Wednesday, February 13, 2013

Anonymous users cannot view application-level pages


If you're developing an anonymously accessible SharePoint website, especially an internet-facing one, you may
have noticed that you're SharePoint Forms pages are also accessible to anonymous users. For example http://
SERVER/_layouts/viewlsts.aspx, _vti_bin web services etc. Typically we don't want this, so how do you prevent
anonymous users from accessing these pages? The following steps will help you to do it. This feature is known
as lock down feature which is by default enabled for publishing sites.
To enable this feature
First remove all anonymous access from the site.
Then open command prompt and go to the folder C:\Program Files\Common Files\Microsoft Shared\Web
Server Extensions\14\BIN
First check whether the feature is activated or not; you can use the command below to check it
get-spfeature -site http://url
If ViewFormPagesLockDown is listed, it's enabled.
If not listed you have to enable it with the command below
To activate the Activate Feature:
stsadm -o activatefeature -url -filename ViewFormPagesLockDown\feature.xml

No comments:

Popular Posts

Disclaimer

The opinions expressed on this blog are the personal views of Pratik's SharePoint Blog, and do not represent or reflect the viewpoints or policies of any past, present, or future employer, colleague, or customer, or any other entity. The posts on this blog are provided ‘as is’ with no warranties, express or implied, and confer no rights. Use of information contained within this blog, including specific technical steps mentioned herein, is at your own risk. References to specific software products, processes, resources, or companies do not imply any endorsement.