PhantomJS Screenshots not being generated with Windows Authentication turned on

It has been observed with several versions of Sitecore 8 and above (empty versions) – including 8.2 Update 2 – that the screenshot generation is broken when the site has Windows Authentication turned ON.

How Windows Authentication is turned on on IIS

Symptoms

When attempting to start up a test in any level, the Test Start dialog will show screenshots of your website to demonstrate how your tested content will display. This can be experienced, for instance, if you trigger the Page Test command inside Experience Editor:

Create Page Test

When the Page Test dialog appears you will noticed screenshots are all broken:

Page Test - Screenshot errors 1

Page Test - Screenshot errors 2

Sitecore log shows the following messages during the generation of screenshots:

ManagedPoolThread #16 19:09:27 INFO Job started: Generate screenshots
18756 19:09:28 INFO [Content Testing]: PhantomJS console: 
Resource error
id: 0
url: http://sc82rev161221/?sc_mode=edit&sc_itemid={110D559F-DEA5-42EA-9C1C-8A5DF7E70EF9}&sc_disable_edit=yes&sc_lang=en&sc_version=1&sc_vercomp=0
errorCode: 5
errorString: Operation canceled
!--error--!
ManagedPoolThread #16 19:09:28 INFO Job ended: Generate screenshots (units processed: 1)
ManagedPoolThread #5 19:09:30 INFO Job started: Generate screenshots
28116 19:09:30 INFO [Content Testing]: PhantomJS console: 
Resource error
id: 0
url: http://sc82rev161221/?sc_mode=edit&sc_itemid={110D559F-DEA5-42EA-9C1C-8A5DF7E70EF9}&sc_disable_edit=yes&sc_lang=en&sc_version=1&sc_vercomp=0
errorCode: 5
errorString: Operation canceled
!--error--!
ManagedPoolThread #5 19:09:30 INFO Job ended: Generate screenshots (units processed: 1)

Root Cause

In the end the root cause is not exactly Windows Authentication, but the fact that PhantomJs, when confronted with the Windows Authentication prompt, don’t know how to proceed.

WIndows Auth Prompt

Unable to type Login and Password at this prompt, PhantomJS will get back a “403 – Forbidden” error and fail creating screenshots.

Short Story: the root cause is that PhantomJS doesn’t have proper permissions to access the filesystem and write down the screenshot images. This issue thus, may also happen in scenarios where Windows Authentication is not enabled.

How Windows Authentication is being used

We are using Windows Authentication to achieve a specific goal at our environment: During Sitecore development, we have multiple Sitecore instances with different purposes (DEV, QA, UAT), being constantly updated by TeamCity, our Continuous Integration server. One of these instances (generally UAT) is exposed to public so our clients can access from outside. However, we don’t want unrelated people accessing this address, so we lock it down with Windows Authentication and provide our clients one or multiple internal accounts to login and access the website. Unrelated people would be stopped at the Windows Authentication prompt.

Ideal solution would be for us to know exactly what folder(s) to enable Anonymous authentication, so the website itself is protected and still PhantonJS can properly generate screenshots.

Solution

With the help of Sitecore Helpdesk we were able to determine how to tweak our website, enabling PhantomJS to properly generate screenshots of our website, and still sheltering it from being accessed by anyone but the people we want.

The solution consists of A) enabling Anonymous authentication for the site root node and B) disabling Anonymous authentication for every sub-folder and files

Powershell Script

Simple to understand, hard to implement.

Can we have this automatized? Yes of course! With the assistance of my college Eduardo Pereira  (thank you very much, my friend!) I was able to end up with the following PowerShell script:

Import-Module WebAdministration
$Str_IISSiteName = "Your-Website-Name-On-IIS"
$Str_PSPath = "IIS:Sites" + $Str_IISSiteName + ""
$Obj_Site = Get-Item $Str_PSPath
$Obj_Items = Get-ChildItem $Obj_Site.physicalPath
write-host "Changing authentication method on " $Str_IISSiteName
Set-WebConfigurationProperty -Filter "/system.webServer/security/authentication/AnonymousAuthentication" -Name Enabled -Value True -PSPath $Str_PSPath
Set-WebConfigurationProperty -Filter "/system.webServer/security/authentication/WindowsAuthentication" -Name Enabled -Value True -PSPath $Str_PSPath
Foreach ($Obj_Item in $Obj_Items)
{
    write-host "Changing authentication method on" $Str_PSPath$Obj_Item
    Set-WebConfigurationProperty -Filter "/system.webServer/security/authentication/AnonymousAuthentication" -Name Enabled -Value False -PSPath $Str_PSPath -location $Obj_Item
    Set-WebConfigurationProperty -Filter "/system.webServer/security/authentication/WindowsAuthentication" -Name Enabled -Value True -PSPath $Str_PSPath -location $Obj_Item
}

Important: you may need to give proper access to enable PowerShell to properly execute the script above. According to this StackOverflow article, that very well describes the issue and solution, you may have to firstly execute the steps below:

  1. Open IIS Manager
  2. Click the server name in the tree on the left
  3. Right hand pane, Management section, double click Configuration Editor
  4. At the top, choose the section system.webServer/security/authentication/anonymousAuthentication
    Right hand pane, click Unlock Section
  5. At the top, choose the section system.webServer/security/authentication/windowsAuthentication
    Right hand pane, click Unlock Section
Publicado em Phantom JS, Support Ticket

Leave a Reply

Your email address will not be published. Required fields are marked *

*

  Am Not Spammer

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>