Saturday, 31 March 2012

How to restrict Form pages from anonymous users

Recently i faced the issue with view all site content page from anonymous users and site users(those who have permission for add,edit and customize the pages and lists).
Using with below code hided SiteActions drop down form all users except who can 'MangaePermissions'.
Removing SiteActions from ribbon:
<!-- site Actions--><SharePoint:SPSecurityTrimmedControl ID="SPSecurityTrimmedControl1" runat="server" PermissionsString="ManagePermissions">site Actions control here</SharePoint:SPSecurityTrimmedControl>

Every thing is fine but sometimes most of organizations when dealing with public facing anonymous access sites. So you need to restrict /_layouts/viewlsts.aspx page from anonymous users because this page is displaying for anonymous users.  
So Anonymous users don’t have access to the Forms page (e.g. http://ServerName/Pages/Forms/AllItems.aspx).

The following steps will help you to restrict it. This feature is known as lock down feature which is by default enabled for publishing sites.
Firstly check with ViewFormPagesLockDown feature in your site if it is enabled or not.
You can check ViewFormPagesLockDown the feature from below command.

Using with Powershell script :
get-spfeature -site <URL>

Look at all the features listed and see if ViewFormPagesLockdown is enabled. If you see it listed then it is enabled, otherwise ViewFormPagesLockdown is disabled.
The lockdown feature can be enabled or disabled. To enable it first run the following command.
$lockdown = get-spfeature viewformpageslockdown

Now execute the following command to enable it.
enable-spfeature $lockdown -url <SiteCollectionURL>

Using with STSADM:
Open cmd prompt in Administrator mode
and go for C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN
and type
stsadm.exe –o activatefeature –url <site collection url> -filename ViewFormPagesLockdown

 Even when lockdown mode is enabled, anonymous users can still access certain application URLs, such as pages in the _layouts directory and Web services that are exposed in the _vti_bin directory. So, to increase security, you should enable lockdown mode and also modify the Web.config file. Click on this link to increase security

No comments:

Post a Comment