Real-World SharePoint Experiences by John Powell

Suppose you want to have a site collection such as http://sharepoint.yourcompany.com that contains information about the SharePoint services you offer.  You want anyone to be able to browse the site without having to login. You can simply enable anonymous access by accessing Advanced Permissions in the site collection settings.  In the menu, select Anonymous Access.

If you don't have a menu item for anonymous access, then you will need to configure the web application to allow anonymous access.  In Central Administration, access Applications Management > Authentication Providers.  Click on the zone you would like to enable anonymous access for and check the Enable anonymous access box.  

When you set this option, anonymous access will also be enabled in IIS on your front-end servers.  The menu item for managing this feature also lights up.

Once anonymous access is enabled for the web application, you can then enable it for the site collection.  When you select the Anonymous Access menu item, you are presented with the following options:

Now suppose you want to have sites under the site collection for your potential customers to have play areas.  In this case, the permissions for each sub-site will be unique and cannot be accessed anonymously.  To accomplish this, you must disable anonymous access and customize permissions for each sub-site.

Logically, you would expect to follow the same steps outlined above, accessing the settings from the sub-site and changing the anonymous access to Nothing.  But it appears that the feature that enables the menu item for anonymous access at the site collection level, does not light up the menu item at the site level.  You will see a menu such as this:

The workaround for setting anonymous access at the site level is to access the anonymous access admin page (setanon.aspx) directly.  This admin page looks at the url to determine which site to set anonymous access for.  For example, to configure anonymous access for the sub-site, you would access http://sharepoint.mycompany.com/subsite-a/_layouts/setanon.aspx.  If you wanted to set anonymous access for the site collection, you would access http://sharepoint.mycompany.com/_layouts/setanon.aspx.  Many other admin pages are url context sensitive like this.

After accessing the setanon.aspx page, change anonymous access to Nothing.

Important: when you enable anonymous access, users will be able to access your view form pages without logging in.  For example: http://sharepoint.mycompany.com/pages/forms/allitems.aspx.  Depending on your requirements, this may not be desirable.  Fortunately, there is a view form lockdown feature that prevents anonymous users from accessing these forms.  Check out this excellent post on the Microsoft Enterprise Content Management blog.

This entry was posted on Tuesday, July 10th, 2007 at 7:21 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Suppose you want to have a site collection such as http://sharepoint.yourcompany.com that contains information about the SharePoint services you offer.  You want anyone to be able to browse the site without having to login. You can simply enable anonymous access by accessing Advanced Permissions in the site collection settings.  In the menu, select Anonymous Access.

If you don't have a menu item for anonymous access, then you will need to configure the web application to allow anonymous access.  In Central Administration, access Applications Management > Authentication Providers.  Click on the zone you would like to enable anonymous access for and check the Enable anonymous access box.  

When you set this option, anonymous access will also be enabled in IIS on your front-end servers.  The menu item for managing this feature also lights up.

Once anonymous access is enabled for the web application, you can then enable it for the site collection.  When you select the Anonymous Access menu item, you are presented with the following options:

Now suppose you want to have sites under the site collection for your potential customers to have play areas.  In this case, the permissions for each sub-site will be unique and cannot be accessed anonymously.  To accomplish this, you must disable anonymous access and customize permissions for each sub-site.

Logically, you would expect to follow the same steps outlined above, accessing the settings from the sub-site and changing the anonymous access to Nothing.  But it appears that the feature that enables the menu item for anonymous access at the site collection level, does not light up the menu item at the site level.  You will see a menu such as this:

The workaround for setting anonymous access at the site level is to access the anonymous access admin page (setanon.aspx) directly.  This admin page looks at the url to determine which site to set anonymous access for.  For example, to configure anonymous access for the sub-site, you would access http://sharepoint.mycompany.com/subsite-a/_layouts/setanon.aspx.  If you wanted to set anonymous access for the site collection, you would access http://sharepoint.mycompany.com/_layouts/setanon.aspx.  Many other admin pages are url context sensitive like this.

After accessing the setanon.aspx page, change anonymous access to Nothing.

Important: when you enable anonymous access, users will be able to access your view form pages without logging in.  For example: http://sharepoint.mycompany.com/pages/forms/allitems.aspx.  Depending on your requirements, this may not be desirable.  Fortunately, there is a view form lockdown feature that prevents anonymous users from accessing these forms.  Check out this excellent post on the Microsoft Enterprise Content Management blog.

This entry was posted on Tuesday, July 10th, 2007 at 7:21 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.