Example of anonymous access to MOSS/SharePoint

Source: Internet
Author: User

Using anonymous access in SharePoint I believe many people will, and there are a lot of screenshots on the Internet. This operation is relatively simple. Let's analyze its functions and limitations, it also uses an example to describe how to use it.

First, anonymous access is divided into three levels: None, list, and library. The whole website

This topic is not discussed here. It is the same as not anonymous.

There is no much discussion about the entire website level, that is, all the list of anonymous users on the entire website are readable.

List and database level:

When you select this level for the first time, you will find that they have any effect. The official description is "if" list and Database "is selected, anonymous users can only view and change the list of permissions enabled for anonymous users and projects in the Database ". We don't feel the difference in enabling anonymous users because we didn't enable Anonymous Users for any list or library. Here, we choose to stop inheriting permissions to implement custom permissions for the entire list.

Example: If I have a website that is running and most of its content cannot be viewed by anonymous users, what should I do?

I think the first thing many people feel is to try the list and database-level permissions. Here we will let users see the homepage as an example. We will set the library on the website page to be accessible anonymously, go to http: // domain/sitepages/home directly without logon. aspx is acceptable. However, when we enter http: // domain/, the verification dialog box is displayed. this is a very tragic issue. It indicates that after the domain name is entered, it will jump to http: // domain/sitepages/home. in the aspx process, when the system finds that the permission is insufficient, a dialog box is available, but this process cannot be modified. Therefore, many administrators have basically no way at this time. Then try to set the anonymous level to the entire website, and then stop the inherited permissions of those databases that cannot be made public one by one, and then set the anonymous level to none in the Independent Permission System. This is a physical activity.

I have encountered this problem for a long time. Finally, we finally solved the problem by using the list and database level, or the above operations, just running a little bit.Code. Here I wrote a consoleProgramTo solve this problem, the Code is as follows:

Using System;
Using System. Collections. Generic;
Using System. LINQ;
Using System. text;
Using Microsoft. SharePoint;

Namespace Consoleapplication
{
Class Program
{
Static   Void Main ( String [] ARGs)
{
String Serverurl =   String . Empty;
While ( True )
{
Console. writeline ( " Please type the server URL here: " );
Serverurl = Console. Readline ();
If ( String . Isnullorempty (serverurl ))
Continue ;
Else
{
Try
{
Spsite mysite =   New Spsite (serverurl );
Spweb = Mysite. rootweb;
Web. anonymousstate = Spweb. webanonymousstate. enabled;
Web. anonymouspermmask64 = Spbasepermissions. Open | Spbasepermissions. viewpages;
Web. Update ();
Console. writeline ( " Succes !! " );
Break ;
}
Catch (exception e)
{< br> console. writeline (E. message);
}< BR >}< br> console. read ();
}< BR >}

 ArticleEndSource codeDownload. If you use SharePoint 2010, you can directly run the .exe program under the binfolder. After running this program as required, go to the permissions of the entire website and check whether the permissions actually become the whole website. However, don't rush to say that I am lying to you. You are going to access your http: // domain/can it be entered? Maybe you can reply to me immediately, but the anonymous community has reached the entire website. Can you enter it? Why don't anonymous users have access to the list without stopping inheritance? No. Do not be confused by the level of the entire website. This is just a representation. The fact is that I have completed the requirements given by the question settings.

Example 2: Taking the above question as an example, the whole page database can be accessed, but I still have some pages that cannot be viewed by anonymous users. What should I do?

First, I thought of stopping inheritance. The page has its own independent permission system. However, after interrupting inheritance, I found that he did not access the project anonymously.

Let's take a closer look at the reasons:

1. Anonymous access cannot be configured on a single list project or file level.

2. A single list item and file inherits anonymous permissions from the list library or file library.

3. authentication is required to access a single project or file after the inheritance relationship is disconnected. (In other words, anonymous access is not allowed)

So what does Microsoft officially think about this problem?

See the following translation:

"I can explain why anonymous access at folders with unique permission was not enabled in o12. basically, the difficult is in managing the anonymous settings, not in browse time permission check. OnE goal of managing anonymous access is to make sure that if you block anonymous access at a higher level, all contents from that level below shoshould also be protected. and if you enable Anonymous access at a lower level, it shocould not automatically open up contents on higher level.

"I can explain why projects in the o12 (MOSS 2007) folder have unique permissions and cannot be accessed anonymously. Fundamentally, the difficulty lies in the management of anonymous access settings, rather than access permission checks. One goal of managing anonymous access is to block anonymous access at a relatively high level, and the following content should be protected. If you enable Anonymous access at a lower level, it cannot automatically open content at a higher level.

For example, at web level, the anonymous State has three values: Disabled, enabled, open. if it's disabled, then all lists within the web are off limit to anonymous users, no matter whether the list has unique permissions or not. if it's enabled, then the Web itself (and all lists inheriting permission from the Web) is not accessible by anonymous user, but lists with unique permissions may be opened to anonymous user.

For example, at the website level, the anonymous status has three values: Disabled, enabled, and enabled. If it is disabled, all items on the website are denied access to anonymous users, regardless of whether the list has unique permissions. If "enabled", the website itself (and all projects that inherit the permissions of the website) cannot be accessed anonymously, but users with unique permissions can be set to open to anonymous users.

Now, suppose that we want to allow user to manage anonymous permission at Folder/item level. then the parent scope (cocould be parent folder, parent list, or parent web) shocould at least "enable" anonymous access. this means we have to implement "enable" semantic at list/folder level. also, when you disable anonymous access at Web/LIST/folder level, we must also update security setting on all subfolder/items to remove Anonymous Access. this will scan the docs table. this is the reason that in o12, if you set a folder/item to have unique perm, it automatically sets anonymous permmask to 0."

In this case, we allow users to manage anonymous permissions at the folder/project level. In the upper-level range (parent folder, parent list, and parent website), at least "enable" anonymous access settings. This means we have to support the "enable" status at the list/folder layer. At the same time, when you disable the anonymous access level of a website/LIST/folder layer, we must also update the security settings for all subfolders/sublists, removing the anonymous access settings. This scans the file table. This is why a single folder/Project setting has exclusive permissions in o12 (moss2007) and it automatically sets anonymous access to 0 ."

Source code download

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.