Author: Halfvares Mats, Teknikhuset AB.

Published: 2007-03-17

Applies to:
  • Content Studio ver. 5.1

Type: Information

More information

There are some important breaking changes between Content Studio version 5.1 and version 5.0 that affects customer that upgrade from version 5.0.

Change Description Affects
Changes to the EPT document file extension For security reasons EPT documents can only be saved with the file extension .ept or the old extension .xml. For all new EPT document categories the .ept file extension is the only allowed but for existing categories the old xml extension is allowed as well. However, for existing categories the default file extension is now .ept which means that all new documents in these categories will have the .ept file extension by default. An administrator can change this behaviour by changing the allowed file extension on a specific category. This setting specifies the allowed file extension for documents in the category and consists of a comma-delimited list of file extension (for example .ept,.xml). The first extension in the list is the default extension and will be the file extension unless the user decides to change it.

Advanced developers:

When the .ept file extension is in use a security leak has been fixed that allowed public users to read the content of an EPT document in its raw Xml format when the underlying file name was known. As a side effect, when Content Studio runs on Server 2003 and later, a developer cannot preview the raw xml from a published version of EPT documents with the .ept extension. EPT data can now only be viewed through a presentation template. As a workaround a developer that needs to view the raw Xml can create a special presentation template that returns the raw Xml or change the default file extension to .xml during development.

Applications that use EPT as web services:

Application that uses EPT as web services and access the files direct by their file names rather that via their Id:s will no longer be able to retrieve any data when the file extension is .ept.

Changes to how custom login providers are configured. Starting with Content Studio 5.0 developers can create their own logon provider that enables Content Studio to integrate with external user catalogues such as NDS (Novell Netware Directory Services) or other non Windows catalogues. This type of login uses the Forms login method in ASP.NET and this kind of integrated behaviour was default in CS 5.0. However, in order to support the regular Form login method that does not integrate with the Content Studio security system a new setting in Web.config has been introduced that indicate that the login provider should integrate with Content Studio. Thus, the default Forms login mode will now be the standard non-integrated. Web sites that uses a custom logon provider in Content Studio will not work as expected after an upgrade unless the relevant settings in the Web.config file has been changed.
See the section below for detailed information.

Web.config changes to support Custom logon providers

Starting with version 5.1, forms login no longer integrates with the Content Studio security system by default. In order to integrate with Content Studio a new configuration is needed. The installation program automatically upgrades Web.config and installs a new configSection and a number of sectionGroups elements. These configuration elements define the configuration element that is used to supply Content Studio specific settings. 

The sectionGroup named FormsAuthenticationModule defines the setting where all forms authentication providers that integrates with the Content Studio security system are defined.


        <sectionGroup name="ContentStudio">
            <sectionGroup name="FormsAuthenticationModule">
                 <section name="ProviderNames" type="System.Configuration.NameValueSectionHandler"/>
            <!-- more Content Studio sectionGroups can exist -->
        <!-- other sectionGroups might exist -->
    <!-- other elements -->

In Web.config directly under the <configuration> element there is a section named <ContentStudio> where the <FormsAuthenticationModule> element should exist. The installation program upgrades Web.config an inserts this section as well, but in a default installation the add element is commented out.
In order for your provider to integrate with Content Studio, remove the comment and in the key attribute replace the MyProviderName value with the name of your provider. The value attribute is ignored and should be an empty string as shown in the example below. Content Studio now knows that your provider should integrate with is underlying security system.

               <add key="MyProviderName" value=""/>
    <!-- more elements exist -->