Dostęp anonimowy, Soft, Info, SharePoint
[ Pobierz całość w formacie PDF ]
Configuring Anonymous Access for Web Applications & Sites - SharePoint Platform...
Strona 1 z 6
SharePoint
Platform
Practice - Home
DLC's
SharePoint Platform Team
Blog
Sign
In
DLC's SharePoint Platform Practice
>
SharePoint Platform Team Blog
Tools
RSS Feed
Categories
Administration
Development
Extranet / Internet
Blogs / Wikis / RSS
Security & Access
Control
Customization
SharePoint & Office
Client Applications
SharePoint Designer
Team Blog News
Displaying Data
Other Blogs
Contact Us
Recent Posts
Taming SharePoint
Trace Logs
XSLT Data Views –
Dump Data Source
XML
Taming SharePoint
Trace Logs
DataFormWebPart,
ListViewWebPart &
DataViewWebPart
Clarification
SharePoint Blogs Part
III: Blogging from
Word
SharePoint Blogs Part
II: UI Customization
SharePoint Blogs Part
I: Blog Access
Control, Built-In
Groups & Anonymous
Users
Configuring
Anonymous Access
for Web Applications
& Sites
Considerations for
Supporting Multiple
Web Presence Sites
Opening Post
Post Archives
Coming Soon!
2/12/2007
Configuring Anonymous Access for Web Applications & Sites
Enabling anonymous access to a SharePoint site really means "enabling limited access to a
site". Unless you remove "lockdown" mode from your site collection and edit the "Limited
Access" permission level, it is not even possible for anonymous users to access administration
pages such as "Site Settings". It is hard to image a circumstance where you would grant the
equivalent of the "full control" permission level to an anonymous user. Among other things,
such access would allow anonymous users the ability to replace your web pages with their own.
IIS Configuration
Microsoft SharePoint
Team Blog
Microsoft ECM
Team
Paul Andrew,
Microsoft WF
Product Manager
Jan Tielen
Joel Oleson's
SharePoint Land
Andrew May
Lawrence Liu
Alexander Malek
Heather Solomon
Chris Johnson
Angus Logan
John Milan
Daniel Larson
Karthik's Blog
Harshawardhan
Chiplonkar
Keith Richie
Lamont Harrington
Steve Sofian
Mohamed Zaki
Patrick Tisseghem
Arno Nel
Kristian Kalsing
Tobias Zimmergren
Mike Hamilton
Liam Cleary
Martin Kearn
Ton Stegeman
Ishai Sagi
Scott Hillier
Jim Schwartz
The first step in allowing anonymous access for a SharePoint site is to enable it for the web
application that hosts the site. So, first find the IIS Web Site that supports the web application.
You can find this by opening the "Web Application List" from SharePoint Central
Administration as shown below:
Once you have the URL for the web application, you can find the supporting web site in IIS
Manager.
Next:
z
Open IIS Management (or keep it open)
z
Bring up the properties dialog of the web site that supports the web application for which
you want to enable anonymous access
z
Select the Directory and Security Tab
(More Links...)
z
Check "Enable anonymous access". Keep the "Authenticated access" group of settings as
they currently are, since they only govern authenticated access to your site. As discussed
2008-03-06
Configuring Anonymous Access for Web Applications & Sites - SharePoint Platform...
Strona 2 z 6
in the intro to this post, you will still need authenticated access to your site.
At this point, you are done with configuration in IIS.
SharePoint Web Application Administration
Next, you will enable anonymous access for the web application from SharePoint Central
Administration:
z
Go to Central Administration
z
Click on the "Application Management" tab
z
Under the "Application Security" section, click the "Authentication Providers" link
z
The "Authentication Providers" page will appear
2008-03-06
Configuring Anonymous Access for Web Applications & Sites - SharePoint Platform...
Strona 3 z 6
z
Choose the web application for which you will allow anonymous access:
z
Click on the default zone
z
The "Edit Authentication" page will now appear. Check the "enable anonymous access"
box, and click "Save"
Note
: In WSS 3.0, there is only a "default" zone, so you cannot have different authentication
methods by zone as you can in MOSS.
Setting Anonymous Access for a Site
While you have enabled anonymous access at the web application level, you still must enable it
for specific sites within the application. The nice thing about this is that you can allow or
disallow anonymous access on a site-by-site basis
z
Return to your site's home page and navigate to the site settings page.
z
In MOSS, this is under Site Actions
Æ
Site Settings
Æ
Modify All Site Settings.
z
In WSS, it's under
Site Actions
–
Site Settings
.
z
Under the "Users and Permissions" section click on "Advanced permissions"
z
On the "Settings" drop down menu (on the toolbar) select "Anonymous Access"
2008-03-06
Configuring Anonymous Access for Web Applications & Sites - SharePoint Platform...
Strona 4 z 6
z
Select the option you want anonymous users to have (full access or documents and lists
only), and click "OK"
Anonymous User Permissions
Unlike all other users, anonymous users belong to no group. For authenticated users, site
permissions are determined either by directly associating a "permission level" such as "Full
Control", "Design", "Contribute", and "Read" with a user, or by associating the user with a
group, which in turn is associated with a permission level. Permission levels contain a
collection of fine-grained permissions that are much expanded over SharePoint 2003.
To view permission levels for your site:
z
Go to "Site Settings" for your site
z
Click on "Advanced Permissions" under the "Users and Permissions" heading, and you
will see the following:
z
Click on the "Settings" tab, and then choosing "Permission Levels" , and you will see the
following:
2008-03-06
Configuring Anonymous Access for Web Applications & Sites - SharePoint Platform...
Strona 5 z 6
z
Click on any one of these permission levels to see the list of permissions for the level. Try
clicking on the "Limited Access" permission level, and you will see the following:
There is no way to understand this from any administration page (that I know of), but
anonymous users are directly associated with the "Limited Access" permission level. By
default, for most site definitions, the "Limited Access" permission level cannot be modified.
That is because most out-of-the-box site definitions specify a "lockdown mode", which is a
collection of security permissions meant to serve as a secure baseline for any site generated
from the site definition. This permission level can be made editable (or non-editable) by using
ststadm.exe as follows:
z
To allow modification of the lockdown mode:
stsadm.exe –o deactivatefeature –url <site collection url> -filename
ViewFormPagesLockdown\feature.xml
z
To
disallow
modification of the lockdown mode:
stsadm.exe –o activatefeature –url <site collection url> -filename
ViewFormPagesLockdown\feature.xml
At this point, you have opened your site for anonymous access, or to be precise, partial
anonymous access.
Much of your access control configuration tasks will be focuses on expanding or contracting
anonymous permissions. While our
next post
focuses on this topic in the context of a blog site,
you will find that it (hopefully) explains key concepts that are application to any site.
Posted at 11:31 AM by mparsons | Category:
Administration
;
Security & Access Control
;
Extranet / Internet
|
Permalink
|
Email this Post
|
Comments (3)
Comments
Re: Configuring Anonymous Access for Web Applications & Sites
Thanks, it was Very Helpful.
2008-03-06
[ Pobierz całość w formacie PDF ]