SharePoint 2007: Remove / Disbale Anonymous Access From Browsing Application Pages / Document Library

Issue:

We enable anonymous access of one of our site collections. The concern was that anonymous users were able to access application pages of the site. Like anonymous users were able to browse “All Site Contents” by adding “_layouts/viewlsts.aspx” to the URL. This also give them ability to browse document libraries, lists etc.

Resolution:

First solution is in two steps:

  1. Enable LockDown Feature using command:

    stsadm –o activatefeature -filename ViewFormPagesLockdown\feature.xml –url <SiteCollectionURL>

  2. Disbale and enable anonymous access by setting it to “Nothing” and then again back to “Entire Web Site”.

Second solution is add following lines in web.config where <location=path…> exist:

<location path=”_layouts/viewlsts.aspx”>

<system.web>

<authorization>

              <deny users=”?” />

      </authorization>

      </system.web>

</location>  

This will block user to view “View All site Contents”.

One interesting point is that if you want to search how many SharePoint site are there with this issue, try google “This system library was created by the Publishing feature to store pages that are created in this site.”

Source:

http://blogs.msdn.com/ecm/archive/2007/05/12/anonymous-users-forms-pages-and-the-lockdown-feature.aspx

http://technet.microsoft.com/en-us/library/cc263468.aspx

http://www.agileconcepts.com/Blogs/AQ/Lists/Posts/Post.aspx?List=71ced1e4%2Dd1b5%2D4ce4%2D9cb7%2D209f38df315a&ID=10&RootFolder=%2A

http://blog.richfinn.net/blog/2008/07/22/PublicFacingSharePointHeresSomethingScaryPleaseActivateViewFormPagesLockDown.aspx

Advertisements

2 Comments »

  1. SPKID said

    This is not working for me?
    its blocking whole site?
    any thoughts?
    am doing this on a publishing site in 2010?

RSS feed for comments on this post · TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: