Anonymous Users, Forms Pages, and the Lockdown Feature

Securing MOSS 2007 Publishing Sites with Lockdown Mode

Sezai's Blog about Microsoft Office SharePoint Server 2007 — Sun, 13 May 2007 18:00:14 GMT

You can use Microsoft Office SharePoint Server 2007 for different types of purposes. MOSS 2007 is replacing

How to lockdown an Internet facing MOSS-based web site

Microsoft SharePoint Products and Technologies Team Blog — Tue, 15 May 2007 00:44:14 GMT

Since posting my blog entry about recently launched MOSS-based web sites on the Internet , I’ve received

re: Anonymous Users, Forms Pages, and the Lockdown Feature

Estyn — Tue, 15 May 2007 00:54:20 GMT

What is the best practice for setting up search once you have locked down the site? Should the search crawl the 'locked down' site or should you crawl a different copy of the site that isn't locked down and then map back to the anonymous site?

If I do a search on the tyler butler site for 'form' (http://www.tylerbutler.com/Search2/results.aspx?k=form&start1=21) I find that the results on page 3 link to pages that then prompt me to login. Security trimming is not working fully. I'm having the same issues with search on one of the sites that i'm developing. I can think of a few ways around this, but i'm wondering what the best practice for this is?

re: Anonymous Users, Forms Pages, and the Lockdown Feature

John Clark — Tue, 22 May 2007 08:36:35 GMT

This feature is not available for WSS3 only sites (at least I could not locate it). I therefore came up with an alternative approach.

You can use ASP.NET's authorization functionality to deny anonymous users access to pages. Adding entries like the following to the web.config file (next to the other <location > entries) will deny access for anonymous users:

<system.web>

</authorization>

</system.web>

</location>

This approach can be used to restrict anonymous user access to only those pages that you want them to access.

I don't know if this is recommended or supported, but it worked for me. I guess you would also need to copy the web.config file across all front-end servers in a farm scenario.

re: Anonymous Users, Forms Pages, and the Lockdown Feature

Philip Luke — Thu, 21 Jun 2007 18:07:40 GMT

Re the comment posted by John Clark.. can we restrict aspx pages based on the Sharepoint Group in this way? We need to have the ability for users to authenticate and have Contribute access (to allow them to submit Infopath Forms), but the Contribute Right also allows them access to the allitems.aspx page etc!!! We dont want them to see other forms submitted! We need to have the List Library functionality in the Forms Library!!! Why are they different!!! Help!!!!

re: Anonymous Users, Forms Pages, and the Lockdown Feature

ecmblog — Wed, 27 Jun 2007 00:49:19 GMT

@Philip Luke: I may be misunderstanding your problem, but you can either edit the "contribute" permission level, removing the ViewFormsPages right, or you can add a new permission level called "Contribute Forms," and give your users that permission level on the specific library you're trying to secure. I would recommend the second approach. In order for it to work, you'll need to break away permissions inheritance on the specific library, then give the users/groups only the "Contribute FOrms" perm. If you're OK with none of the users with contribute rights having the "View Forms Pages" permission on any of the other libraries even when logged in, then the first approach should work.

-Tyler Butler [MSFT]

re: Anonymous Users, Forms Pages, and the Lockdown Feature

Marko — Wed, 27 Jun 2007 22:28:30 GMT

So, is it confirmed that using this command is only possible in MOSS and not in WSS3?

re: Anonymous Users, Forms Pages, and the Lockdown Feature

ecmblog — Thu, 28 Jun 2007 19:20:20 GMT

@Marko: Yes, the ViewFormPagesLockdown Feature is a MOSS-only feature. You should be able to achieve the same thing in WSS, but you'll need to write code.

Tyler Butler [MSFT]

How to enable anonymous access for a site collection and disable anonymous access for sub-sites

Real-World SharePoint Experiences by John Powell — Wed, 11 Jul 2007 14:21:17 GMT

Suppose you want to have a site collection such as http://sharepoint.yourcompany.com that contains information

re: Anonymous Users, Forms Pages, and the Lockdown Feature

Amy — Wed, 25 Jul 2007 21:33:20 GMT

Can anyone tell me whether or not this solution would work with Sharepoint 2.0? I appreciate your help, advice, etc. Thanks in advance!

-----------------------------------------------------------------

This feature is not available for WSS3 only sites (at least I could not locate it). I therefore came up with an alternative approach.

<system.web>

</authorization>

</system.web>

</location>

This approach can be used to restrict anonymous user access to only those pages that you want them to access.

I don't know if this is recommended or supported, but it worked for me. I guess you would also need to copy the web.config file across all front-end servers in a farm scenario.

Securing SharePoint for internet facing sites

Site Chronicles by Christopher — Thu, 26 Jul 2007 00:22:18 GMT

First Read this blog post: http://blogs.msdn.com/ecm/archive/2007/05/12/anonymous-users-forms-pages-and

re: Anonymous Users, Forms Pages, and the Lockdown Feature

Hari — Thu, 02 Aug 2007 06:11:29 GMT

Hi Tyler,

"may be misunderstanding your problem, but you can either edit the "contribute" permission level, removing the ViewFormsPages right, or you can add a new permission level called "Contribute Forms," and give your users that permission level on the specific library you're trying to secure"

There does not seem a way to select only the "Add" permission ..When you choose it "View" also gets selected by default ...

Is there a way that you can create only "Add" permissions ?

MOSS 2007: Disable forms pages for anonymous users

Another day in the Office — Thu, 23 Aug 2007 05:43:22 GMT

I thought this article was important enough to highlight: If you're running an anonymously accessible

re: Anonymous Users, Forms Pages, and the Lockdown Feature

Anne — Wed, 19 Sep 2007 23:45:47 GMT

I have a group a people that need to view pages and provide comments on the data in the page via a collect feedback workflow. I do not want them to be able to access any site actions, such as viewing all site content. When they click on the button to provide feedback, they should be taken to the form to provide feedback. That is the only thing in the web site other than the pages they should be able to see. I don't see a "role" that fits this, can code be written to give a group such granular rights?

How to disable access for anonymous users on forms and application pages - ViewFormPagesLockDown

Donald Hessing — Tue, 25 Dec 2007 00:40:55 GMT

Recently I did a couple of projects on building public facing internet sites with MOSS 2007. I've

re: Anonymous Users, Forms Pages, and the Lockdown Feature

Yehiel — Tue, 01 Jan 2008 14:49:07 GMT

If I have Publishing web under Publishing site, anonymous works great for father (site) and still brings auth dialog for son (web). For other templates, like Team, it works without issues.Breaking the inheritance and explicit defining of anonymous access on son site doesn't help.

re: Anonymous Users, Forms Pages, and the Lockdown Feature

BJ — Sat, 12 Jan 2008 08:13:22 GMT

I applied the lockdown feature but now when clicking on a list item, it is prompting me to login in. How do I get around this?

re: Anonymous Users, Forms Pages, and the Lockdown Feature

Rassol — Thu, 13 Mar 2008 13:07:09 GMT

I have an issue with the redirection to Pages/default.aspx for anonymous users if I disable the View Application Pages.

For example, writing http://site.com should redirect me to http:// site.com/Pages/default.aspx

but when I disable View Application Pages it cannot redirect properly and stops at http://site.com/Pages/default.aspx

re: Anonymous Users, Forms Pages, and the Lockdown Feature

ErikBo — Fri, 23 May 2008 14:10:30 GMT

Does the ViewFormPagesLockDown work for MO FormServer?

Creare form raccolta dati utenti anonimi senza scrivere code-behind

All around Sharepoint — Tue, 24 Jun 2008 13:57:07 GMT

Lo scopo di questo post è quello di indirizzare la realizzazione dei form di raccolta dati fruibili da...

re: Anonymous Users, Forms Pages, and the Lockdown Feature

Peter B — Tue, 09 Sep 2008 12:53:08 GMT

How about a per-list, per-site override option?

Tech-Ed 2008 Session Content

Mirrored Blogs — Wed, 10 Sep 2008 14:18:01 GMT

Body: Tech-Ed seems like a distant memory now but it was actually only a week ago. I had an awesome time

Accès anonyme et les pages Forms / viewlsts.aspx...

Nicolas Humann — Tue, 07 Oct 2008 18:02:14 GMT

De plus en plus de site internet sont réalisés avec MOSS 2007. Pour les rendre accessibles à tous, il

What is Limited Access Anyway?

Mirrored Blogs — Mon, 03 Nov 2008 01:27:56 GMT

I've been working on a secret tech editing project for an up-coming book and it references this blog

InfoPath Form displayed on anonymous site causes login prompt

The SharePoint Farmer's Almanac — Tue, 13 Jan 2009 04:54:42 GMT

Had this one pop up for a second time today so thought I would blog it this time. Client created a public

re: Anonymous Users, Forms Pages, and the Lockdown Feature

AndLondon — Tue, 03 Feb 2009 16:26:54 GMT

I have a similar issue with the redirection to Pages/default.aspx for anonymous users.

For example, writing http://site.com/pages/ should redirect me to http:// site.com/Pages/default.aspx

but it redirects me to the forms login page _layouts/authenticate.aspx, then I get redirected to _layouts/accessdenied.aspx.

This site is for anonymous users and if I use the full url of

http://site.com/pages/default.aspx the page displays fine.

Any help or information on how to track what is going on would be appreciated,

Thanks

Andy