When
we enable anonymous access in a SharePoint Publishing site, SharePoint Forms
pages are also accessible to anonymous users. That means users can browse pages
library, content in custom lists, etc. If the website is a public facing site,
this might not be the preferred behavior.
So
one option to prevent anonymous users from accessing these pages is to set
permissions accordingly. We can enable/disable anonymous access for individual
lists. Here the advantage is we can let certain lists accessible by anonymous
users, but on the other hand configuration needs to be done in each list
individually.
Another
option to restrict access to list views is to use out of the box feature called
ViewFormsPagesLockdown Feature. View Forms Pages Lockdown Feature is a hidden
feature, which if activated removes the View Application Pages permission, and
the Use Remote Interfaces permission. The View Application Pages permission is
the one that allows anonymous users to access Forms pages. So after activating
this feature, when anonymous users try to access form pages by directly typing
the URL, they will get Unauthorized Access message.
ViewFormPagesLockDown
Feature:
In
order to activate “ViewFormPagesLockDown” feature,
Enable-SPFeature
-Identity 7c637b23-06c4-472d-9a9a-7c175762c5c4 -Url <site URL>
Note:
If anonymous access was enabled before activating this feature, we need to
disable and enable anonymous access again after this feature activation. Anonymous
access settings can be changed form _layouts/setanon.aspx page.
No comments:
Post a Comment