Anonymous Access T08 Paul Stork
Upcoming SlideShare
Loading in...5

Anonymous Access T08 Paul Stork



Anonymous Access: Everything you always wanted to know, but didn't know to ask ...

Anonymous Access: Everything you always wanted to know, but didn't know to ask
Enabling Anonymous Access in SharePoint isn’t just a matter of flipping a switch in IIS manager. Anonymous Access must be enabled in IIS and then configured in SharePoint. But there are also situations where this basic configuration isn't sufficient. In this talk we’ll review how to enable and configure anonymous access for SharePoint web sites, lists, and libraries. Then we'll turn our attention to strategies that can be used overcome specific problems with SharePoint anonymous access. We'll demonstrate solutions and workarounds for questions like:
1) How do you require authentication for some items while maintaining anonymous access for the rest?
2) What content from a personal MySite can be accessed via anonymous access?
3) How do you enable anonymous responses to a discussion list?
4) Can BLOGS and Wiki sites be used in an anonymous access site collection?



Total Views
Views on SlideShare
Embed Views



1 Embed 4 4



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • Enabling Anonymous Access in SharePoint isn’t just a matter of flipping a switch. Anonymous Access must be turned on in IIS and then configured in SharePoint. In addition to this basic configuration there are a variety of ways that SharePoint can be tweaked to fine tune how anonymous access works. In this talk we’ll review how to enable and configure anonymous access for SharePoint web sites, lists, and libraries. We’ll also look at the Best Practices involved with controlling anonymous access to specific files, search results, discussions, and other SharePoint capabilities. Finally, we’ll examine how to do all this within the context of a secure web site.
  • Lockdown: stsadm -o deactivatefeature -url http://mysitecollection -filename ViewFormPagesLockDownfeature.xml
  • Typically, you create a class in a code behind (.aspx.cs) file that derives from UnsecuredLayoutsPageBase. Your .aspx file, in turn, inherits from your custom page class. For example, the c:Program FilesMicrosoft Sharedweb server extenstions12TEMPLATELAYOUTSlogin.aspx page that ships with Windows SharePoint Services 3.0 inherits from an internal class named LoginPage which itself inherits from UnsecuredLayoutsPageBase.
  • Declarative workflows run as the person who triggered the workflow either manually, or by adding or editing an item. • Individual workflow actions can be made to elevate permissions. • The RTM version of the server allowed workflows to run as SharePoint System, but had a security vulnerability. • In SP1 the security problem was fixed, but declarative workflows can no longer be triggered by the SharePoint System account. • In the SharePoint Infrastructure public update box administrators can allow email enabled lists to trigger workflows as the last person to save the workflow when an item is created via email. Run “stsadm.exe –o setproperty –propertynamedeclarativeworkflowautostartonemailenabled –propertyvalue yes” on the patched server to enable this. So when building a declarative workflow take a moment to consider under what user context the workflow is running so you can better plan what the workflow is able to do.

Anonymous Access T08 Paul Stork Anonymous Access T08 Paul Stork Presentation Transcript

  • Anonymous Access
    Everything you always wanted to know, but didn't know to ask
    Paul Papanek Stork, SharePoint Server MVP, MCT, MCSE+I, MCSA, MCSD, MCDBA, MCITP, MCPD
  • About the Speaker…
    Paul Papanek Stork, MVP, MCT, MCSE+I, MCSA, MCSD, MCDBA, MCITP, MCPD
    Senior Instructor/Consultant at Mindsharp
    Contributing Author, Developer’s Guide to Windows SharePoint Services 3.0 & Microsoft Office SharePoint Server 2007 Best Practices
    Author, upcoming October 2009MCTS: Windows SharePoint Services 3.0 Configuration Study Guide (70-631) by Wiley
  • Agenda
    Configuring Anonymous Access
    How Anonymous Access Works
    Advanced Configuration
    Problem Workarounds
    Unresolved Problems
  • Basic Configuration
    IIS Configuration
    Turn on in IIS manager or Central Admin
    Web Site
    Choose Entire Web (Read Only)
    Lists and Libraries
    Lists and Libraries
    View Only for Libraries
    Add, View, Edit, and Delete for Lists
  • How It Works
    Does not use IUSR_computernameaccount
    Uses Limited Access permission level
    Potential problems (example Search Results page)
    Inheriting from LayoutsPageBase prevents non-authenticated access
    ViewFormPagesLockdown Feature prevents access to _Layout pages like AllItems.aspx
    Anonymous Access permissions granted to users on All Zones
  • Configuring Anonymous Access
    This demo will explore the basic techniques used for configuring anonymous access. We will also look at some of the potential problems.
  • Advanced Configuration
    Securing specific files in an anonymous access site.
    Enabling Browsing and Read/Write access to anonymous lists.
    Verifying security on 12 hive files
  • Requiring Authentication for Specific Files
    Anonymous Access not configurable at the List Item or File level
    List Items and Files INHERIT permissions from Lists or Libraries
    Breaking Inheritance will require Authentication to access the List Item or File
  • Write Access to Lists
    Lists and Libraries doesn’t allow access to root URL
    Configure Web Access First
    Break Inheritance on List/Library
    Configure List Anonymous Access
  • Security on 12 hive files
    Turn off ViewFormPagesLockdown Feature
    UnsecuredLayoutsPageBase class
    Abstract class
    Create inherited class for custom pages
  • Advanced Configuration Techniques
    This demo will explore some of the advanced configuration techniques available when configuring anonymous access in SharePoint.
  • Problem Work Arounds
    Access to _Layouts pages
    Remove Inherits=
    Subclass UnsecuredLayoutsPageBase
    Anonymous Access MySite
    Grant Anonymous Access to child site of MySite
    Declarative (SPD) Workflows (post SP1)
    Submission by eMail fires workflow
    BLOG comments
    CodeplexAnonymous Comment Feature for SharePoint Blog
  • Problem Workarounds
    This will demonstrate some of the potential workarounds for problems encountered when configuring anonymous access.
  • Unresolved Problems
    Anonymous File Upload
    Read/Write Access is allowed to lists, but not libraries
    Potential Workaround – Anonymous Access Membership provider
    Access to MySite root
    Redirection logic requires authentication
    No Potential Workaround
  • Thank you for attending!
    Please be sure to fill out
    your session evaluation!