of your FP links are trying to link to tpdogfood instead of the public Feedback Portal, though.

We're also eager to start using v. 10 in some of our projects.
Lot's of awesomeness in there for us.

Any date on when v. 10 is going to be production ready?
I guess early March?

What about the new angular backend? Postponed again?

OC, we will release more details on the new Sitefinity backend after the Sitefinity 10 release, which is planned for the week of March 13, 2017. Pavel, this answers your question on the release date.

@Ivan\@Anton

Re: Auth

Are there any docs for extending or integrating custom rules?  We need GoogleAuth here (on an apps domain), but on success we need to then run a couple checks on a custom DB before allowing that login... is there a method to allow for this?

Hi Steve,

The documentation about how to implement a custom provider (or extend a current one) is still not released. We are working on it. I will check the codebase for you and let you know what kind of solution you could use.

Regards,

Peter

Hello. As the official documentation is still not ready here is a sample how to achieve this: CustomExternalAuthentication

Basically you need to create your own AuthenticationProvider deriving from one of our provider classes (SitefinityGoogleAuthenticationProvider, SitefinityFacebookAuthenticationProvider, etc. ), which provide several overridable methods. Then to register this provider you need to override the AuthenticationProvidersInitializer class and put the custom initializer into the ObjectFactory.

Please, let us know if this is enough to achieve what you want.

Regards,

Viktor

@Viktor

Looks perfect, much more readable than the current Git repo for social auth :)

• Placeholder text on the backend login form is still "Email or username"
• Why does the health check 404 when the site finishes bootstrapping?
• Docs for creating custom checks?  ...assume I could decompile to find out how, but docs would be nicer :)
• Criticality doc missing off the link on the page docs.sitefinity.com/overview-health-check-service
• Would be nice for Warmup to have a default useragent specified so I didnt have to manually add one
• ...warmup doesn't seem to do anything, am I missing how to set it up?  I followed the docs, recycle the site.  Click on the pages in the sitemap and they all still take a few seconds to load... clicking back to them once I have already gone in they are instant so I can see that the page is not "warm"
• How can we specify backend pages to warm up, can that be OOTB?

Does the MVC-based Widgets Tracking include custom developed MVC widgets or just OOB widgets?  If not is there code snippets we can add to custom MVC widgets to get them communicating with DEC?

Regarding:

"MVC-Based Widgets Tracking
All MVC-based widgets in the CMS can now send data to the Digital Experience Cloud out of the box..."

Hello,

i've found a bug in this beta.

I don't know if this bug is already in a previous release. If you create a form you can't select the form with the "old" built in Form Control. You get no error. The control designer loads and show the standard empty text: "No records to display."

The "new" built in feather control works.

Another question: How can i map a Sitefinty role to new Google/Facebook users.

Is there a documentation you can provide us?

Kind Regards

Emanuel

An further question: Why the Sitefinity Site Shield is not working.

Can this due to my localhost adresses?

Hi,

I have tested the Beta release locally and everything is working at my end. Could you please elaborate more on your problem? What exactly is not working. Could you hide the web site? If you use smtp4dev tool, could you examine the access emails?

Regards,
Peter

Hi,

I installed your beta version and try to configure a SSO like your documentation specify:

docs.sitefinity.com/administration-configure-single-sign-on-with-sitefinity-cms-as-sts

I receive a error "Invalid JSON primitive" on the sitefinity client after the login

My configuration:

I installed 2 sitefinity version 10. All in localhost with SQL Express. One is the CMS STS and the second is the client. I don't use https.

Can you tell me why I receive this error?

One point  I don't understand the documentation for the configuration of the CMS STS about the 4 paragraph: "In the left pane, click Security and in ValidationKey, enter the key that you copied in Step 16 of the above procedure."

But If I have multiple Sitefinity client which key must be copied ???

Hi. This error normally happens when the client application cannot obtain the metadata from the STS due to miscofiguration. I checked the documentation and it appears to have some incorrect points:

• Point 3 - In Issuer, enter the full URL to the STS, concatinated by /Sitefinity/Auth - the path actually depends on the ServicePath configured in Settings -> Advanced -> Authentication -> SecurityTokenService. By default it's '/Sitefinity/Authenticate/OpenID', not '/Sitefinity/Auth'. You can change it to anything you want or leave it with the default value. This is the most probable reason for the error mentioned.
• Regarding the Validation key - actually the Validation key from the STS should be copied to any client application, not the way around
• Also there is another encryption key that should be copied too. In Advanced settings -> Authentication copy the EncryptionKey from the STS to any client application.
• Moreover, in the STS when configuring the client you may need to configure the RedirectUris and PostLoggoutRedirectUris. Add the allowed redirect URLs for the specified client, for example 'http://myclientapp.com/'

Let me know if you managed to configure the SSO

Hello. Regarding your question about the Sitefinity roles for new Google/Facebook users there is a setting in Settings -> Advanced -> Authentication -> SecurityTokenService -> AuthenticationProviders. Select the provider and there is a setting 'Auto assigned roles'. Keep in mind that this roles will be assigned only for new users

Hi Viktor,

No I have anymore the error but on the Client website when I'm log-in I can enter what I want like username password. And he display the user of the CMS STS. And I cannot go to the backend of the client ?!?

Something is strange with this configuration. What I want is simple:

A sitefinity website he would be the CMS STS  and a other sitefinity website he would be the client.

When I log-in on the client he check if the user exist into the CMS STS if yes I'm log-in and I can see the backend of the Client CMS.

Can you please describe me step by step the correct procedure to do that?

Thanks

Regards,

Viktor,

I create a new client and follow again step by step the SSO configuration now I receive this error when I want login to my  new client (see screenshot)

Regards,

[quote]Richard said:

Does the MVC-based Widgets Tracking include custom developed MVC widgets or just OOB widgets?  If not is there code snippets we can add to custom MVC widgets to get them communicating with DEC?

Regarding:

"MVC-Based Widgets Tracking
All MVC-based widgets in the CMS can now send data to the Digital Experience Cloud out of the box..."

[/quote]

Hi Richard,
What we mean with this item is that all out-of-the-box MVC widgets are now covered with the same tracking as web forms, since previously some MVC widgets were lacking the tracking functionality provided in web forms widgets.
If you extend any of them and replace the views and scripts, the server-side events will still work as long as the logic in the overriden model base methods is not skipped. The client-side tracking will also work as long as the calls performed by the DEC JavaScript SDK are still there. You can find more information on the tracking events here: docs.sitefinity.com/.../understand-the-connector-built-in-tracking-event-handlers
For new custom widgets, you would have to utilize the DEC JavaScript SDK or .NET SDK additionally in order to configure the necessary tracking.
I hope that helps,
Ivailo

[quote]Francis Kienlen said:
Viktor,
I create a new client and follow again step by step the SSO configuration now I receive this error when I want login to my  new client (see screenshot)

Regards,
[/quote]

Hi. Can you enable the logging for the STS from Advanced settings -> SecurityTokenService -> IdentityServer. This will log the actual error in the Authentication log. Normally this happens when something is still not properly configured.

Also, does this happen before or after you enter your credentials?

Hi Viktor,

This log help me there's a little bit a mistake from me (clientid was wrong) and that was after I enter the credentials.

Now I have this situation:

- When the STS is login-in with the admin user I can use any CMS Client with  any username or password and I'm log-in why?

- When the STS is logout and when I use one of my CMS Test Client and log-in I receive a unexpected error windows "something went wrong"

I send you into the attachment my authentication log files from the CMS STS

Can you please tell me why I have this issue?

Thanks

Did you copy the EncryptionKey from the STS application to the client one located in Advanced settings -> Authentication? Because the error you get is that there is a problem with the decryption of the data sent from the client to the STS. Make sure to restart the application after updating the settings.

Right I don't copy the EncryptionKey now it's good and also updated correctly in Documentation '-)

Now my new questions:

When I log-in at first to CMS STS and when I go to the CMS Client and click on login link I see the  input box of log-in and here I can enter what I want... It's possible to be log-in immediately without see login widget? (see attachement)

And most important how can I go to the backend from my CMS Client for create/editing pages (not the CMS STS backend)?

Hi Viktor,

I found this issue, he comes from the name of the provider. A blank space was insert at the end. I fix it.

He would be fine to insert a comment from the doc before the paragraph 18 to restart the IIS because the membership provider isn't see the first time from administration / users

NEW Question:

I have a CMS STS website

I have a first client CMS TEST1 and I have a second client CMS TEST2 configure with CMS STS.

When I'm logout from CMS TEST1 I want also that CMS TEST2 is also logout how can I do that?

Glad to hear that you managed to make it work.

Regarding your question, what you want is Single Sign-Out which unfortunately is currently not supported. It may be logged as a Feature Request. 

Error in Sitefinity Nuget on updating?

I'm not able to update projects with Progress.Sitefinity.Authentication. It refers to Telerik.Sitefinity.OpenAccess version 10.0.6400.0, but the correct version there should be 2016.2.822.1 ?

Hi Viktor,

I have a CMS STS website and a CMS client website. I configure for SSO. The login widget is on my Client CMS but the registration widget is a redirection and come from my CMS STS.

When someone is registered the user is created into the Database of CMS STS automatically that is normal and I can see the provider into my CMS Client.

It's possible to have a real copy at the same time on the local DB of the CMS Client? So I can in future separate my CMS Client from my CMS STS.

If I understand you right, you want to have the same user in both Databases (CMS STS and CMS Client)? This is not recommended, as it will lead to duplicate users and this can make the authentication behave incorrectly.

My problem is when in future I want that the CMS Client want be standalone (not more attach to a CMS STS) how can I find my users.

Especially If I have more than one CMS Client attach to a CMS STS. I want backup my user for each CMS client.

Have you a solution for that?

Login form still shows "Email or username" on the live SF10 instance eh, there is no more "Or" when they are one in the same right?

Hello OC,

From what I gather you are trying to update a project which references Sitefinity 10.0.6350.0-beta packages. If this is the case could you please try removing them completely using the following command in the Package Manager Console:

Afterwards try installing the latest NuGet packages once again.

Hi Steve,

You have one field on the user registration but under the hood it is used to fill both username and email (this way they are the same).

For upgraded projects (or users created with API - e.g. importing users from other system or using custom registration widget) you will have the ability to have different values for username and email. That's the reason the login widget allows using email or username.

If you setup brand new Sitefinity 10.0 and use the standard widgets - the new users will use email only.

Best Wishes,

Dimitar

Hello there, 

We released official version of 10.0 on March 15. I'm closing the BETA thread now. We have multiple fixes between the beta and official release.

Please use "SITEFINITY" forums instead "SITEFINITY EARLY PREVIEW" for further questions. 

BR,

Ivan