something to know: 2018

Thursday, December 27, 2018

Sitecore Security for SXA Projects

Every new website requires some level of security configuration before launch. In this article we see one possible solution to applying security to sites built with the Sitecore Experience Accelerator (SXA).

Please note that the following scripts were written before the SXA module included scripts to manage security. I encourage you to evaluate those included out-of-the-box.

Role Configuration

Let's have a look at how the security will be setup for each tenant.

Each tenant will be organized by the company name. Companies have their own domain.
At least three of the six roles exist for all tenants (Admin, Editor, Developer). Each role inherits from a Base role (Sitecore Client Authoring, Sitecore Client Users) so they can login and manage content.

Tenant roles mapped to Sitecore roles

Running the script will present the user with a dialog like the following:

Dialog before security settings are applied

The dialog lists all of the available SXA tenants as well as any additional domains configured using the switching provider. This can be very helpful when using the Active Directory module because those users are not in the same domain as the tenant.

Show ribbon button using rules

Script Highlights

Let's walkthrough what changes are applied by the script.

Results output after completion

Site - Admin role granted access to help cleanup after users.
Home - Base role granted access to manage content.
Overlay - Admin role allowed to manage overlay content.
Data - Base role granted access to manage grandchildren. Prevents users from deleting global folders.
Media - Base role granted access to manage available media library folders.
Media Library - Base role granted access to manage media for this site.
Presentation - Developer role granted access to manage Rendering Variants, Partial Designs, etc.
Theme - Developer role granted access to manage media for this theme.
Data Templates - Developer role granted access to manage data templates.
Publishing Targets - Editor role granted access to publish to any target.
Languages - Everyone role granted access to read/write to all languages. This includes the tenant domain and additional domains selected.
System Settings - Developer role granted access to manage Modules, Settings, Tasks, and Workflows.

This will of course not cover the granularity that your company requires, but should provide you with a framework for crafting a tool for your own needs.

Hope this inspires you to build something great and share with the community.

The Scripts

	$allowItemProps = @{
	PropagationType = [Sitecore.Security.AccessControl.PropagationType]::Entity
	SecurityPermission = [Sitecore.Security.AccessControl.SecurityPermission]::AllowAccess
	}

	$allowDescendantsProps = @{
	PropagationType = [Sitecore.Security.AccessControl.PropagationType]::Descendants
	SecurityPermission = [Sitecore.Security.AccessControl.SecurityPermission]::AllowAccess
	}

	function New-AccessRuleList {
	[CmdletBinding()]
	[OutputType("System.Collections.Generic.List[Sitecore.Security.AccessControl.AccessRule]")]
	param(
	[string]$Identity,
	[string[]]$AccessRule,
	[Sitecore.Security.AccessControl.PropagationType]$PropagationType,
	[Sitecore.Security.AccessControl.SecurityPermission]$SecurityPermission
	)

	$list = New-Object "System.Collections.Generic.List[Sitecore.Security.AccessControl.AccessRule]"
	foreach($rule in $accessrule) {
	$list.Add((New-ItemAcl -Identity $Identity -AccessRight $rule -PropagationType $PropagationType -SecurityPermission $SecurityPermission))
	}

	@(,$list)
	}

view raw 01-New-AccessRuleList.ps1 hosted with ❤ by GitHub

	Import-Function -Name New-AccessRuleList

	function Setup-SystemSecurity {
	Write-Host "[System Settings Security]" -Foreground Yellow

	$realEveryone = "\Everyone"
	$virtualDataItem = Get-Item -Path "master:" -ID "{9700DC24-8969-4638-ACC3-34D54335829E}"
	Write-Information "[A] $($virtualDataItem.ItemPath)"
	$accessRules = New-Object Sitecore.Security.AccessControl.AccessRuleCollection
	$accessRules.AddRange((New-AccessRuleList -Identity $realEveryone -AccessRule item:create @allowItemProps))
	$virtualDataItem \| Add-ItemAcl -AccessRules $accessRules

	$developerRole = "sitecore\Developer"
	$accessRules = New-Object Sitecore.Security.AccessControl.AccessRuleCollection
	$accessRules.AddRange((New-AccessRuleList -Identity $developerRole -AccessRule item:create,item:write,item:rename,item:delete @allowDescendantsProps))

	$modulesItem = Get-Item -Path "master:" -ID "{08477468-D438-43D4-9D6A-6D84A611971C}"
	Write-Information "[A] $($modulesItem.ItemPath)"
	$modulesItem \| Add-ItemAcl -AccessRules $accessRules

	$settingsItem = Get-Item -Path "master:" -ID "{087E1EA5-6280-4575-9E70-85B588DB91B2}"
	Write-Information "[A] $($settingsItem.ItemPath)"
	$settingsItem \| Add-ItemAcl -AccessRules $accessRules

	$tasksItem = Get-Item -Path "master:" -ID "{EF58CA2C-3E59-44E0-82C1-97FF9B98535F}"
	Write-Information "[A] $($tasksItem.ItemPath)"
	$tasksItem \| Add-ItemAcl -AccessRules $accessRules

	$workflowItem = Get-Item -Path "master:" -ID "{05592656-56D7-4D85-AACF-30919EE494F9}"
	Write-Information "[A] $($workflowItem.ItemPath)"
	$workflowItem \| Add-ItemAcl -AccessRules $accessRules
	}

view raw 02-Setup-SystemSecurity.ps1 hosted with ❤ by GitHub

	Import-Function -Name New-AccessRuleList

	function Setup-PublishingTargetSecurity {
	param(
	[ValidateNotNullOrEmpty()]
	[string]$Role
	)
	Write-Host "[System Publishing Target Security]" -Foreground Yellow

	$targets = Get-ChildItem -Path "master:" -ID "{D9E44555-02A6-407A-B4FC-96B9026CAADD}"
	$accessRules = New-Object Sitecore.Security.AccessControl.AccessRuleCollection
	$accessRules.AddRange((New-AccessRuleList -Identity $Role -AccessRule item:write @allowItemProps))
	$targets \| Add-ItemAcl -AccessRules $accessRules
	}

view raw 03-Setup-PublishingTargetSecurity.ps1 hosted with ❤ by GitHub

	Import-Function -Name New-AccessRuleList

	function Setup-LanguageSecurity {
	param(
	[ValidateNotNullOrEmpty()]
	[string]$Domain
	)

	$roleEveryone = "$($domain)\Everyone"

	Write-Host "[Language Security]" -ForegroundColor Yellow
	$languageItem = Get-Item -Path "master:\system\languages"
	Write-Information "[A] $($languageItem.ItemPath) - $($domain)"
	$accessRules = New-Object Sitecore.Security.AccessControl.AccessRuleCollection
	$accessRules.AddRange((New-AccessRuleList -Identity $roleEveryone -AccessRule language:read,language:write @allowItemProps))
	$accessRules.AddRange((New-AccessRuleList -Identity $roleEveryone -AccessRule language:read,language:write @allowDescendantsProps))
	$languageItem \| Add-ItemAcl -AccessRules $accessRules
	}

view raw 04-Setup-LanguageSecurity.ps1 hosted with ❤ by GitHub

	Import-Function -Name New-AccessRuleList

	function Setup-TenantSecurity {
	[CmdletBinding()]
	param(
	[ValidateNotNullOrEmpty()]
	[string]$Company,
	[ValidateNotNullOrEmpty()]
	[string]$Tenant,
	[ValidateNotNullOrEmpty()]
	[string]$Site
	)

	$tenantPath = "master:\content\$($Company)\$($Tenant)"
	$tenantMediaPath = $tenantPath = "master:\media library\project\$($Company)\$($Tenant)"
	$sitePath = "master:\content\$($Company)\$($Tenant)\$($Site)"
	$siteMediaPath = "master:\media library\project\$($Company)\$($Tenant)\$($Site)"

	$domainName = $Company.ToLower()
	$roleBase = "$($domainName)\Base"
	$roleAdmin = "$($domainName)\Admin"
	$roleAuthor = "$($domainName)\Author"
	$roleDesigner = "$($domainName)\Designer"
	$roleDeveloper = "$($domainName)\Developer"
	$roleEditor = "$($domainName)\Editor"
	$roleFrontEnd = "$($domainName)\Front End"
	$roleEveryone = "$($domainName)\Everyone"

	$siteItem = Get-Item -Path $sitePath
	if($siteItem -eq $null){
	Write-Host "Not in site scope"
	exit
	}

	$tenantItem = Get-Item -Path $tenantPath
	if((Get-Domain -Name $domainName -ErrorAction SilentlyContinue) -eq $null){
	Write-Host "Domain does not exist!"
	exit
	}

	# Create roles if missing

	if(-not(Get-Role -Identity $roleBase -ErrorAction 0)) {
	New-Role -Identity $roleBase > $null
	Add-RoleMember -Identity "sitecore\Sitecore Client Authoring" -Members $roleBase
	Add-RoleMember -Identity "sitecore\Sitecore Client Users" -Members $roleBase
	}

	if(-not(Get-Role -Identity $roleAdmin -ErrorAction 0)) {
	New-Role -Identity $roleAdmin > $null
	Add-RoleMember -Identity "sitecore\Sitecore Local Administrators" -Members $roleAdmin
	Add-RoleMember -Identity $roleBase -Members $roleAdmin
	}

	if(-not(Get-Role -Identity $roleDeveloper -ErrorAction 0)) {
	New-Role -Identity $roleDeveloper > $null
	Add-RoleMember -Identity "sitecore\Developer" -Members $roleDeveloper
	Add-RoleMember -Identity "sitecore\Sitecore Client Advanced Publishing" -Members $roleDeveloper
	Add-RoleMember -Identity $roleBase -Members $roleDeveloper
	}

	if(-not(Get-Role -Identity $roleEditor -ErrorAction 0)) {
	New-Role -Identity $roleEditor > $null
	Add-RoleMember -Identity "sitecore\Author" -Members $roleEditor
	Add-RoleMember -Identity "sitecore\Designer" -Members $roleEditor
	Add-RoleMember -Identity "sitecore\Sitecore Client Publishing" -Members $roleEditor
	Add-RoleMember -Identity $roleBase -Members $roleEditor
	}

	$roleDesignerExists = $true
	if(-not(Get-Role -Identity $roleDesigner -ErrorAction 0)) {
	$roleDesignerExists = $false
	}

	$roleFrontEndExists = $true
	if(-not(Get-Role -Identity $roleFrontEnd -ErrorAction 0)) {
	$roleFrontEndExists = $false
	}

	Write-Host "[Site Security]" -ForegroundColor Yellow
	Write-Information "[A] $($siteItem.ItemPath)"
	$accessRules = New-Object Sitecore.Security.AccessControl.AccessRuleCollection
	$accessRules.AddRange((New-AccessRuleList -Identity $roleAdmin -AccessRule item:read,item:write,item:create @allowItemProps))
	$accessRules.AddRange((New-AccessRuleList -Identity $roleAdmin -AccessRule item:read,item:write,item:create,item:rename,item:delete @allowDescendantsProps))
	$siteItem \| Set-ItemAcl -AccessRules $accessRules

	$homeItem = Get-Item -Path "$($sitePath)\Home"

	Write-Host "[Home Security]" -ForegroundColor Yellow
	Write-Information "[A] $($homeItem.ItemPath)"
	$accessRules = New-Object Sitecore.Security.AccessControl.AccessRuleCollection
	$accessRules.AddRange((New-AccessRuleList -Identity $roleBase -AccessRule item:read,item:write,item:create @allowItemProps))
	$accessRules.AddRange((New-AccessRuleList -Identity $roleBase -AccessRule item:read,item:write,item:create,item:rename,item:delete @allowDescendantsProps))
	$homeItem \| Set-ItemAcl -AccessRules $accessRules

	Write-Host "[Overlay Security]" -ForegroundColor Yellow
	$overlayFolderTemplateId = "{D7BFFBE5-DAD8-4137-85DE-28013313F72F}"
	foreach($overlayItem in $homeItem.Children \| Where-Object { $_.TemplateID -eq $overlayFolderTemplateId }) {
	Write-Information "[A] $(($overlayItem \| Initialize-Item).ItemPath)"
	$accessRules = New-Object Sitecore.Security.AccessControl.AccessRuleCollection
	$accessRules.AddRange((New-AccessRuleList -Identity $roleBase -AccessRule item:read,item:create @allowItemProps))
	$accessRules.Add((New-ItemAcl -Identity $roleBase -AccessRight * -PropagationType Entity -SecurityPermission DenyInheritance))
	$overlayItem \| Set-ItemAcl -AccessRules $accessRules

	$accessRules = New-Object Sitecore.Security.AccessControl.AccessRuleCollection
	$accessRules.AddRange((New-AccessRuleList -Identity $roleAdmin -AccessRule item:read,item:write,item:rename,item:create,item:delete @allowItemProps))
	$accessRules.AddRange((New-AccessRuleList -Identity $roleAdmin -AccessRule item:read,item:write,item:rename,item:create,item:delete @allowDescendantsProps))
	$overlayItem \| Set-ItemAcl -AccessRules $accessRules
	}

	Write-Host "[Data Security]" -ForegroundColor Yellow
	$dataItem = Get-Item -Path "$($sitePath)\Data"
	$dataFolders = gci -path $dataItem.Paths.Path -Language $dataItem.Language.Name
	foreach($dF in $dataFolders){
	Write-Information "[A] $($dF.ItemPath)"
	$accessRules = New-Object Sitecore.Security.AccessControl.AccessRuleCollection
	$accessRules.AddRange((New-AccessRuleList -Identity $roleBase -AccessRule item:create @allowItemProps))
	$accessRules.AddRange((New-AccessRuleList -Identity $roleBase -AccessRule item:read,item:write,item:rename,item:create,item:delete @allowDescendantsProps))
	$dF \| Set-ItemAcl -AccessRules $accessRules
	}

	Write-Host "[Media Security]" -ForegroundColor Yellow
	$siteMediaItem = Get-Item -Path "$($sitePath)\Media"
	Write-Information "[A] $($siteMediaItem.ItemPath)"
	$accessRules = New-Object Sitecore.Security.AccessControl.AccessRuleCollection
	$accessRules.AddRange((New-AccessRuleList -Identity $roleBase -AccessRule item:create @allowItemProps))
	$accessRules.AddRange((New-AccessRuleList -Identity $roleBase -AccessRule item:read,item:write,item:rename,item:create,item:delete @allowDescendantsProps))
	$siteMediaItem \| Set-ItemAcl -AccessRules $accessRules

	Write-Host "[Media Library Security]" -ForegroundColor Yellow
	$siteMediaLibraryRoot = Get-Item -Path $siteMediaPath
	Write-Information "[A] $($siteMediaLibraryRoot.ItemPath)"
	$accessRules = New-Object Sitecore.Security.AccessControl.AccessRuleCollection
	$accessRules.AddRange((New-AccessRuleList -Identity $roleBase -AccessRule item:create @allowItemProps))
	$accessRules.AddRange((New-AccessRuleList -Identity $roleBase -AccessRule item:read,item:write,item:rename,item:create,item:delete @allowDescendantsProps))
	$siteMediaLibraryRoot \| Set-ItemAcl -AccessRules $accessRules

	$tenantMediaLibrarySharedFolder = Get-Item -Path "$($tenantMediaPath)\shared"
	Write-Information "[A] $($tenantMediaLibrarySharedFolder.ItemPath)"
	$accessRules = New-Object Sitecore.Security.AccessControl.AccessRuleCollection
	$accessRules.AddRange((New-AccessRuleList -Identity $roleBase -AccessRule item:create @allowItemProps))
	$accessRules.AddRange((New-AccessRuleList -Identity $roleBase -AccessRule item:read,item:write,item:rename,item:create,item:delete @allowDescendantsProps))
	$tenantMediaLibrarySharedFolder \| Set-ItemAcl -AccessRules $accessRules

	Write-Host "[Presentation Security]" -ForegroundColor Yellow
	$presentationItem = Get-Item -Path "$($sitePath)\Presentation"
	$presentationChildren = Get-ChildItem -Path $presentationItem.Paths.Path -Language $presentationItem.Language.Name
	foreach($pC in $presentationChildren){
	Write-Information "[A] $($pC.ItemPath)"
	if($roleDesignerExists) {
	$accessRules = New-Object Sitecore.Security.AccessControl.AccessRuleCollection
	$accessRules.AddRange((New-AccessRuleList -Identity $roleDesigner -AccessRule item:create,item:write @allowItemProps))
	$accessRules.AddRange((New-AccessRuleList -Identity $roleDesigner -AccessRule item:read,item:write,item:rename,item:create,item:delete @allowDescendantsProps))
	$pC \| Set-ItemAcl -AccessRules $accessRules
	}

	$accessRules = New-Object Sitecore.Security.AccessControl.AccessRuleCollection
	$accessRules.AddRange((New-AccessRuleList -Identity $roleDeveloper -AccessRule item:create,item:write @allowItemProps))
	$accessRules.AddRange((New-AccessRuleList -Identity $roleDeveloper -AccessRule item:read,item:write,item:rename,item:create,item:delete @allowDescendantsProps))
	$pC \| Set-ItemAcl -AccessRules $accessRules

	if($roleFrontEndExists) {
	$accessRules = New-Object Sitecore.Security.AccessControl.AccessRuleCollection
	$accessRules.AddRange((New-AccessRuleList -Identity $roleFrontEnd -AccessRule item:create,item:write @allowItemProps))
	$accessRules.AddRange((New-AccessRuleList -Identity $roleFrontEnd -AccessRule item:read,item:write,item:rename,item:create,item:delete @allowDescendantsProps))
	$pC \| Set-ItemAcl -AccessRules $accessRules
	}
	}

	Write-Host "[Theme Security]" -ForegroundColor Yellow
	$sourcePresPath = "/sitecore/media library/Themes/$($domainName)/$($tenantItem.Name)//*[@@templatename='Theme']"
	$tenantThemes = Get-Item -Path "master:" -Query $sourcePresPath -Language $tenantItem.Language.Name \| Initialize-Item
	foreach($tTheme in $tenantThemes){
	Write-Information "[A] $($tTheme.ItemPath)"
	$accessRules = New-Object Sitecore.Security.AccessControl.AccessRuleCollection
	$accessRules.AddRange((New-AccessRuleList -Identity $roleAdmin -AccessRule item:create,item:write @allowItemProps))
	$accessRules.AddRange((New-AccessRuleList -Identity $roleAdmin -AccessRule item:read,item:write,item:rename,item:create,item:delete @allowDescendantsProps))
	$tTheme \| Set-ItemAcl -AccessRules $accessRules

	$accessRules = New-Object Sitecore.Security.AccessControl.AccessRuleCollection
	$accessRules.AddRange((New-AccessRuleList -Identity $roleDeveloper -AccessRule item:create,item:write @allowItemProps))
	$accessRules.AddRange((New-AccessRuleList -Identity $roleDeveloper -AccessRule item:read,item:write,item:rename,item:create,item:delete @allowDescendantsProps))
	$tTheme \| Set-ItemAcl -AccessRules $accessRules

	if($roleFrontEndExists) {
	$accessRules = New-Object Sitecore.Security.AccessControl.AccessRuleCollection
	$accessRules.AddRange((New-AccessRuleList -Identity $roleFrontEnd -AccessRule item:create,item:write @allowItemProps))
	$accessRules.AddRange((New-AccessRuleList -Identity $roleFrontEnd -AccessRule item:read,item:write,item:rename,item:create,item:delete @allowDescendantsProps))
	$tTheme \| Set-ItemAcl -AccessRules $accessRules
	}
	}

	Write-Host "[Data Templates Security]" -ForegroundColor Yellow
	$settingsItem = Get-Item -Path "$($sitePath)\Settings"
	$tenantTemplatesItem = Get-Item master: -ID ($settingsItem.Fields['Templates'].Value)
	Write-Information "[A] $($tenantTemplatesItem.ItemPath)"
	$accessRules = New-Object Sitecore.Security.AccessControl.AccessRuleCollection
	$accessRules.AddRange((New-AccessRuleList -Identity $roleAdmin -AccessRule item:create @allowItemProps))
	$accessRules.AddRange((New-AccessRuleList -Identity $roleAdmin -AccessRule item:read,item:write,item:rename,item:create,item:delete @allowDescendantsProps))
	$tenantTemplatesItem \| Set-ItemAcl -AccessRules $accessRules

	if($roleFrontEndExists) {
	$accessRules = New-Object Sitecore.Security.AccessControl.AccessRuleCollection
	$accessRules.AddRange((New-AccessRuleList -Identity $roleFrontEnd -AccessRule item:create @allowItemProps))
	$accessRules.AddRange((New-AccessRuleList -Identity $roleFrontEnd -AccessRule item:read,item:write,item:rename,item:create,item:delete @allowDescendantsProps))
	$tenantTemplatesItem \| Set-ItemAcl -AccessRules $accessRules
	}

	$accessRules = New-Object Sitecore.Security.AccessControl.AccessRuleCollection
	$accessRules.AddRange((New-AccessRuleList -Identity $roleDeveloper -AccessRule item:create @allowItemProps))
	$accessRules.AddRange((New-AccessRuleList -Identity $roleDeveloper -AccessRule item:read,item:write,item:rename,item:create,item:delete @allowDescendantsProps))
	$tenantTemplatesItem \| Set-ItemAcl -AccessRules $accessRules
	}

view raw 05-Setup-TenantSecurity.ps1 hosted with ❤ by GitHub

	<#
	AccountType
	ar = Role
	au = User
	a?

	Propagation
	pd = Descendants
	pe = Entity
	p* = Any

	Rule Token
	! = Deny Inheritance
	+ = Allow Access
	- = Deny Access
	^ = Allow Inheritance
	#>

	$InformationPreference = "Continue"

	Import-Function -Name Setup-LanguageSecurity
	Import-Function -Name Setup-PublishingTargetSecurity
	Import-Function -Name Setup-SystemSecurity
	Import-Function -Name Setup-TenantSecurity

	$siteTemplateId = "{6669DC16-F106-44B5-96BE-7A31AE82B5B5}"
	$tenantTemplateId = "{215F8C54-68B3-4481-A20B-A5716F06081F}"
	$tenantFolderTemplateId = "{4F539F2E-9CF9-4453-8E82-3D13DED12AB3}"

	filter Where-IsSxaSite {
	$siteItemTemplateId = "{6669DC16-F106-44B5-96BE-7A31AE82B5B5}"

	$siteContext = $_
	if([string]::IsNullOrEmpty($siteContext.RootPath)) { return }
	$siteItem = Get-Item -Path $siteContext.RootPath
	if($siteItem -eq $null) { return }
	$isSxaSite = [Sitecore.Data.Managers.TemplateManager]::GetTemplate($siteItem).InheritsFrom($siteItemTemplateId)
	if($isSxaSite) {
	$siteItem
	}
	}

	$availableSiteItems = [Sitecore.Configuration.Factory]::GetSites() \| Where-IsSxaSite
	$siteLookup = @{}
	$availableSiteOptions = [ordered]@{}
	$availableSiteItems \| Foreach-Object {
	$title = "$($_.Parent.Parent.Name)\$($_.Parent.Name)\$($_.Name)"
	$availableSiteOptions["$($title)"] = $_.ID.ToString()
	$siteLookup[$_.ID.ToString()] = $_
	}

	$additionalDomainOptions = @{}
	foreach($domain in Get-Domain) {
	$mappedDomain = [System.Web.Security.Membership]::Providers["switcher"].Wrappers.DomainMap[$domain.Name]
	if($mappedDomain) {
	$additionalDomainOptions[$domain.Name] = $domain.Name
	}
	}

	$props = @{
	Parameters = @(
	@{Name="selectedSite"; Title="Choose an available site"; Tooltip="The selected site will have new security settings applied."; Options=$availableSiteOptions; }
	)
	Title = "Setup Tenant Security"
	Icon = "OfficeWhite/32x32/lock2.png"
	Description = "Updates security for the site item and children."
	Width = 450
	Height = 300
	ShowHints = $true
	}

	if($additionalDomainOptions.Keys.Count -gt 0) {
	$props.Parameters += @{Name="additionalLanguageDomainNames"; Title="Additional Domains"; Tooltip="Domains detected to be associated with the switching provider. Users that need access may be in one of these domains."; Options=$additionalDomainOptions; Editor="checklist"; }
	}

	$result = Read-Variable @props
	if($result -ne "ok") {
	exit
	}

	$siteItem = $siteLookup[$selectedSite]
	$tenantItem = $siteItem.Parent
	$tenantFolderItem = $tenantItem.Parent

	$isSiteInherited = [Sitecore.Data.Managers.TemplateManager]::GetTemplate($siteItem.TemplateId, $siteItem.Database).InheritsFrom($siteTemplateId)
	$isTenantInherited = [Sitecore.Data.Managers.TemplateManager]::GetTemplate($tenantItem.TemplateId, $tenantItem.Database).InheritsFrom($tenantTemplateId)
	$isTenantFolderInherited = [Sitecore.Data.Managers.TemplateManager]::GetTemplate($tenantFolderItem.TemplateId, $tenantFolderItem.Database).InheritsFrom($tenantFolderTemplateId)
	if($isSiteInherited -and $isTenantInherited -and $isTenantFolderInherited) {

	Setup-TenantSecurity -Company $tenantFolderItem.Name -Tenant $tenantItem.Name -Site $siteItem.Name
	Setup-PublishingTargetSecurity -Role "$($tenantFolderItem.Name.ToLower())\Editor"
	Setup-LanguageSecurity -Domain $tenantFolderItem.Name

	foreach($domainName in $additionalLanguageDomainNames) {
	Setup-LanguageSecurity -Domain $domainName
	}

	Setup-SystemSecurity

	Show-Alert -Title "Security configuration complete. <br/> Company: $($tenantFolderItem.Name) <br/> Tenant: $($tenantItem.Name) <br/> Site: $($siteItem.Name)"
	Show-Result -Text
	} else {
	Show-Alert -Title "There was a problem detecting which site to configure security. Should follow the structure Company -> Tenant -> Site."
	}

view raw 06-SecurityWizard.ps1 hosted with ❤ by GitHub

Tuesday, November 20, 2018

Thank You Community Leaders 2018

Another year to be thankful. There are so many people in the community that I learned from this past year. I appreciate the time and energy they invest into me and others that I thought recognizing them would be appropriate.

My wife and I celebrated the birth of our first baby (Bella). Was so awesome to be gifted with a baby onsie for Bella. She loved it!

Community Members

Below are some people I had the opportunity to learn more about this year.

Corey Smith - I really enjoy talking with this smart guy about Sitecore and SXA. I recall a phone call we once had about something I had been working on; so encouraging to hear his feedback. He too shared some really cool things with me and the community. His contributions to JSS have been phenomenal. One time he even shaved his mustache off for the benefit of a beloved community member. I look forward to seeing him succeed in 2019.

No mustache.
Una Verhoeven - What a renaissance woman! She achieved just about all the community badges possible in 2018. Exciting that she was honored with the MVP award this year. I look forward to hearing about her new job in 2019 and celebrating her new achievements.

Enjoying her vacation, not thinking about work.
Saad Ansari - Sitecore Sam has been so helpful this year. Nice to see someone invest time in crafting quality blog posts (with nice imagery). Always finds an opportunity to help answer questions. What a great future MVP.

Actual photo of Saad.
Neil Shack - One of the best examples of a generous person. He was handing out this super cool book of Sitecore tips like it was candy. So good. Was great getting to visit with him again at the Sitecore Symposium. Not a bad housemate either!

Thomas holding the book. Neil on the right.

Some other community members that I appreciate were shared in this previous post. Please read about it and tell them how much of a positive impact they had on you.

Final Thoughts

I encourage you to show your appreciation for those that have really helped you. Consider recommending those same people for Sitecore MVP. Also, try not to DM those people on Slack for support; stick to the group channels and only shift to the DM when they invite you to do so.

Monday, November 5, 2018

Override SXA Environment Site Resolver

In this very short post I demonstrate how to override the EnvironmentSiteResolver included with SXA to remove the use of fast queries.

This was tested on Sitecore 8.2.7 and SXA 1.7.0. Most of this is copied from the SXA library Sitecore.XA.Foundation.Multisite. I changed ResolveAllSites to call the local function GetContentItemsOfTemplate instead of the extension method. Then GetContentItemsOfTemplate calls the link database for items.

Thank you to my friend Corey Smith for his help in cleaning up the copy/paste mess that was in my initial version.

	44644 13:45:34 WARN [Unicorn] A Fast Query was performed and Unicorn had one or more configurations enabled that used Transparent Sync. Fast Query is not supported with Transparent Sync. Either stop using Fast Query (it's generally regarded as a bad idea in almost every circumstance), or disable Transparent Sync for all configurations.
	44644 13:45:34 WARN [Unicorn] The Fast Query was: //*[@@templateid = '{EDA823FC-BC7E-4EF6-B498-CD09EC6FDAEF}']
	44644 13:45:34 WARN [Unicorn] The call stack that made the Fast Query was: at Unicorn.Data.DataProvider.UnicornSqlServerDataProvider.QueryFast(String query, CallContext context)
	at Sitecore.Data.DataProviders.DataProvider.SelectIDs(String query, CallContext context, DataProviderCollection providers)
	at Sitecore.Data.DataManager.SelectItems(String query, Boolean& processed)
	at Sitecore.Data.DataManager.SelectItems(String query)
	at Sitecore.Data.DefaultDatabase.SelectItems(String query)
	at Scms.Foundation.Multisite.SiteResolvers.ScmsEnvironmentSitesResolver.<GetContentItemsOfTemplate>d__4.MoveNext()
	at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)
	at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)
	at Scms.Foundation.Multisite.SiteResolvers.ScmsEnvironmentSitesResolver.ResolveAllSites(Database database)
	at Sitecore.XA.Foundation.Multisite.Providers.SxaSiteProvider.GetSiteList()
	at Sitecore.XA.Foundation.Multisite.Providers.SxaSiteProvider.InitializeSites()
	at Sitecore.XA.Foundation.Multisite.Providers.SxaSiteProvider.GetSites()
	at System.Linq.Enumerable.<SelectManyIterator>d__17`2.MoveNext()
	at Sitecore.Sites.SiteCollection.AddRange(IEnumerable`1 sites)
	at Sitecore.Sites.SitecoreSiteProvider.GetSites()
	at Sitecore.Sites.DefaultSiteContextFactory.GetSites()
	at Sitecore.XA.Foundation.Multisite.SiteInfoResolver.get_Sites()
	at Sitecore.XA.Feature.Search.Pipelines.Initialize.InitializeRouting.Process(PipelineArgs args)
	at (Object , Object )
	...

view raw 00-UnicornFastQueryWarning.txt hosted with ❤ by GitHub

	using System;
	using System.Collections.Generic;
	using System.Linq;
	using Sitecore;
	using Sitecore.Configuration;
	using Sitecore.Data;
	using Sitecore.Data.Items;
	using Sitecore.Data.Managers;
	using Sitecore.Data.Templates;
	using Sitecore.Diagnostics;
	using Sitecore.XA.Foundation.Multisite;
	using Sitecore.XA.Foundation.Multisite.Comparers;
	using Sitecore.XA.Foundation.Multisite.SiteResolvers;

	namespace Scms.Foundation.Multisite.SiteResolvers
	{
	public class ScmsEnvironmentSitesResolver : IEnvironmentSitesResolver
	{
	private readonly IEnvironmentSitesResolver _environmentSitesResolver;

	public ScmsEnvironmentSitesResolver(IEnvironmentSitesResolver environmentSitesResolver)
	{
	_environmentSitesResolver = environmentSitesResolver;
	}

	public IList<Item> ResolveAllSites(Database database)
	{
	var objList = (database != null ? GetContentItemsOfTemplate(database, Templates.SiteDefinition.ID).ToList() : null) ??
	new List<Item>();
	objList.Sort(new TreeOrderComparer());
	return objList;
	}

	public IList<Item> ResolveEnvironmentSites(List<Item> sites, string environment)
	{
	return _environmentSitesResolver.ResolveEnvironmentSites(sites, environment);
	}

	public string GetActiveEnvironment()
	{
	return _environmentSitesResolver.GetActiveEnvironment();
	}

	public IList<string> ResolveEnvironments(IEnumerable<Item> sites)
	{
	return _environmentSitesResolver.ResolveEnvironments(sites); ;
	}

	public static IEnumerable<Item> GetContentItemsOfTemplate(Database database, ID templateId)
	{
	if (database == null) yield break;

	var selectedTemplate = TemplateManager.GetTemplate(templateId, database);
	if (selectedTemplate == null) yield break;

	var descendants = selectedTemplate.GetDescendants();
	var templateArray = new Template[1]
	{
	selectedTemplate
	};

	var templates = descendants.Concat(templateArray);
	var watch = new System.Diagnostics.Stopwatch();
	watch.Start();
	var linkDb = Globals.LinkDatabase;
	foreach (var template in templates)
	{
	var templateItem = database.GetItem(template.ID);
	var items = linkDb.GetReferrers(templateItem)
	.Select(link => link.GetSourceItem());
	foreach (var item in items.Where(item => item.Paths.IsContentItem)) yield return item;
	}

	watch.Stop();
	Log.Info($"Completed loading sites in {watch.ElapsedMilliseconds} ms.", typeof(ScmsEnvironmentSitesResolver));
	}
	}
	}

view raw 01-ScmsEnvironmentSitesResolver.cs hosted with ❤ by GitHub

	using Microsoft.Extensions.DependencyInjection;
	using Scms.Foundation.Multisite.SiteResolvers;
	using Sitecore.DependencyInjection;
	using Sitecore.XA.Foundation.Multisite;
	using Sitecore.XA.Foundation.Multisite.SiteResolvers;

	namespace Scms.Foundation.Multisite.Pipelines.IoC
	{
	public class RegisterServices : IServicesConfigurator
	{
	public void Configure(IServiceCollection serviceCollection)
	{
	serviceCollection.AddSingleton<IEnvironmentSitesResolver, ScmsEnvironmentSitesResolver>(sp =>
	{
	var innerResolver = new EnvironmentSitesResolver();
	return new ScmsEnvironmentSitesResolver(innerResolver);
	});
	}
	}
	}

view raw 02-RegisterServices.cs hosted with ❤ by GitHub

	<?xml version="1.0" encoding="utf-8" ?>
	<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/">
	<sitecore>
	<services>
	<configurator type="Scms.Foundation.Multisite.Pipelines.IoC.RegisterServices, Scms.Foundation.Multisite"/>
	<register serviceType="Sitecore.XA.Foundation.Multisite.SiteResolvers.IEnvironmentSitesResolver, Sitecore.XA.Foundation.Multisite"
	implementationType="Sitecore.XA.Foundation.Multisite.SiteResolvers.EnvironmentSitesResolver, Sitecore.XA.Foundation.Multisite" lifetime="Singleton">
	<patch:delete />
	</register>
	</services>
	</sitecore>
	</configuration>

view raw 03-Scms.Foundation.Multisite.config hosted with ❤ by GitHub

Monday, August 27, 2018

Little Book of Sitecore PowerShell Tips

My friend Neil Shack released an excellent series of books that every Sitecore enthusiast should have entitled The Little Book of Sitecore Tips. I am honored to be a technical reviewer in the second edition and very much appreciate him giving me the opportunity. In this post I share details about how I would like to release a sister series called The Little Book of Sitecore PowerShell Tips.

The Vision

The Sitecore PowerShell Extensions module is an amazing add-on available for Sitecore. Those using it would agree that it provides incredible flexibility and opportunity for feature development. Even the documentation is amazing. The user base for SPE stretches around the globe, with each individual bringing a unique perspective.

Since the module is built by the community, I would like to give the community an opportunity to help build a book of their best tips and tricks.

The Mission

Before a book can be published there needs to be content. While I may have some experience with SPE, I don't have all the best ideas about what tips and tricks mean the most to new and seasoned users of the module. I'm requesting that anyone that has used the module submit their best tips.

I would like the best tips to be included in the book, with credit to the submitter on the same page as the tip. Just think, if you submit a great tip your name could be published in the book!

The Plan

Please follow this link to submit your ideas. Once I have enough I'll organize them by most creative and helpful. I appreciate your help. Let's built something awesome!

Here's a picture of Neil.

Hi, this is Neil. Buy his books please. Thx.

Thursday, August 2, 2018

Sitecore Developer Trial License

The Sitecore Developer Trial Program was made available to .Net developers and students who do not have access to a customer or partner license with complimentary training. Here I share my story about how the Sitecore Community made an impact on my life and how the trial license can set you on a path for an even more amazing career.

My Story

Have you ever felt like there was something missing in your career? Perhaps something you could not quite put your finger on? I remember sitting at work, staring up at the ceiling, wondering… pondering whether the projects I worked on were satisfying and gave me a sense of fulfillment.

The three years prior had a gradual decline in things new, interesting, and challenging. Working as a developer it is too easy to become isolated, especially when you are the only person assigned on a project/working remote.

One morning I see a message arrive in my inbox stating that our company had access to a content management system, something I thought our company would never spend money on. At that time the Marketing Team managed the code deployments for the website; I'm sure you can image the problems that created. Surely a CMS could help change things; especially with a cool name like Sitecore.

Soon enough I was sent off to training in some fancy building that had a tiny deli. Most of the people in my class had already experienced Sitecore and were simply there for the certification. Little did I know the next 9 months would be the craziest and most rewarding time. Every day there was something new for me to learn.

In 2013 Sitecore Slack and Sitecore Stack Exchange did not exist, and no Dallas Sitecore user groups were organized. If I wanted to meet new people I had to start connecting with people that blogged or built open source modules. One day I stumbled across a little module on the Marketplace called Sitecore PowerShell Console, you may have heard of it. I had recently been diving deep into all things Windows PowerShell, and to see this module was such an exciting moment. I soon reached out to the genius behind it named Adam Najmanowicz. He's such a great guy and when I offered to make some contributions to the module he gladly accepted. As time went on my contributions to the module increased, as did my connection to the community.

Adam and Michael at Sitecore Symposium

My first Sitecore event was to the Sitecore SUGCON NA 2015. Akshay Sura helped make that event happen, and I'm very thankful that he did. Since then I've attended a few of the Sitecore Symposiums and Summits. These have been such memorable experiences, especially when the avatars you see every day come to life, with beards as large as their personalities.

Trial License

Something really exciting for me is to see new members join the community and build relationships.

Follow the link to signup for the Sitecore Developer Trial License. You get 60 days, which is a whole lot of time to learn and way more than other trials offer. You can apply for a second extension for another 60 days. Just think, in 4 months you could be well equipped to start a career as a Sitecore Developer! You should consider reading this post Getting Started Learning Sitecore as a starting point for your Sitecore journey. The Sitecore Developer Foundation eLearning is another free resource for you.

Here are some things you can explore with the trial license:

Sitecore 9

The newest version includes support for the newest Forms module and xConnect! Read more here on a summary following the 2017 Sitecore Symposium by Hammad; really nice and concise write up.

Sitecore Experience Accelerator (SXA)

Module for rapidly building websites with a ton of functionality included out of the box. I've really enjoyed working with the module. Even came up with some extensions for the community.

Sitecore JavaScript Services (JSS)

So much to love about JavaScript. The documentation site was even built using JSS!

JSS and SXA

Helix

Learn about how Sitecore recommends organizing solutions. This has forced me to rethink how I structure code and ensure I follow practices acceptable to other leaders in the community.

The trial license makes available features that even a Sitecore client may have not yet have access to.

Closing Thoughts

Crazy to think that it's been almost 3 years since Sitecore Slack was setup by my friend Akshay, now with more than 3800 members. Joining the Sitecore community has given new life to my career by helping me connect with an army of enthusiasts I would have not met otherwise. I hope by sharing my experiences you are encouraged to connect with others. At the end of the day, all that really matters are the relationships that you've built.

Sitecore Sam's Story - I really connected with Sam's story. You should read it too.
Catching Exceptions with Michael West

Wednesday, June 27, 2018

Sitecore Support May or May Not Have a GitHub Repo!

I heard from a little birdie that there may or may not be a repository of the git kind on the internet.

- Michael

Sunday, June 24, 2018

The Definitive Guide to siteCore xvNein Installation

Still working out the details.

- Michael

Wednesday, February 7, 2018

Access Reference Fields in SXA Rendering Variant

In this article I demonstrate how to create an NVelocity tool to access properties from a Sitecore ReferenceField.

As a followup to my post on building a custom tool in SXA, I wanted to share a new discovery which makes greater use of NVelocity.

If you have used Rendering Variants in SXA you may have come across the token $item. With this token you are able to access data on the page item. Rather than have the page contain all of the data, why not make use of a ReferenceField such as a droptree and get the data from that item.

Update 20180914: I started thinking about blogging a new article to discuss the use of Google Static Maps, but then remembered that this article shows the use of that! Once consideration to make is that the images could be lazy-loaded using some simple JavaScript if you wish to reduce hits against your API quota. In the Summer of 2018 Google started charging, so reducing this could help your company save some big bucks!

Location Page with Reference to POI

SXA provides a way to store Points of Interest (POI) and link to a page. In the following example, you can see that the My Location POI allows for a link to a page. I personally don't like relying on this direction of reference because I expect the page to either inherit from POI or reference a POI.

In my solution, I create a new field on the page called "POI" and link back to the POI. As you see below, the new field points back to the global data directory so the user can pick from an existing list of POIs.

I would imagine an automated process mapping the POI to a page, but that's a problem to solve for another day.

Build the Tool

Getting back to the item tool, we need to create a new method for accessing a reference field.

Create a tool called $itemFieldTool and then use it in the rendering variant.

	using Westco.Foundation.Variants.NVelocityExtensions;
	using Sitecore.XA.Foundation.Variants.Abstractions.Pipelines.GetVelocityTemplateRenderers;

	namespace Westco.Foundation.Variants.Pipelines.GetVelocityTemplateRenderers
	{
	public class AddTemplateRenderers : IGetTemplateRenderersPipelineProcessor
	{
	public void Process(GetTemplateRenderersPipelineArgs args)
	{
	args.Context.Put("itemFieldTool", new ItemFieldTool());
	}
	}
	}

view raw 01-AddTemplateRenderers.cs hosted with ❤ by GitHub

	using System;
	using Sitecore.Data.Fields;
	using Sitecore.Data.Items;

	namespace Westco.Foundation.Variants.NVelocityExtensions
	{
	public class ItemFieldTool
	{
	public static Item GetItemReferenceItem(Item item, string fieldName)
	{
	ReferenceField field = item.Fields[fieldName];

	return field?.TargetItem;
	}
	}
	}

view raw 02-ItemFieldTool.cs hosted with ❤ by GitHub

	<?xml version="1.0" encoding="utf-8" ?>
	<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/">
	<sitecore>
	<pipelines>
	<getVelocityTemplateRenderers>
	<processor type="Westco.Foundation.Variants.Pipelines.GetVelocityTemplateRenderers.AddTemplateRenderers, Westco.Foundation.Variants" />
	</getVelocityTemplateRenderers>
	</pipelines>
	</sitecore>
	</configuration>

view raw 03-Variants.config hosted with ❤ by GitHub

	#set($refItem = $itemFieldTool.GetItemReferenceItem($item, "POI"))
	<img data-latlong="$refItem.Latitude\|$refItem.Longitude" src="https://maps.googleapis.com/maps/api/staticmap?zoom=15&size=640x450&maptype=street&markers=icon:$mediaTool.GetPoiMediaItem($refItem, "Type")\|$refItem.Latitude,$refItem.Longitude" />

view raw 04-RenderingVariant.html hosted with ❤ by GitHub

Use the Tool

In my use case, I needed to show a Google Static map on the page. Here is the rendering variant I setup.

The Map VariantTemplate contains the data from the gist. In the below example we have a Google Static Map getting loaded; you may want to lazy-load to reduce hits against your quota. Consider creating another tool ($mapTool) to return the MapsProvider key from SXA.

The part that I found really cool was that you can create a new variable called $refItem and it would appear in the same context as $item.

This is where the fun part is in the gist:

#set($refItem = $itemFieldTool.GetItemReferenceItem($item, "POI"))

I hope this helps you build something super awesome. If you use it please share a link in the comments so others can celebrate your success.

- Michael

SXA Fake Navigation Link

If you have worked on any website navigation, you may have encountered a scenario where you need to represent a link in the menu, such as to the Home page. In the following post I'll describe how I created a link to a page, without there actually being a page.

As you can see in the above example, the Home page is represented as a sibling to the About and Locations pages.

I created an item in the tree to represent the Home page, but without all of the overhead of a full page.

Out of the box

Let's have a look at what comes out of the box, and why I decided to do something different.

While working with SXA you'll see that there is a Navigation component which allows you to specify a few properties to simplify the setup.

The option to include the root page should work for you in most scenarios. When the markup is generated, you however do not see the Home page on the same level. Let me show the differences in markup.

Here is an example with the root page included and the structure flattened. Notice that the real Home page is at level0, and my fake Home page is at level0 but nested under a ul li.

As you would expect, if you don't flatten the structure the level classes change but the markup is the same.

By creating the fake Home item you are able to eliminate the level0 and thus simplify the markup. Notice that the levels begin with level1.

Hamburger Menu In SXA

The following post was typed with one hand while my new born baby sleeps.

The checklist:

Create styles in SXA that will be attached to components.
Add Row Splitter to header Partial Design. Add style Navbar.

Add Plain HTML component to row 1. Add button snippet and adjust target class.
Add Navigation component to row 1. Add style Navbar Collapse.

Add bootstrap.js to theme.

Thursday, February 1, 2018

SXA Theme Upgrade Tip using SPE

In some recent conversations on Sitecore Slack Chat I needed to determine why a component script in SXA was not working as desired (broke). I decided to write a short PowerShell script in SPE to speed up the troubleshooting.

The following script is designed to compare two script directories under the specified themes and determines which ones have different file sizes.

	# Get tenant theme
	# Tenant Theme - change this to your desired ID
	$siteTheme = Get-Item -Path "master:" -ID "{A8665181-7D76-4EEE-B5A3-923FD0671205}"
	# Basic 2 Theme
	$basicTheme = Get-Item -Path "master:" -ID "{B43D07BD-61D5-448F-9323-8B6ACAD4F3C4}"
	# Compare scripts for matching name
	$siteScripts = $siteTheme.Children["scripts"].Children \| Select-Object -Property Name,ID
	$siteScriptsLookup = $siteScripts \| ForEach-Object { $lookup = @{} } { $lookup[$_.Name] = $_.ID } { $lookup }
	$basicScripts = $basicTheme.Children["scripts"].Children \| Select-Object -Property Name,ID
	$basicScriptsLookup = $basicScripts \| ForEach-Object { $lookup = @{} } { $lookup[$_.Name] = $_.ID } { $lookup }
	# Report when script is different file size

	$matchingScripts = Compare-Object -ReferenceObject $siteScripts -DifferenceObject $basicScripts -Property Name -IncludeEqual \|
	Where-Object { $_.SideIndicator -eq "==" } \| Select-Object -Expand Name
	foreach($matchingScript in $matchingScripts) {
	$siteScript = Get-Item -Path "master:" -ID $siteScriptsLookup[$matchingScript]
	$basicScript = Get-Item -Path "master:" -ID $basicScriptsLookup[$matchingScript]

	if($siteScript.Size -ne $basicScript.Size) {
	Write-Host "Version mismatch of $($matchingScript)"
	}
	}

view raw CompareThemeVersions.ps1 hosted with ❤ by GitHub

Let's have a look at the sample output:

With this information you are hours ahead of where you would have been trying to figure out why the "component-carousel" works on my machine but not in production!

Cheers!

Michael

Wednesday, January 31, 2018

Michael West Wins Sitecore "Most Valuable Professional" Award

Elite distinction awarded for exceptional contributions to the Sitecore ecosystem

Dallas, TX, USA - January, 31, 2018 - Michael West has been named a "Most Valuable Professional (MVP)" in the Technology category by Sitecore®, the global leader in experience management software. Michael West was one of only 208 Technology MVPs worldwide to be named a Sitecore MVP this year.

Now in its 12th year, Sitecore’s MVP program recognizes individual technology, strategy, and commerce advocates who share their Sitecore passion and expertise to offer positive customer experiences that drive business results. The Sitecore MVP Award recognizes the most active Sitecore experts from around the world who participate in online and offline communities to share their knowledge with other Sitecore partners and customers.

"The Sitecore MVP awards recognize and honor those individuals who make substantial contributions to our loyal community of partners and customers,” said Pieter Brinkman, Sitecore Senior Director of Technical Marketing. “MVPs consistently set a standard of excellence by delivering technical chops, enthusiasm, and a commitment to giving back to the Sitecore community. They truly understand and deliver on the power of the Sitecore Experience Platform to create personalized brand experiences for their consumers, driving revenue and customer loyalty."

The Sitecore Experience Platform™ combines web content management, omnichannel digital delivery, insights into customer activity and engagement, and strategic digital marketing tools into a single, unified platform. Sitecore Experience Commerce™ 9, released in January 2018, is the only cloud-enabled platform that natively integrates content and commerce so brands can fully personalize and individualize the end-to-end shopping experience before, during, and after the transaction. Both platforms capture in real time every minute interaction—and intention—that customers and prospects have with a brand across digital and offline channels. The result is that Sitecore customers are able to use the platform to engage with prospects and customers in a highly personalized manner, earning long-term customer loyalty.

More information can be found about the MVP Program on the Sitecore MVP site: http://www.sitecore.com/mvp