Posts Tagged ‘publishing’
Enabling Anonymous Access on an Internet-Facing MOSS Portal
If you are using the publishing features of SharePoint on an internet-facing portal, you probably need to enable anonymous access.
It’s a quick two-step process:
A. Edit Authentication Providers
- Go to Central Administration and then Application Management.
- Under SharePoint Web Application Management click Web application list.
- Select the web application on which you want to enable anonymous access.
- Under Application Security select Authentication providers.
- Click the zone you want edit (probably Default).
- Check the box Enable anonymous access and click Save:
B. Enable Anonymous Access at Site Collection Level
- Go back to your site and go to Site Settings – at site collection level.
- Under Users and Permissions click Advanced permissions.
- In the Settings drop-down menu select Anonymous Access.
- Click Entire Web site (or whatever applies to your setup) and click OK:
Remember, hardening your internet-facing MOSS installation is essential to shield your portal against intruders.
ViewFormPagesLockDown Does not Kick In
Hardening your internet-facing MOSS installation is essential to avoid attacks. Check out Microsoft’s excellent guide which takes you through most of the steps required to shield your portal against intruders.
However, if your portal wasn’t born as a publishing portal, all anonymous users will have access to AllItems.aspx, DispForm.aspx and other pages that you probably don’t want outside users to see. For instance, you may have created a newsletter signup web part which posts data to a list (using elevation). In time, the list fills up with more or less sensitive information about your newsletter subscribers and you probably don’t want this information to end up in the wrong hands.
Unfortunately, it is quite easy for someone with just a litte SharePoint experience to guess the path to e.g. the AllItems.aspx page of a SharePoint list:
And if your portal is not locked down, all list items will be there for the taking.
ViewFormPagesLockDown
Stsadm comes to the rescue yet again. To activate the lockdown, simply run this stsadm command:
stsadm -o activatefeature -url <site collection url> -filename ViewFormPagesLockDown\feature.xml
If you get the “Operation completed successfully”-message, you’re in business.
Well, almost…
The final step
You’ll probably find that the new feature still hasn’t kicked in. Fear not, you simply need to deactivate and reactivate anonymous access on the portal.
