Automated Warning When Macro Security Expressions Error?

kentico guy asked on February 21, 2020 20:43

Is there any out of the box functionality in kentico that would warn me with an email when our security signatures error out? It seems to happen at least once a week, and I only find out once a user reports it, which means that a TON of people are just getting rejected off our website and unable to use it properly.

If not, what is the .CS file(s) I need to modify in order to add that? I can figure it out myself; but since it's security related, I think it's important to seek guidance on this.

Thanks, in advance

Recent Answers

Peter Mogilnitski answered on February 21, 2020 21:13 (last edited on February 21, 2020 21:29)

Well it should be visible in the event log. So you can have a global event handler to handle LogEvent. Lets say before log entry is created. There you can check if it is macro error (for example event source is MacroResolver) and send email to your self.

I personally prefer to use macro identity and sign macros as global admin to avoid all this permissions chaos.

2 votesVote for this answer Mark as a Correct answer

kentico guy answered on February 21, 2020 21:43

I actually do use the Global Admin for that reason.. but it seems like they still crap out every week for some reason. I basically inherited ~30 instances of kentico all running different databases and versions, so I'd like to get emailed if any of the macros are whacked out. I think your post gives me enough of a clue to get started. Thanks!

0 votesVote for this answer Mark as a Correct answer

Juraj Ondrus answered on February 23, 2020 14:04

You can also configure email notifications for any errors logged in the log. As described in the documentation:
Setting up email notifications for errors
You can configure the system to automatically send email notifications whenever errors occur in the application.

  1. Open the Settings application.
  2. Select the System category.
  3. Enter the target email addresses for the notifications into the Error notification email address setting. Use semicolons to separate multiple addresses.
  4. Type a sender address into the No-reply email address settings. The notification emails use the sender address in their From field.
  5. Save the settings.
1 votesVote for this answer Mark as a Correct answer

Roman Hutnyk answered on October 29, 2020 12:05

I'd like to ask if anyone knows what causing macro signature to became invalid? I'm experiencing similar issue with one project, where approximately each to weeks we get macro signature broken.

We use a single user account to sign all the macro. User account is enabled and works fine. In this case we do not use staging. Hash salt is specified in web.config and never changes.

Also I've noticed that just some macros become invalid, not all of them.

My another observation is that check out + undo checkout page template sometimes breaks the signature.

If anyone has any ideas on what causing the issue you're more than welcome to provide it.

Thanks, Roman

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.