Anonymous Access<br />Everything you always wanted to know, but didn&apos;t know to ask <br />Paul Papanek Stork, SharePoi...
About the Speaker…<br />Paul Papanek Stork, MVP, MCT, MCSE+I, MCSA, MCSD, MCDBA, MCITP, MCPD<br />Senior Instructor/Consul...
Agenda<br />Configuring Anonymous Access<br />How Anonymous Access Works<br />Advanced Configuration<br />Problem Workarou...
Basic Configuration<br />IIS Configuration<br />Turn on in IIS manager or Central Admin<br />Web Site<br />Choose Entire W...
How It Works<br />Does not use IUSR_computernameaccount<br />Uses Limited Access permission level<br />Potential problems ...
Configuring Anonymous Access<br />This demo will explore the basic techniques used for configuring anonymous access.  We w...
Advanced Configuration<br />Securing specific files in an anonymous access site.<br />Enabling Browsing and Read/Write acc...
Requiring Authentication for Specific Files<br />Anonymous Access not configurable at the List Item or File level<br />Lis...
Write Access to Lists <br />Lists and Libraries doesn’t allow access to root URL<br />Solution:<br />Configure Web Access ...
Security on 12 hive files<br />Turn off ViewFormPagesLockdown Feature<br />UnsecuredLayoutsPageBase class<br />Abstract cl...
Advanced Configuration Techniques<br />This demo will explore some of the advanced configuration techniques available when...
Problem Work Arounds<br />Access to _Layouts pages<br />Remove Inherits= <br />Subclass UnsecuredLayoutsPageBase<br />Anon...
Problem Workarounds<br />This will demonstrate some of the potential workarounds for problems encountered when configuring...
Upcoming SlideShare
Loading in …5
×

Anonymous Access T08 Paul Stork

1,720 views
1,677 views

Published on

Anonymous Access: Everything you always wanted to know, but didn't know to ask
Enabling Anonymous Access in SharePoint isn’t just a matter of flipping a switch in IIS manager. Anonymous Access must be enabled in IIS and then configured in SharePoint. But there are also situations where this basic configuration isn't sufficient. In this talk we’ll review how to enable and configure anonymous access for SharePoint web sites, lists, and libraries. Then we'll turn our attention to strategies that can be used overcome specific problems with SharePoint anonymous access. We'll demonstrate solutions and workarounds for questions like:
1) How do you require authentication for some items while maintaining anonymous access for the rest?
2) What content from a personal MySite can be accessed via anonymous access?
3) How do you enable anonymous responses to a discussion list?
4) Can BLOGS and Wiki sites be used in an anonymous access site collection?

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,720
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Enabling Anonymous Access in SharePoint isn’t just a matter of flipping a switch. Anonymous Access must be turned on in IIS and then configured in SharePoint. In addition to this basic configuration there are a variety of ways that SharePoint can be tweaked to fine tune how anonymous access works. In this talk we’ll review how to enable and configure anonymous access for SharePoint web sites, lists, and libraries. We’ll also look at the Best Practices involved with controlling anonymous access to specific files, search results, discussions, and other SharePoint capabilities. Finally, we’ll examine how to do all this within the context of a secure web site.
  • Lockdown: stsadm -o deactivatefeature -url http://mysitecollection -filename ViewFormPagesLockDownfeature.xml
  • Typically, you create a class in a code behind (.aspx.cs) file that derives from UnsecuredLayoutsPageBase. Your .aspx file, in turn, inherits from your custom page class. For example, the c:Program FilesMicrosoft Sharedweb server extenstions12TEMPLATELAYOUTSlogin.aspx page that ships with Windows SharePoint Services 3.0 inherits from an internal class named LoginPage which itself inherits from UnsecuredLayoutsPageBase.http://community.bamboosolutions.com/blogs/bambooteamblog/archive/2008/10/15/secure-a-sharepoint-application-page.aspx
  • Declarative workflows run as the person who triggered the workflow either manually, or by adding or editing an item. • Individual workflow actions can be made to elevate permissions. • The RTM version of the server allowed workflows to run as SharePoint System, but had a security vulnerability. • In SP1 the security problem was fixed, but declarative workflows can no longer be triggered by the SharePoint System account. • In the SharePoint Infrastructure public update box administrators can allow email enabled lists to trigger workflows as the last person to save the workflow when an item is created via email. Run “stsadm.exe –o setproperty –propertynamedeclarativeworkflowautostartonemailenabled –propertyvalue yes” on the patched server to enable this. So when building a declarative workflow take a moment to consider under what user context the workflow is running so you can better plan what the workflow is able to do.
  • Anonymous Access T08 Paul Stork

    1. 1. Anonymous Access<br />Everything you always wanted to know, but didn&apos;t know to ask <br />Paul Papanek Stork, SharePoint Server MVP, MCT, MCSE+I, MCSA, MCSD, MCDBA, MCITP, MCPD<br />Paul.Stork@Mindsharp.com<br />
    2. 2. About the Speaker…<br />Paul Papanek Stork, MVP, MCT, MCSE+I, MCSA, MCSD, MCDBA, MCITP, MCPD<br />Senior Instructor/Consultant at Mindsharp<br />http://www.mindsharp.com<br />Paul.Stork@mindsharp.com<br />Contributing Author, Developer’s Guide to Windows SharePoint Services 3.0 & Microsoft Office SharePoint Server 2007 Best Practices<br />Author, upcoming October 2009MCTS: Windows SharePoint Services 3.0 Configuration Study Guide (70-631) by Wiley<br />
    3. 3. Agenda<br />Configuring Anonymous Access<br />How Anonymous Access Works<br />Advanced Configuration<br />Problem Workarounds<br />Unresolved Problems<br />
    4. 4. Basic Configuration<br />IIS Configuration<br />Turn on in IIS manager or Central Admin<br />Web Site<br />Choose Entire Web (Read Only)<br />Lists and Libraries<br />Lists and Libraries<br />View Only for Libraries<br />Add, View, Edit, and Delete for Lists<br />
    5. 5. How It Works<br />Does not use IUSR_computernameaccount<br />Uses Limited Access permission level<br />Potential problems (example Search Results page)<br />Inheriting from LayoutsPageBase prevents non-authenticated access<br />ViewFormPagesLockdown Feature prevents access to _Layout pages like AllItems.aspx<br />Anonymous Access permissions granted to users on All Zones<br />
    6. 6. Configuring Anonymous Access<br />This demo will explore the basic techniques used for configuring anonymous access. We will also look at some of the potential problems.<br />
    7. 7. Advanced Configuration<br />Securing specific files in an anonymous access site.<br />Enabling Browsing and Read/Write access to anonymous lists.<br />Verifying security on 12 hive files<br />
    8. 8. Requiring Authentication for Specific Files<br />Anonymous Access not configurable at the List Item or File level<br />List Items and Files INHERIT permissions from Lists or Libraries<br />Breaking Inheritance will require Authentication to access the List Item or File<br />
    9. 9. Write Access to Lists <br />Lists and Libraries doesn’t allow access to root URL<br />Solution:<br />Configure Web Access First<br />Break Inheritance on List/Library<br />Configure List Anonymous Access<br />
    10. 10. Security on 12 hive files<br />Turn off ViewFormPagesLockdown Feature<br />UnsecuredLayoutsPageBase class<br />Abstract class<br />Create inherited class for custom pages<br />
    11. 11. Advanced Configuration Techniques<br />This demo will explore some of the advanced configuration techniques available when configuring anonymous access in SharePoint.<br />
    12. 12. Problem Work Arounds<br />Access to _Layouts pages<br />Remove Inherits= <br />Subclass UnsecuredLayoutsPageBase<br />Anonymous Access MySite<br />Grant Anonymous Access to child site of MySite<br />Declarative (SPD) Workflows (post SP1)<br />Submission by eMail fires workflow<br />BLOG comments<br />CodeplexAnonymous Comment Feature for SharePoint Blog <br />
    13. 13. Problem Workarounds<br />This will demonstrate some of the potential workarounds for problems encountered when configuring anonymous access.<br />
    14. 14. Unresolved Problems<br />Anonymous File Upload<br />Read/Write Access is allowed to lists, but not libraries<br />Potential Workaround – Anonymous Access Membership provider<br />Access to MySite root<br />Redirection logic requires authentication<br />No Potential Workaround<br />
    15. 15. Thank you for attending!<br />Please be sure to fill out <br />your session evaluation!<br />

    ×