This week for a bit of fun we are posting a first selection of free tools and add-ons which are recommended and constantly used by the Glanton team. This is not an 'advertising feature' - we like and use this stuff all the time. It just has to be free, or at least have a free basic version to qualify.
SARAH SMITH recommends:
Pixie. Ever thought, "What's that colour? - I want it!" Pixie is a great little tool which has rather taken over from the old 'Colorpicker'. It gives you the hex, RGB, HTML, CMYK and HSV values of any colour you point at on your screen for instant copy & paste into your work. Pixie
and Pixelruler is, as its name suggests, a ruler for measuring pixels on your screen - "fantastic!" says Sarah. Load the ruler horizontally or vertically; line up the zero with the start of what you want to measure and point at the end and the ruler tells you how many pixels it is. Just like that. Pixelruler
IAN SAMPSON recommends:
"Discover Adobe® Kuler™ — the web-hosted application for generating colour themes that can inspire any project. No matter what you're creating, with Kuler you can experiment quickly with colour variations and browse thousands of themes from the Kuler community." So they say - and it is fascinating and extremely helpful. You can create colour swatches in two ways: start with a 'base' colour and then manipulate the others (above), or use an image which is central to your project and move the five selection points around until you have a swatch you like (below). Don't forget to save it! Away from the serious business of designing websites and producing elegant brochures, there are hours and hours of fun to be had. For example, work out a colour scheme for redecorating your house... Kuler
AMISHA JAY DALWADI recommends:
Animoto
"Turn your photos & videos into pure amazing. Animoto automatically produces beautifully orchestrated, completely unique video pieces from your media. Free, fast and shockingly easy. And now we support video clips from your camera or phone!" That's their blah blah - and yes it is a lovely tool and great to play around with. Basically set a slide show of your photos to music. The simplest version (max about 30secs) is free. Below is one we made earlier -
JOHN ROYLE recommends:
Xtranormal 3d animations. An extraordinary tool which makes animated movies with your own script. Very easy to use, write the script, choose set & characters, and then drag and drop actions, camera angles, expressions into the script. Like Animoto, the basic version is free, but if you want more advanced stuff you must subscribe. The example below was made by John to play on the WebAdvantage® site.
TOM MUIR recommends:
Hyperwords is an add-on for Firefox. You can select any word on any web page (not quite true: doesn't work in form fields as far I can see) and choose from powerful commands, including: Reference; Search; Translation; Conversion; Email; Twitter; Facebook; Tag; Blog; & More. Set up how you want & very easy to use. I find the translation particularly useful - it puts the result straight back in the page where it came from - great for finding out exactly what my German friends are jabbering about in Facebook! Hyperwords
Tuesday, 29 September 2009
Friday, 25 September 2009
Module Categories to help you plan your DNN site design
There are a bewildering number of DotNetNuke modules to choose from, some good some bad some just weird. So how do you choose a sensible set to give to your editors? At Glanton, We have been implementing DotNetNuke for over five years and in that time we have tried many modules. Some have stood the test of time, some have been discarded and many have evolved through upgrades and newer versions. If you are looking to implement DotNetNuke or are looking for an implementer to help you then you might want to think about your module set by considering the following categories. You'll want a mix of modules across all of these categories and I've suggested and highlighted some that work for us and our WebAdvantage implementations. Some modules straddle categories of course but in terms of the user's experience I think they work.
Content Management
'Stuff on the page' in other words. Mainly static, read and jump content. If you want a brochure ware site you probably don't need to go far outside this category.
Text/HTML
This is the daddy. You'll spend the vast majority of your time in here. Editing text, adding photos, links and doing layout with tables. The standard editor from DNN is ok but the RAD editor from Telerik is the one we choose. It's well supported and well documented. You could build a very good site using this and this alone.
Links
Links are well handled in the RAD editor but the DNN links module has one feature that keeps it in our toolbox - the drop down option. This means you can save space and tuck all your links in a small space. Lots of our clients use this feature to have a 'Quick Links' feature that they put high up on the page then make it available on every page.
Aggregator
This module gives you the ability to put tabbed content within a page. You'll have seen it on many websites, DNN or otherwise. We use it ourselves on glanton.com. Use it to manage content on a page. Group themes or related content on tabs. You should consider it as an alternative to child pages. Since all the tabs load at once it avoids a server page refresh. It's much more satisfying for your viewer to use.
FAQs
For me, this module's name masks its true potential. Sure it does a great job as an FAQ manager; you can categorise, expand and have full control over numbering and ordering but it is also a great way to organise your content on the page. Think of it as a 'heading and detail' module and you'll get the picture. Since both the 'Question' and 'Answer' are built with your Text/html editor, you can put a précis or tease in the 'question' which will reveal the full content, detail or 'answer' when clicked. The settings allow you to switch off the 'Q' and 'A' and numbers so that to your user it would be like reading a list of summaries, the full content only revealed if they want to see it. Like the Aggregator it all loads at once making it quick and enjoyable to use.
News/Blog
I'll be honest, we made a bit of a mess of this for a while. We tried 'Blog' modules and 'News' modules. Some were feature rich but clashed with the skin and some needed a lot of admin support. In fact, there is no real difference between a blog entry and a news piece. They are both 'articles' and need a time-stamp attribution, categorisation, archiving and the facility for the reader to comment. Once we realised that we settled on the Ventrian 'News' module and it has gone down very well with our users.
Site Map
A standard offering from DNN but essential to have one on every site I believe. I gives an 'at-a-glance' shape and size view of the site and it's a quick navigation aid. If your site is very big but with clear sections, then use the 'root' feature to give a local map to that section. We usually drop a link to the site map high up on every page.
Visual Appeal
It's a visual age and you never see a webpage without a picture so what else can be done to excite the eyes of your visitor, here's some ideas of modules and other tools.
Image Hotspots
The RAD editor has a nice feature to add multiple hotspots on an image, it's easy to use and great for diagrams, flowcharts and schematics.
Image photo galleries
There are many, many image galleries, rotators, carousels out there. They can be fun but don't have then spinning or changing too fast and always put controls so that the viewer can pause and control the flow. Check out flashden.net for lots of flash galleries that you can incorporate on your site.
Document viewer
Links to documents are fine but it's much nicer to show the document open and browsable. Print2Flash does just this. You can zoom, search and page through docs in a natural way. Just convert your doc to flash then embed using your editor.
Video
Everyone want clips these days and why not? But movie files can get big, unwieldy and they don't perform well running straight from your web server. If you are serious about streaming then use a streaming service. We use vzaar.com. You get a choice of movie sizes (width and height), borders and the streaming is very smooth. Contact us if you'd like us to host your movie.
Flash
Mentioned flash a couple of times already but don't forget the interactive flash stuff. Flash is very powerful in getting your point across. Use a professional flash developer (we can do that for you) and pay attention to performance and duration. It's easy to drop onto your page and still has a lot to offer.
Integration
Brochure ware only goes so far, especially in a corporate Intranet environment. Your visitors will want to integrate content from other corporate repositories, sites and applications to sit inside your portal. Here are some easy ways to do that.
Document Manager
This has been a tough one. All businesses have a problem with document management but there just doesn't seem to be a module out there that strikes the balance between functionality and simplicity.
Bring2Mind and Xepient have good solutions but Ventrian have a fantastically simple, easy to use File Links module. If you use SharePoint in your organisation remember you can iFrame to the document lists to bring them into your website.
iFrame
Standard DNN. We like iFrame it's easy and with a bit of imagination it can really pull things together. You can make web based apps sit in your site's context and stop your visitors having to jump somewhere else. You can expose nuggets (like share prices) from other sites if they are in their own frame (url). It would be nice if you could iFrame resource not URLs (e.g. network shares).
RSS
By this I mean pulling RSS feeds onto your site, not syndicating out. Nukefeeds from Orizonti is what we use. It's good for it's caching, templating and aggregation. My favourite RSS source is Google News. Craft the search to your needs then click on the RSS button. Yahoo weather is also nice because it feeds through the weather icons.
Interactivity
Users expect to interact with sites and by getting them to do some work you'll get more out of your investment - ans so will they. These are some of the ways to make a site visit more of a two-way process.
Events/Calendar
Another standard DNN offering. The team have done a great job. It is feature rich: enrolment, Outlook integration, multiple views and rich text editing of the content. If you want a hands-off way of handling your events or training sessions then give this a try before you buy anything else.
Wiki
A niche product and it takes a bit of setting up but in the right hands it works very well. Great for knowledge capture especially in specialist areas (don't bother with a general purpose implementation, Wikipedia's got that covered!).
Forms and Databases
Formmaster from Code5Systems is the Swiss army knife of modules. Has a great balance of being feature rich but not too complex. We hand users for the first form and then they manage it themselves One client built 40 forms in 2 weeks for their Intranet site. For simple parent/child databases we like Indoo Grid although the documentation leaves a bit to be desired.
Survey
The Rhema SuperSurvey. Was a very good module but has evolved into something so feature rich that it's become a little hard to train users on. It's still probably the best out there but its current incarnation is another case of the balance between functionality and simplicity going wrong.
LMS
We are just about to launch a major implementation of an LMS and we are using the Accord module from Interzoic. It looks easy to use and their site is full od info and video so we are feeling confidant! As for content we'll be starting with the Articulate suite maybe enhanced with a bit of Camtasia.
Hope you found this guide useful, I'm sure you have your own favourites, if you really feel I'm missing a trick then let me know. You'll find my address at glanton.com
Go to this post's page at www.zinepal.com and get the PDF file or perform various sharing actions.
Monday, 21 September 2009
Impersonation in DotNetNuke Intranets
We (Glanton) specialise in implementing DotNetNuke ("DNN") as an intranet application for large enterprises and vouch for the fact that it's a very different animal from setting up your standard internet facing DNN site for clients.
I was surprised at the complexities introduced when impersonation is enabled on a DotNetNuke site and hopefully our experiences and thoughts below will help others. I've tried to keep this as simple and non-technical as possible.
When working inside large enterprises, you are not working on your infrastructure; you have very little control and you don't get admin rights to machines to set up as you like. Furthermore you have to adhere to a bewildering array of branding, security, legal, infrastructure, change control, project management and technical standards - which are often quoted but seldom found!
And, of course, you are running across a network - and that means that everything which DotNetNuke does has to be set against the backdrop of the identity in which it runs within that network.
If you are running DotNetNuke as a simple, low level 'brochure-ware' site using DNN authentication, it's simple. DNN will run quite happily in the context of the ASP.NET worker process doing what it needs to do inside its own server walls and never having to venture out into the big bad network.
However, what if we need to implement Active Directory authentication so users can manage DNN using their own familiar network accounts? Now the ASP.NET server account has to go and ask the Active Directory server ("AD") if Joe Bloggs is in AD (identification); if he is indeed Joe Blogs (authentication); what his phone number and email address are (profile management) and what groups he belongs to (role management). Because the ASP.NET account is local and specific to only the server that DNN is installed on, we have to get someone else - that AD knows and trusts - to ask for us. We have to enable impersonation.
Enabling Impersonation
Impersonation is enabled two ways:
1) By adding to the web.config file, the section
<identity impersonate="true" />
This now means that when Joe Bloggs opens up our web page, DotNetNuke will run under the identity of Joe Bloggs. And because he is a network user, he can access Active Directory and so everything will work just fine - or so we think!
Alternatively, we could add to the web.config
and actually specify the identity of the user that our DNN should run under instead of the user visiting the site. Rather than using an existing user account, for which the password may change or the user could leave the company (and then the site will simply stop working), we should go and ask the AD admins for a "service account". These are a system type of user account for which passwords can NEVER be changed and which generally have a very low level of access inside of the network (proxy servers, firewalls and AD read permissions) so can't do much damage.
Most Enterprise service desks will prohibit you from adding the service account password in clear text inside of a web.config so you'll have to either encrypt the password or get the service account password added to the server registry and retrieve it through code. This is to stop site users (not network admins) who may have root access to the site, from reading the service account details.
2) By code
A method I prefer is that, if our module needs to go out to other servers on the network, we add a routine to our code that impersonates a service account within the context of that code or module function only. This means we are not locked to the identity of the user set in the web.config. Generally I look up the proxy username and password that is stored under host settings, but the Active Directory authentication provider does it by storing this information in the module settings table and encrypting the password in the database.
The reality is that most DotNetNuke installations will set because of the extra effort of encrypting and retrieving passwords (or blatantly exposing service account passwords in clear text).
Microsoft's MSDN library has lots of technical information on how to use impersonation and delegation in ASP.NET 2.0.
Implications of Impersonation
OK great - we've done what the manual says and we've got impersonation working. Job done? Actually no - now the fun starts when you start getting calls from users saying the file manager is broken, RSS feeds don't work and performance has gone up the pole. Ooops!
File Access
For simplicity sake, assume we set impersonation=true but have not specified a user account so that that DotNetNuke assumes the identity of the visiting user - Joe Bloggs.
If we impersonate Joe Bloggs and he tries to upload a file (or even read the folder contents) through the file manager, it will fail. This is because Joe Bloggs does not have specific read/write/delete file permissions on our web server. Firstly, who are we going to give permissions to? We certainly don't want to give the generic groups "All Users" or "Everyone" permissions because that means that anyone who did manage to get access to the server could cause havoc. Our best option is to give read/write/delete permissions to the "Authenticated Users" system role. Anyone accessing the server would have to be network authenticated first and my network admins tell me network users can't map a direct drive to the share because sharing has not been enabled. So I'm feeling a little more comfortable but I'm still a bit twitchy about giving delete permissions for DNN system files.
So what do we give "Authenticated Users" access to? In summary, I give authenticated users users read/write/modify access to everything and delete permissions over the contents of the /portals folder.
I once fell into a trap where I initially just gave "Authenticated Users" permissions over the portals folder. Because I was the application owner and had been given full access to the share to set things up, I was able to install new modules, read pages (that were cached to file), use modules which write data to bizarre places (like Indogrid which writes to the app_data folder) and so on, and everything worked fine for me. But of course, as soon as it went into production, the phone started to ring with users who had different permissions to me. In one instance, we had to extend permission over the ASP.NET cache folder as well.
You also need to consider the implication of changing server permissions if you are working in a three stage DEV/TEST/Production environment - these server permissions have to be applied to all sites - and some support admins may have a problem with opening up permissions on a production site.
Databases
We've recently had to move into an enterprise environment where we had to use Integrated Security (i.e. a 'service account') to connect to a database server. For whatever reason, the Site admins could not set up a direct connection to the DB server so we had to use impersonation. This means we had to change the permission sets on the service account. And to make matters more complicated, the DB admin insisted on a separate service account for each of the three DEV/TEST/PROD databases. A mission to manage and co-ordinate. And then they complain that you can get hosted DNN out on the web for $50 per month!!!
RSS
If you are trying to access an RSS news feed from another web server on the network you are going to have a problem - even if you have enabled impersonation. The server that you are reading from will have to grant your impersonated user permissions to read its data. If you use a service account, it's easy for them to add. But they may not be so keen to open up Read access to "Authenticated Users" on their server. This is a difficult concept to explain to a user who is used to seamlessly accessing content across their intranet.
In Conclusion
I try and avoid impersonation like the plague and have written out of the DNN AD provider any calls that rely on impersonation. I stick to specific DirectoryEntry type searches where we can specify the service account and password stored in DNN. As systems integrators, it cuts down our work tremendously by avoiding all red tape associated with requesting service accounts and permission changes on boxes.
If you do use impersonation, hopefully I've shared with you some of the issues you may encounter - but not have foreseen. Let me know your experiences?
Go to this post's page at www.zinepal.com and get the PDF file or perform various sharing actions.
I was surprised at the complexities introduced when impersonation is enabled on a DotNetNuke site and hopefully our experiences and thoughts below will help others. I've tried to keep this as simple and non-technical as possible.
When working inside large enterprises, you are not working on your infrastructure; you have very little control and you don't get admin rights to machines to set up as you like. Furthermore you have to adhere to a bewildering array of branding, security, legal, infrastructure, change control, project management and technical standards - which are often quoted but seldom found!
And, of course, you are running across a network - and that means that everything which DotNetNuke does has to be set against the backdrop of the identity in which it runs within that network.
If you are running DotNetNuke as a simple, low level 'brochure-ware' site using DNN authentication, it's simple. DNN will run quite happily in the context of the ASP.NET worker process doing what it needs to do inside its own server walls and never having to venture out into the big bad network.
However, what if we need to implement Active Directory authentication so users can manage DNN using their own familiar network accounts? Now the ASP.NET server account has to go and ask the Active Directory server ("AD") if Joe Bloggs is in AD (identification); if he is indeed Joe Blogs (authentication); what his phone number and email address are (profile management) and what groups he belongs to (role management). Because the ASP.NET account is local and specific to only the server that DNN is installed on, we have to get someone else - that AD knows and trusts - to ask for us. We have to enable impersonation.
Enabling Impersonation
Impersonation is enabled two ways:
1) By adding to the web.config file, the section
<identity impersonate="true" />
This now means that when Joe Bloggs opens up our web page, DotNetNuke will run under the identity of Joe Bloggs. And because he is a network user, he can access Active Directory and so everything will work just fine - or so we think!
Alternatively, we could add to the web.config
<identity impersonate="true" username="svcUserName" password="P@ssw0rd" />
and actually specify the identity of the user that our DNN should run under instead of the user visiting the site. Rather than using an existing user account, for which the password may change or the user could leave the company (and then the site will simply stop working), we should go and ask the AD admins for a "service account". These are a system type of user account for which passwords can NEVER be changed and which generally have a very low level of access inside of the network (proxy servers, firewalls and AD read permissions) so can't do much damage.
Most Enterprise service desks will prohibit you from adding the service account password in clear text inside of a web.config so you'll have to either encrypt the password or get the service account password added to the server registry and retrieve it through code. This is to stop site users (not network admins) who may have root access to the site, from reading the service account details.
2) By code
A method I prefer is that, if our module needs to go out to other servers on the network, we add a routine to our code that impersonates a service account within the context of that code or module function only. This means we are not locked to the identity of the user set in the web.config. Generally I look up the proxy username and password that is stored under host settings, but the Active Directory authentication provider does it by storing this information in the module settings table and encrypting the password in the database.
The reality is that most DotNetNuke installations will set
Implications of Impersonation
OK great - we've done what the manual says and we've got impersonation working. Job done? Actually no - now the fun starts when you start getting calls from users saying the file manager is broken, RSS feeds don't work and performance has gone up the pole. Ooops!
File Access
For simplicity sake, assume we set impersonation=true but have not specified a user account so that that DotNetNuke assumes the identity of the visiting user - Joe Bloggs.
If we impersonate Joe Bloggs and he tries to upload a file (or even read the folder contents) through the file manager, it will fail. This is because Joe Bloggs does not have specific read/write/delete file permissions on our web server. Firstly, who are we going to give permissions to? We certainly don't want to give the generic groups "All Users" or "Everyone" permissions because that means that anyone who did manage to get access to the server could cause havoc. Our best option is to give read/write/delete permissions to the "Authenticated Users" system role. Anyone accessing the server would have to be network authenticated first and my network admins tell me network users can't map a direct drive to the share because sharing has not been enabled. So I'm feeling a little more comfortable but I'm still a bit twitchy about giving delete permissions for DNN system files.
So what do we give "Authenticated Users" access to? In summary, I give authenticated users users read/write/modify access to everything and delete permissions over the contents of the /portals folder.
I once fell into a trap where I initially just gave "Authenticated Users" permissions over the portals folder. Because I was the application owner and had been given full access to the share to set things up, I was able to install new modules, read pages (that were cached to file), use modules which write data to bizarre places (like Indogrid which writes to the app_data folder) and so on, and everything worked fine for me. But of course, as soon as it went into production, the phone started to ring with users who had different permissions to me. In one instance, we had to extend permission over the ASP.NET cache folder as well.
You also need to consider the implication of changing server permissions if you are working in a three stage DEV/TEST/Production environment - these server permissions have to be applied to all sites - and some support admins may have a problem with opening up permissions on a production site.
Databases
We've recently had to move into an enterprise environment where we had to use Integrated Security (i.e. a 'service account') to connect to a database server. For whatever reason, the Site admins could not set up a direct connection to the DB server so we had to use impersonation. This means we had to change the permission sets on the service account. And to make matters more complicated, the DB admin insisted on a separate service account for each of the three DEV/TEST/PROD databases. A mission to manage and co-ordinate. And then they complain that you can get hosted DNN out on the web for $50 per month!!!
RSS
If you are trying to access an RSS news feed from another web server on the network you are going to have a problem - even if you have enabled impersonation. The server that you are reading from will have to grant your impersonated user permissions to read its data. If you use a service account, it's easy for them to add. But they may not be so keen to open up Read access to "Authenticated Users" on their server. This is a difficult concept to explain to a user who is used to seamlessly accessing content across their intranet.
In Conclusion
I try and avoid impersonation like the plague and have written out of the DNN AD provider any calls that rely on impersonation. I stick to specific DirectoryEntry type searches where we can specify the service account and password stored in DNN. As systems integrators, it cuts down our work tremendously by avoiding all red tape associated with requesting service accounts and permission changes on boxes.
If you do use impersonation, hopefully I've shared with you some of the issues you may encounter - but not have foreseen. Let me know your experiences?
Go to this post's page at www.zinepal.com and get the PDF file or perform various sharing actions.
Subscribe to:
Posts (Atom)