Wednesday, February 13, 2013

Anonymous users cannot view application-level pages

If you're developing an anonymously accessible SharePoint website, especially an internet-facing one, you may
have noticed that you're SharePoint Forms pages are also accessible to anonymous users. For example http://
SERVER/_layouts/viewlsts.aspx, _vti_bin web services etc. Typically we don't want this, so how do you prevent
anonymous users from accessing these pages? The following steps will help you to do it. This feature is known
as lock down feature which is by default enabled for publishing sites.
To enable this feature
First remove all anonymous access from the site.
Then open command prompt and go to the folder C:\Program Files\Common Files\Microsoft Shared\Web
Server Extensions\14\BIN
First check whether the feature is activated or not; you can use the command below to check it
get-spfeature -site http://url
If ViewFormPagesLockDown is listed, it's enabled.
If not listed you have to enable it with the command below
To activate the Activate Feature:
stsadm -o activatefeature -url -filename ViewFormPagesLockDown\feature.xml

No comments: