One of the neat things about the SIM tool was the ability to upload a package to a fresh install of Sitecore.  This was great for installing things like a 301 redirect module, WFFM, or anything else that was boilerplate for your instance.  With SIF, that functionality isn’t present out of the box.  But… now it exists!

We need to address this problem in a couple steps:

  1. We need to get a Sitecore Context
  2. We need to call the Sitecore.Installer.Installer.Install method.
  3. We need this to be secure.

Believe it or not, SIM did something very similar to this.

The Process

Create an ASMX in the sitecore folder in our instance.

This file will have the ability to install a package into your sitecore instance, which is nothing to shake a stick at.  We’ll need to secure this. I’ll use a two-step process:

  1. Put it at a random location, that only we know about
  2. Add an Access Key that will cause the process to silently fail if it doesn’t match

Here’s the file.

Notice lines 39 and 74 where we check for the token.  This bookmark is actually updated to a random value at creation, so there’s no way to guess it. If your attacker has file system access, you’ve likely got bigger problems than a rogue package.

Now that we have a way to install a package programmatically, we need to set this all up:

The SIF Module

This SIF Module is pretty straight forward. It does all of three things:

  1. Put the ASMX file in the sitecore folder
  2. Install the package
  3. Clean Up

Here’s the SIF module

I’ll let the comments speak for themselves in there. If you have a question, shoot a note in the comments, or hit me on twitter, or slack

Now that our modules exists, let’s run SIF with it

The SIF Config

The SiteName parameter is what you’d see in a normal SIF Config.  I’ve added in the InstallDirectory, per another blog post.  This allows for the flexibility of installing where you want to, rather than inetpub\wwwroot

When you run the following, you should see a flurry of activity and viola…your package is installed

You can grab all these files in a ZIP format here.

SUPER Props to Mike Skutta for putting something together that did a bulk of this lifting: