Search

Anonymous Access T08 Paul Stork

Loading...

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

0 comments

Post a comment

    Post a comment
    Embed Video
    Edit your comment Cancel

    Notes on slide 1

    Enabling Anonymous Access in SharePoint isn’t just a matter of flipping a switch. Anonymous Access must be turned on in IIS and then configured in SharePoint. In addition to this basic configuration there are a variety of ways that SharePoint can be tweaked to fine tune how anonymous access works. In this talk we’ll review how to enable and configure anonymous access for SharePoint web sites, lists, and libraries. We’ll also look at the Best Practices involved with controlling anonymous access to specific files, search results, discussions, and other SharePoint capabilities. Finally, we’ll examine how to do all this within the context of a secure web site.

    Lockdown: stsadm -o deactivatefeature -url http://mysitecollection -filename ViewFormPagesLockDownfeature.xml

    Typically, you create a class in a code behind (.aspx.cs) file that derives from UnsecuredLayoutsPageBase. Your .aspx file, in turn, inherits from your custom page class. For example, the c:Program FilesMicrosoft Sharedweb server extenstions12TEMPLATELAYOUTSlogin.aspx page that ships with Windows SharePoint Services 3.0 inherits from an internal class named LoginPage which itself inherits from UnsecuredLayoutsPageBase.http://community.bamboosolutions.com/blogs/bambooteamblog/archive/2008/10/15/secure-a-sharepoint-application-page.aspx

    Declarative workflows run as the person who triggered the workflow either manually, or by adding or editing an item. • Individual workflow actions can be made to elevate permissions. • The RTM version of the server allowed workflows to run as SharePoint System, but had a security vulnerability. • In SP1 the security problem was fixed, but declarative workflows can no longer be triggered by the SharePoint System account. • In the SharePoint Infrastructure public update box administrators can allow email enabled lists to trigger workflows as the last person to save the workflow when an item is created via email. Run “stsadm.exe –o setproperty –propertynamedeclarativeworkflowautostartonemailenabled –propertyvalue yes” on the patched server to enable this. So when building a declarative workflow take a moment to consider under what user context the workflow is running so you can better plan what the workflow is able to do.

    Favorites, Groups & Events

    Anonymous Access T08 Paul Stork - Presentation Transcript

    1. Anonymous Access
      Everything you always wanted to know, but didn't know to ask
      Paul Papanek Stork, SharePoint Server MVP, MCT, MCSE+I, MCSA, MCSD, MCDBA, MCITP, MCPD
      Paul.Stork@Mindsharp.com
    2. About the Speaker…
      Paul Papanek Stork, MVP, MCT, MCSE+I, MCSA, MCSD, MCDBA, MCITP, MCPD
      Senior Instructor/Consultant at Mindsharp
      http://www.mindsharp.com
      Paul.Stork@mindsharp.com
      Contributing Author, Developer’s Guide to Windows SharePoint Services 3.0 & Microsoft Office SharePoint Server 2007 Best Practices
      Author, upcoming October 2009MCTS: Windows SharePoint Services 3.0 Configuration Study Guide (70-631) by Wiley
    3. Agenda
      Configuring Anonymous Access
      How Anonymous Access Works
      Advanced Configuration
      Problem Workarounds
      Unresolved Problems
    4. Basic Configuration
      IIS Configuration
      Turn on in IIS manager or Central Admin
      Web Site
      Choose Entire Web (Read Only)
      Lists and Libraries
      Lists and Libraries
      View Only for Libraries
      Add, View, Edit, and Delete for Lists
    5. How It Works
      Does not use IUSR_computernameaccount
      Uses Limited Access permission level
      Potential problems (example Search Results page)
      Inheriting from LayoutsPageBase prevents non-authenticated access
      ViewFormPagesLockdown Feature prevents access to _Layout pages like AllItems.aspx
      Anonymous Access permissions granted to users on All Zones
    6. Configuring Anonymous Access
      This demo will explore the basic techniques used for configuring anonymous access. We will also look at some of the potential problems.
    7. Advanced Configuration
      Securing specific files in an anonymous access site.
      Enabling Browsing and Read/Write access to anonymous lists.
      Verifying security on 12 hive files
    8. Requiring Authentication for Specific Files
      Anonymous Access not configurable at the List Item or File level
      List Items and Files INHERIT permissions from Lists or Libraries
      Breaking Inheritance will require Authentication to access the List Item or File
    9. Write Access to Lists
      Lists and Libraries doesn’t allow access to root URL
      Solution:
      Configure Web Access First
      Break Inheritance on List/Library
      Configure List Anonymous Access
    10. Security on 12 hive files
      Turn off ViewFormPagesLockdown Feature
      UnsecuredLayoutsPageBase class
      Abstract class
      Create inherited class for custom pages
    11. Advanced Configuration Techniques
      This demo will explore some of the advanced configuration techniques available when configuring anonymous access in SharePoint.
    12. Problem Work Arounds
      Access to _Layouts pages
      Remove Inherits=
      Subclass UnsecuredLayoutsPageBase
      Anonymous Access MySite
      Grant Anonymous Access to child site of MySite
      Declarative (SPD) Workflows (post SP1)
      Submission by eMail fires workflow
      BLOG comments
      CodeplexAnonymous Comment Feature for SharePoint Blog
    13. Problem Workarounds
      This will demonstrate some of the potential workarounds for problems encountered when configuring anonymous access.
    14. Unresolved Problems
      Anonymous File Upload
      Read/Write Access is allowed to lists, but not libraries
      Potential Workaround – Anonymous Access Membership provider
      Access to MySite root
      Redirection logic requires authentication
      No Potential Workaround
    15. Thank you for attending!
      Please be sure to fill out
      your session evaluation!

    + pstorkpstork, 4 months ago

    custom

    417 views, 0 favs, 0 embeds more stats

    Anonymous Access: Everything you always wanted to k more

    More info about this document

    © All Rights Reserved

    Go to text version

    • Total Views 417
      • 417 on SlideShare
      • 0 from embeds
    • Comments 0
    • Favorites 0
    • Downloads 2
    Most viewed embeds

    more

    All embeds

    less

    Flagged as inappropriate Flag as inappropriate
    Flag as inappropriate

    Select your reason for flagging this presentation as inappropriate. If needed, use the feedback form to let us know more details.

    Cancel
    File a copyright complaint
    Having problems? Go to our helpdesk?

    Categories

    -->
    Search
    RSS Feed
    What's new?

    © 2009 SlideShare Inc. All Rights Reserved