Tuesday, April 16, 2013

Hide Forms Pages from Anonymous Users – SharePoint 2010

When we enable anonymous access in a SharePoint Publishing site, SharePoint Forms pages are also accessible to anonymous users. That means users can browse pages library, content in custom lists, etc. If the website is a public facing site, this might not be the preferred behavior.
 
So one option to prevent anonymous users from accessing these pages is to set permissions accordingly. We can enable/disable anonymous access for individual lists. Here the advantage is we can let certain lists accessible by anonymous users, but on the other hand configuration needs to be done in each list individually.
 
Another option to restrict access to list views is to use out of the box feature called ViewFormsPagesLockdown Feature. View Forms Pages Lockdown Feature is a hidden feature, which if activated removes the View Application Pages permission, and the Use Remote Interfaces permission. The View Application Pages permission is the one that allows anonymous users to access Forms pages. So after activating this feature, when anonymous users try to access form pages by directly typing the URL, they will get Unauthorized Access message.
 
ViewFormPagesLockDown Feature:
 
 
In order to activate “ViewFormPagesLockDown” feature,
 
Enable-SPFeature -Identity 7c637b23-06c4-472d-9a9a-7c175762c5c4 -Url <site URL>
 
Note: If anonymous access was enabled before activating this feature, we need to disable and enable anonymous access again after this feature activation. Anonymous access settings can be changed form _layouts/setanon.aspx page.

No comments: