Skip to content

Instantly share code, notes, and snippets.

@MartinMiles

MartinMiles/SPE.Remoting.Permissions.config

Last active June 18, 2025 10:01
Show Gist options
  • Save MartinMiles/cdffeec6ffd446a52a991b310de0b416 to your computer and use it in GitHub Desktop.
Save MartinMiles/cdffeec6ffd446a52a991b310de0b416 to your computer and use it in GitHub Desktop.
Download ZIP
Three configs to enable SPE & Remoting on XM Cloud (requires `SPE_REMOTING_SECRET` set in the .env file). Put these three files under `App_Config/Include/zzz` folder
Raw
SPE.config
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/" xmlns:role="http://www.sitecore.net/xmlconfig/role/" xmlns:set="http://www.sitecore.net/xmlconfig/set/">
<sitecore role:require="XMCloud">
<powershell>
<userAccountControl>
<tokens>
<token name="Default" elevationAction="Block"/>
<token name="Console" expiration="00:55:00" elevationAction="Allow" patch:instead="*[@name='Console']"/>
<token name="ISE" expiration="00:55:00" elevationAction="Allow" patch:instead="*[@name='ISE']"/>
<token name="ItemSave" expiration="00:55:00" elevationAction="Allow" patch:instead="*[@name='ItemSave']"/>
</tokens>
</userAccountControl>
</powershell>
</sitecore>
</configuration>
Raw
SPE.Remoting.Permissions.config
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/">
<sitecore>
<pipelines>
<httpRequestBegin>
<!--
We replace the existing RequireAuthentication processor (to preserve all its attributes)
and add our IgnoreRules list underneath.
-->
<processor
patch:after="*[@type='Sitecore.Pipelines.HttpRequest.RequireAuthentication, Sitecore.Kernel']"
type="Sitecore.Pipelines.HttpRequest.RequireAuthentication, Sitecore.Kernel"
resolve="true">
<IgnoreRules hint="list:AddIgnoreRule">
<!-- skip all SPE paths under /sitecore modules/PowerShell -->
<prefix hint="spe">^/sitecore\smodules/PowerShell.*</prefix>
</IgnoreRules>
</processor>
</httpRequestBegin>
</pipelines>
</sitecore>
</configuration>
Raw
z.SPE.Remoting.config
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/" xmlns:set="http://www.sitecore.net/xmlconfig/set/">
<sitecore>
<powershell>
<services>
<remoting>
<patch:attribute name="enabled">true</patch:attribute>
<authorization>
<add Permission="Allow" IdentityType="User" Identity="sitecore\speremoting" />
</authorization>
<fileDownload>
<patch:attribute name="enabled">true</patch:attribute>
</fileDownload>
<mediaDownload>
<patch:attribute name="enabled">true</patch:attribute>
</mediaDownload>
</remoting>
<restfulv2>
<patch:attribute name="enabled">true</patch:attribute>
</restfulv2>
</services>
<authenticationProvider
type="Spe.Core.Settings.Authorization.SharedSecretAuthenticationProvider, Spe">
<detailedAuthenticationErrors>
<patch:delete />
</detailedAuthenticationErrors>
<detailedAuthenticationErrors>true</detailedAuthenticationErrors>
<!-- Provide a strong randomized shared secret in the environment variable 'SPE_REMOTING_SECRET'.
At least 64 characters is recommended, for example https://www.grc.com/passwords.htm -->
<sharedSecret>$(env:SPE_REMOTING_SECRET)</sharedSecret>
<allowedAudiences hint="list">
<!-- The audience is the host name of the Sitecore instance.
In XM Cloud an environment variable 'host' is available -->
<audience>https://$(env:host)</audience>
</allowedAudiences>
</authenticationProvider>
<userAccountControl>
<gates>
<gate name="ISE">
<patch:delete />
</gate>
<gate name="Console">
<patch:delete />
</gate>
<gate name="ItemSave">
<patch:delete />
</gate>
<gate name="ISE" token="Permissive" />
<gate name="Console" token="Permissive" />
<gate name="ItemSave" token="Permissive" />
</gates>
<tokens>
<token name="Permissive" expiration="00:00:00" elevationAction="Allow" />
</tokens>
</userAccountControl>
</powershell>
</sitecore>
</configuration>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment