Archive for January, 2010

SharePoint 2007: Remove / Disbale Anonymous Access From Browsing Application Pages / Document Library

Issue:

We enable anonymous access of one of our site collections. The concern was that anonymous users were able to access application pages of the site. Like anonymous users were able to browse “All Site Contents” by adding “_layouts/viewlsts.aspx” to the URL. This also give them ability to browse document libraries, lists etc.

Resolution:

First solution is in two steps:

  1. Enable LockDown Feature using command:

    stsadm –o activatefeature -filename ViewFormPagesLockdown\feature.xml –url <SiteCollectionURL>

  2. Disbale and enable anonymous access by setting it to “Nothing” and then again back to “Entire Web Site”.

Second solution is add following lines in web.config where <location=path…> exist:

<location path=”_layouts/viewlsts.aspx”>

<system.web>

<authorization>

              <deny users=”?” />

      </authorization>

      </system.web>

</location>  

This will block user to view “View All site Contents”.

One interesting point is that if you want to search how many SharePoint site are there with this issue, try google “This system library was created by the Publishing feature to store pages that are created in this site.”

Source:

http://blogs.msdn.com/ecm/archive/2007/05/12/anonymous-users-forms-pages-and-the-lockdown-feature.aspx

http://technet.microsoft.com/en-us/library/cc263468.aspx

http://www.agileconcepts.com/Blogs/AQ/Lists/Posts/Post.aspx?List=71ced1e4%2Dd1b5%2D4ce4%2D9cb7%2D209f38df315a&ID=10&RootFolder=%2A

http://blog.richfinn.net/blog/2008/07/22/PublicFacingSharePointHeresSomethingScaryPleaseActivateViewFormPagesLockDown.aspx

Advertisements

Comments (2)