Sitecore Boost User functionality

-

The murder 

Recently, we were contacted by a customer who had been faced with an additional license cost by Sitecore due to excessive use of the Boost User functionality.

For those of you who have never encountered this behavior, the documentation for this functionality can be found here:

https://doc.sitecore.com/xp/en/developers/90/platform-administration-and-architecture/kick-off-or-add-a-user.html#increase-the-number-of-allowed-users

However, the customer asked us (as their partner agency) to check or challenge this boost behavior.

They wanted to know who and how often (in a more granular metric than a day) this boost had been used.

The investigation

At first I though this was going to be something quite simple. As Sitecore is apparently able to detect the boost actions as they were performed I assumed that they should be able to also track the IP, Username, date and any other related information.

But as it goes... never make assumptions :) Sitecore told us that they can only see the time and occurrences summarized into a single day. This is probably to GDPR, and whether or not they store more than this was impossible for me to tell, but the screenshot can be found below:



So we started to dig. A user can only see this information once they perform a valid login and are faced with the following screen:


This gave me good hopes that there would be something valuable in the Sitecore logs that could help me determine who had actually performed the boosts (and if this had even occurred at all). A possible assumption was that it was a temp, or external contractor, so the customer really wanted to know.

However, after skimming through the logs, no information on this was found at all.
At this point the only way forward seemed to be to log this as a Sitecore support ticket and see what they would be able to come up with...

The manhunt

I dubbed this the 'Manhunt' as we were going to have to get our hands dirty on this one.
Feedback had come from Sitecore and there was some coding (read: copying) to be done in order to handle future boost events and write them into our logs...
This was the solution Sitecore Support provided us with:

  1. Create a custom BoostUsersControllerclass (the rest of the code can be found in the BoostUsersControllersource class in Sitecore.Client.LicenseOptions.dll):
using Sitecore.Diagnostics;
namespace Sitecore.Support.Client.LicenseOptions.Controllers
{
    public class BoostUsersController : Controller
    {
                 [HttpGet]
                 public void RedirectToBoost()
                 {
                         if (!Context.User.IsAuthenticated)
                         {
                                  base.Response.StatusCode = 401;
                         }
                         else
                         {
                                  string username = Context.GetUserName();
                                  Log.Info("Boost used by: " + username, this);
                                  base.Response.Redirect(GetBoostUrl(), endResponse: true);
                         }
                 }

                 protected string GetBoostUrl()
                 { ... }
        }
}
  1. Create InitializeRedirectToBoostRouteclass
namespace Sitecore.Support.Mvc.Pipelines.Initialize
{
    internal class InitializeRedirectToBoostRoute
    {
        public virtual void Process(PipelineArgs args)
        {
            Assert.ArgumentNotNull(args, "args");
            this.RegisterRoutes(RouteTable.Routes, args);
        }

        protected virtual void RegisterRoutes(RouteCollection routes, PipelineArgs args)
        {
            string[] namespaces = new string[] { "Sitecore.Support.Client.LicenseOptions.Controllers" };
            routes.MapRoute("RouteName", "api/sitecore/BoostUsers/{action}", new
            {
                controller = "BoostUsers",
                action = "RedirectToBoost",
                id = UrlParameter.Optional
            }, namespaces);
        }
    }
}
  1. Compile the above classes and copy the .dll file to the \bin folder.
  2. Create a patch file for your custom processor in the <initialize>pipeline.
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/">
  <sitecore>
    <pipelines>
          <initialize>
            <processor type="Sitecore.Support.Mvc.Pipelines.Initialize.InitializeRedirectToBoostRoute, AssemblyName" patch:before="processor[@type='Sitecore.Mvc.Pipelines.Initialize.InitializeCommandRoute, Sitecore.Speak.Client']"/>
          </initialize>
        </pipelines>
  </sitecore>
</configuration>

The kill / The capture

Even though the above solution will probably make our lives easier for future cases to come... the idea and initial premise was to find out why and if this 'Boost Users' feature had been used.
Which meant we needed a solution for whatever lay in the past.

This got us thinking one layer up...
Maybe something has simply been logged into the IIS logs...

And YES :p The default IIS logs do hold this information apparently:

Line 11538: 2022-12-20 13:37:28 10.75.9.150 GET /api/sitecore/BoostUsers/RedirectToBoost - 443 sitecore\USERNAME 111.222.3.444 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/108.0.0.0+Safari/537.36 https://cm-CUSTOMER.reference.be/sitecore/client/Applications/LicenseOptions/StartPage 352 0 0 249

Which, unmistakenly, told us that USERNAME (you know who you are!) was the culprit!

So, lesson learned:

  1. Always check your logs
  2. Immediately open up a Support ticket, they can really help
  3. ALWAYS check ALL your logs
  4. Read blogs like this.
Take the above solution if you need to add this into your configuration, but the basics are stored by default in your logs regardsless.





Comments

Post a Comment

Popular posts from this blog

Stupid exception: Device is not ready – System.IOException .net

-
When installing a Sitecore implementation from an development server environment to my laptop I ran into an absolutely stupid error. And it's great to have this kind of errors pop up from time to time even if you have been in the development world for so long and are still unable to fix it immediately. So, what error did I get? Device is not ready – System.IOException .net That is right... Nothing at all related to Sitecore. But then you start to doubt that as my stacktrace showed to Lucene [IOException: The device is not ready. ] System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) +1091 System.IO.Directory.InternalCreateDirectory(String fullPath, String path, Object dirSecurityObj, Boolean checkHost) +1413 System.IO.Directory.InternalCreateDirectoryHelper(String path, Boolean checkHost) +92 Sitecore.IO.FileUtil.EnsureFolder(String path) +128 Sitecore.ContentSearch.LuceneProvider.LuceneIndex.CreateDirectory(String folder) +100 Sitecore.Co
Read more

Sitecore 8.2 in-depth preview + 8.3 update info and Sitecore Ecommerce information

-
Image
During the last Sitecore User group session here in Belgium, Ryan Donovan was featured as the central speaker. The following two topics were on the agenda: Sitecore Commerce An in-depth information on 8.2 and 8.3 I was impressed by the drive behind Ryan and his team(s). It emphasized the drive that is pushing Sitecore forward. Sitecore is putting a lot of effort in producing well hardened and tested product releases that bring new features and rich applications. Sitecore Commerce Previous Sitecore commerce solutions were structured around either SCpbCS and SCpbMD. However, the vNext commerce product has been newly developed from the ground up. Previously, the commerce solution focussed itself around the architecture of Commerce Server to provide and API, manage the products and to derive the entire feature set from. With this Commerce vNext solution, Sitecore has set forward the aspiration to become one of the market leaders in commerce. The fist aim is to focu
Read more

Date Ranges in C#

-
DateRange utility class Throughout development there are a number of typical things that tend to recur. One of these is implementing a means to display start and end dates for News, Events, Symposiums, Lives etc etc Writing a little class that manages printing these dates seemed like a necessary task that just had to be done in order to make this tedious task be a thing of the past. Therefore I created my "DateRange" class (what's in a name) that should handle this entirely for you. The Idea The intriquities of displaying a datetime range should be an abstraction. You should only need to worry about passing the correct dates (start and end - if applicable) to the Utility class combined with an optional formatting. The class can be entirely configured through use of Enumerations for all the separate settings such as DayFormat etc. An additional class was used to implement this utility, the StringValue attribute class. You can easily use thie class to a
Read more