Wednesday, October 1, 2014

Congrats to gallery contest winner Joe Hakooz!

Last month I invited you to submit your gallery for a new Gallery Showcase we’re building that highlights the diverse ways people use Gallery Server Pro for managing digital assets. Thanks for all your great entries!

The winner, chosen at random, is Joe Hakooz from Innovah, a custom web app company in North Carolina. His client is Lacour Fruits, an international fruit and vegetable distributor based in France. They needed a secure way to store a large number of photos and videos in high resolution formats, primarily for use in their marketing and print collateral. They considered building a custom app but when they found Gallery Server Pro they knew they found their solution.

Here’s what Joe had to say:

“Gallery Server was incredibly simple to install and converting to an SQL database was painless. The automatic installation is tough to beat, but my favorite thing is how easy it is to use. We gave the client a quick demo and they haven't needed additional training since we deployed!”

Joe and his team branded the gallery with their client’s logo and other graphic elements using the UI template feature and a bit of CSS editing.

The gallery is for internal company use so you can’t browse to it, but Joe shared a few screen shots. Take a look. Nice job, Joe!

lacour-1

lacour-2

lacour-3

lacour-4

Tuesday, September 9, 2014

Show off your gallery and win $50

Got a great gallery you'd like to show off? Tell us about it and it might appear in the new Gallery Showcase we're adding to our site.

Any gallery built with Gallery Server Pro is eligible. If selected, we'll post a screenshot and a little blurb about how you're using the gallery. We'll even provide a link to help with your SEO.

Use the contact form to provide:

  • An URL to your gallery. If it's password protected and you don't want to share a login account, give us a screenshot.
  • A few sentences that describes how you're using the gallery. What problem does it solve? If you're happy with GSP, say so.
  • Your name, title, email and - ideally - a photo of your face. We'll select positive comments for a separate "What our customers are saying" section.

All entries received by September 30 are entered into a drawing for a $50 Amazon gift card.

Tip: The easiest way to send files (like your screenshot and personal photo) is to reply to the auto-generated email you receive from the contact form.

Tuesday, September 2, 2014

Secure your media files in a read-only gallery

People who want to share their media assets with the world through a website typically have one of two views:

  • I want to fully manage my media files through the website, including adding and deleting media. That is, I want a Digital Asset Management System (DAMS).
  • I already have a process for managing my files; I just want to expose a read only gallery on my website. That is, I want a Web Gallery.

Both of these are valid and supported in Gallery Server Pro. In this post I’ll focus on the second approach – exposing a collection of files in a read-only gallery.

Who would want to do this?

I would, for one. Like a lot of people, I have accumulated thousands of photos and videos over the years. My master collection of media files is stored on a desktop PC in my home. No matter how I acquire a media asset – whether it’s through my cell phone, tablet, video camera, or sent to me from someone else – they all end up on my PC. I want 24/7 availability to these files, but I don’t want to keep my PC running all the time nor do I want to run a web server from home. It would be great if I could copy these files to a web server and set that up as a read-only gallery.

Who else would want to do this?

  • You run a business and have all your media files on a shared drive. You want to expose them internally or on a public website but want to guarantee no one can delete your assets through the website.
  • You run a web server from your home and want to expose your media collection, but am worried about the security risks. You don’t want to trust that a web gallery is truly secure; you need to keep things locked down for your own peace of mind.
  • You have a system in place for adding, editing and deleting your files. It works but you want to make it easier for those who just want to browse the files.

Setting up the read-only gallery

Configuring a gallery to be read-only is easy. It all takes place on the Media Objects – General page in the site admin area:

rog1

Select the option Media files are read-only and then save. That’s it. From now on, Gallery Server Pro won’t modify any of your original media files. It also won’t let users or even admins make any changes to files, as seen here in this screenshot of the Actions menu:

rog2

When a gallery is read-only, users cannot create albums or upload files, nor can they move, copy or delete albums and media objects. That is, they cannot perform any action that modifies the original media files. However, users can synchronize, download, sort, edit titles, captions and tags, and administrators can change settings in the Site admin area, including managing users and roles.

Prerequisites

There are a few requirements that must be met before a gallery can be made read only:

  • User albums must be disabled
  • The directory for the thumbnail and compressed images must be different than the original media objects directory
  • The option Synchronize directory names with album titles must be disabled

This should come as no surprise since these options have the potential to modify files, so they must be configured such that this isn’t possible. If any settings have the wrong value, your gallery will notify you when you try to enable the read-only option.

How do I manage files in a read-only gallery?

To add or remove media files to or from your gallery, use a tool like Windows Explorer or an FTP program to add or delete the files from the media file directory. Then run the synchronize function to have the gallery auto-detect the file changes. You can turn on the auto-sync function on the Albums – General page so you don’t have to manually run a sync.

In very large galleries, a sync can take a long time even when there aren’t any changes. That’s because the application has to iterate through every file in the gallery. If this becomes an issue, instead of auto-syncing you can create a script to periodically run a sync on one or more down-level albums. You’ll find this option below the auto-sync settings:

rog3

You can use Windows Task Scheduler to start a sync on any schedule you choose. Do a Google-Bing search on task scheduler http request for more info.

As mentioned earlier, management tasks that don’t affect the original media file as still available. That means you can still assign album thumbnails, sort albums, and edit titles, captions and tags.

One more piece for bullet-proof security

The previous steps will give you a read-only gallery, but one should acknowledge the security risks that are still present:

  • If a hacker gets your administrator credentials, they can log in, turn off the read-only setting, and then proceed to wreak havoc in your gallery.
  • A hacker can exploit an unpatched security hole in Gallery Server Pro to damage your gallery. (None are known at this time, however.)

You can eliminate these risks by configuring the IIS application pool identity to have read-only access to the media directory. When you do this, the OS’s file security system will prevent IIS and the gallery from making any changes to the file system, thus giving you an extra layer of protection.

Start by identifying the application pool identity your website is using. In IIS Manager, right click the web application and choose Manage Application – Advanced Settings. You’ll see the application pool identity in the dialog window:

rog4

Now figure out the identity the application pool is running under. Click the Application Pools node in the left pane of IIS Manager, find the app pool name in the center pane and notice the value in the Identity column. Here we see it’s running under ApplicationPoolIdentity:

rog5

This next part is confusing and trips up a lot of people, including me the first few times I did it. The term ApplicationPoolIdentity is not the actual name of the user account in Windows. Instead, it is telling you the identity is the name of the application pool concatenated to IIS APPPOOL. In our case, since the pool is named DefaultAppPool, the user account is IIS APPPOOL\DefaultAppPool.

If the identity was something other than ApplicationPoolIdentity, like LocalService, NetworkService, or an AD account, then you don’t need to do any of this dancing around. The identity is simply what it says.

Open Windows Explorer and navigate to the directory containing your media files. Right click the folder and choose Properties. Click the Security tab and choose Edit, then click Add on the Permissions window:

rog6

Type in the pool identity. In our case we enter IIS APPPOOL\DefaultAppPool:

rog7

Verify that the OS recognizes the name by clicking Check Names. When valid, the name becomes underlined. In our case Windows decides to drop the IIS APPPOOL prefix, although oddly it wouldn’t have worked to just type in DefaultAppPool:

rog8

Click OK and then assign read-only permission for the account:

rog9

Click OK a couple times to close all the windows. That should be it, although I should note a few things:

  • Your system might already be giving the user account write or modify permission through one of the other permissions. If this is the case you’ll need to revoke those permissions or change them to read-only. A good way to test that you truly have read-only permission on your app pool is to disable the read-only option in your gallery and then try to make a change that modifies a file (uploading a file, rotation, or deletion). If it succeeds then you still have work to do with your permissions.
  • Your app pool identity needs modify permission to the directories where your thumbnails and web-optimized images are stored. Adjust as needed.
  • These screenshots were made on Win 8.1. Other OS’s may look slightly different.
  • If using a hosting provider, you may not be able to adjust settings to the detail shown here. Poke around their control panel to find out what settings they expose.

When finished, you’ll have a bullet-proof gallery you can share with customers, friends and relatives. Cheers!

Thursday, July 17, 2014

Did you know you can change your file names?

This is one of those hidden gems in Gallery Server Pro that is not widely known but can be really handy. You can modify the underlying file name of any media object through the gallery UI.

You already know you can edit several attributes of your media assets in the right pane. The common ones are title, caption, and tags, but any property can be editable. In a default gallery, the file name is visible and read only:

fn_metadata1

To make the file name editable, go to the Metadata page in the site admin area. Find the row for the FileName property and check the box to make it editable. Note that there is a quirk in the jQuery grid widget that requires you to tab *out* of the cell before saving, so be sure it has the green check mark when you save.

fn_metadata2

That’s it. Notice you can now edit the file name for any asset:

fn_metadata3

Changing the file name updates it in two places – the Metadata table in the database and the file system on the server’s hard drive. This can be handy for cleaning up those ridiculous names that come out of your camera.

A few things to note. If you pick a name that is already used by another file in the directory, Gallery Server Pro will automatically tweak it until it is unique. For example, the name MyPhoto.jpg may become MyPhoto(1).jpg.

The names of the thumbnail and web-optimized versions are not updated. Not a big deal for the thumbnail version but the optimized file name is used when you are downloading the image:

fn_metadata4

This might be a bit of a nuisance, so I plan to correct this in a future version.

Another thing is when you are running a gallery in read-only mode (i.e. the option ‘Media files are read only’ is selected on the Media Objects – General page), the file name is not changed on the hard drive. The meta property, however, is updated, since that is just a database value. This might cause some confusion, so I’m guessing those of you with read only galleries will want to leave this property read only.

Lastly, this trick applies only to the FileName metadata property. A related one – FileNameWithoutExtension – does not persist changes back to the server’s hard drive. It only updates the database value, just like the vast majority of the other properties.

Thursday, June 19, 2014

WPI version of Gallery Server Pro released

Microsoft has completed their testing of 3.2.1 and published the new version to their web application gallery. A link to install it is on the download page.

Monday, June 2, 2014

Gallery Server Pro 3.2.1 Released

Today we released 3.2.1, which contains a small set of bug fixes and a couple minor behavior changes. There are no changes to web.config or the skins, so upgrading from 3.2.0 is as easy as copying the files from the upgrade package over the existing files in your gallery. Instructions for upgrading other versions are in the Admin Guide.

Bug fixes

  • Left pane UI template partially updated during upgrade
  • Parent nodes in the tree cannot be unchecked in certain cases
  • Quotation marks in user and role names cause trouble
  • Page scrolls to top when dialog auto-closes

The first two bug fixes were added to the 3.2.0 packages as soon as they were identified (May 19 and May 23, respectively), so they may already be fixed in your installation of Gallery Server Pro.

More details about the bug fixes are in this report.

Behavior changes

Remove confirmation message after drag and drop sorting

Drag and drop sorting was added in 3.2.0. When you finish dragging the thumbnail, the new position is sent to the server and a confirmation message is displayed. Some users found the confirmation message annoyingly repetitive, especially when you factor in the bug where the screen auto-scrolled to the top when the message disappeared. Although we fixed that bug in this release, we agree that the message is unnecessary, so we removed it.

Prevent UI template changes to the default template

This is a behavior change that might catch some of you by surprise. Starting with 3.2.1, you can no longer save changes to any UI template with the name ‘Default’, except for selecting which albums the template applies to. If you want to edit a template, first make a copy and apply your changes to that. There are two reasons for this change:

  1. Allow reverting to the default template – By forcing you to make your changes to copies, you always have a default template to revert to.
  2. Allow template upgrades – Newer versions of Gallery Server Pro routinely require modifications to one or more UI templates. This is typically done through a search and replace on a particular string. However, if a user has modified the template, the search may not find a match, causing the template to not be upgraded. This can leave the user with a broken gallery and no easy way to fix things. By preserving the integrity of the default templates, we can be assured they upgrade correctly during an upgrade. And if you are using a modified template, you can refer to the default template to identify changes and merge them with your custom template.

View the official feature change report for 3.2.1.

Thursday, May 29, 2014

Migrate your DNN gallery to 3.2

Back in March we announced there will be no further releases of the Gallery Server Pro DotNetNuke Module. Since that time a number of you have asked about migrating your DNN gallery to a stand-alone instance of Gallery Server Pro. Some of the data in the DNN gallery is specific to DNN, so we can’t use the built-in migration path. But a few days ago a customer running clockdoc.org hired me to migrate the data, so I was able to dig into the details about what was involved. It’s actually pretty easy so I thought I’d write up the steps so you can migrate your own DNN gallery.

As an alternative, you can hire me to do the migration. See the end for details.

  1. Start by logging in to your DNN gallery and turning off the auto sync feature if enabled (it’s on the Albums page in the site admin area). This prevents a sync from kicking off and deleting records before your new gallery is fully set up.

  2. Go to the Backup/Restore page and make a backup of your gallery data.

    If you aren’t using the user albums feature and your gallery has only a few users, uncheck the option Export user accounts before making the backup file. This option includes DNN roles like Translator (en-US) and Unverified Users, which you really don’t need in your new gallery. However, it also includes user profile data such as the user album assigned to each user, so you’ll need this data if you want to transfer the user albums.

    NOTE: I haven’t tested a DNN migration that includes the user accounts, so there may be unforeseen obstacles or it may not work at all. Let us know what you find.

  3. Install a new instance of the latest version of Gallery Server Pro using either SQL CE or SQL Server and configure an admin account.

  4. Copy the media files from your DNN gallery to the location you want to use in your new gallery. For example, the default media location is the gs\mediaobjects directory of the web application. If you have multiple galleries, you’ll have multiple locations.

  5. Log in to your new gallery and go to the Backup/Restore page. Restore the backup file you made in step 2. Once complete, DO NOT click anything until completing the following steps.

  6. In the database of your new gallery, manually delete all records in the GalleryControlSettings table. If using SQL Server, use a tool like SQL Server Management Studio. For SQL CE, use a tool like SQL Server Compact Toolbox.

  7. Manually delete all records from the GallerySettings table where SettingName=’EnableDotNetNukeSearch’ and SettingName=’PortalId’.

  8. In the GallerySettings table, look for the records where SettingName=’MediaObjectPath’. There will be at least two – one for the template gallery and one for your actual gallery. You can look in the Gallery table to figure out which gallery is the template gallery (it’s the one where IsTemplate=true).

    Update the one for the template gallery to something like ‘gs\mediaobjects’ – this is the default path that is used when you create a new gallery on the Manage galleries page.

    Update the path for your actual gallery to the place where you copied the media files earlier. If you have multiple galleries, update the path for each gallery. If you want, you can skip this step for now and instead do it on the Media Objects – General page, but you will get an application error if the gallery can’t find – or create – the path defined in the setting.

  9. Now navigate to your gallery in the browser. Because we emptied the GalleryControlSettings page, the gallery will assign the first non-template gallery to the default.aspx page. If this is incorrect, use the Manage galleries page to pick the right one. If you have multiple galleries, you can create additional pages and assign them to each gallery as needed.

  10. If you use the auto-sync feature, turn it back on.

That should complete the migration. Enjoy your new gallery and all the cool new features in v3!

If you don’t want to hassle with it yourself, hire me to do the migration. It is priced at four hours of custom work ($320). Contact me if you’re interested.