Tuesday, June 1, 2010

How Sharepoint determines whether or not to show Anonymous Access menu item in Site Permissions page

As you know in Sharepoint it is possible to configure anonymous access to your site. In order to do it you should login under some administrative account into appropriate web application zone, which allows anonymous access, and go to Site Settings > People and groups > Site Permissions > Settings > Anonymous Access and select what option is suitable for you:

  • Entire Web site
  • Lists and libraries
  • Nothing

But sometimes you will not find Anonymous Access option in menu as it is hidden because of some reasons. In forums people say that in order to make it visible you should allow anonymous access for your web application. I want to go a little deeper and show underlying mechanism used by Sharepoint when it determines whether or not to show Anonymous Access item in menu. It may help with troubleshooting when you investigate issues with anonymous access.

Anonymous Access menu item is shown in user.aspx page which is located in 12/template/layouts folder on file system:

   1: <SharePoint:MenuItemTemplate id="MenuItemAnonAccess" runat="server"
   2:         Text="<%$Resources:wss,people_anonaccess%>"
   3:         Description="<%$Resources:wss,people_anonaccessdesc_site%>"
   4:         Visible=false
   5:         MenuGroupId="300"
   6:         Sequence="300"
   7:         />

As you can see it has initially Visible = false. Lets go inside codebehind class of user.aspx page – UserRoles class located in Microsoft.SharePoint.ApplicationPages assembly (this assembly is not located in GAC – it is located in _app_bin folder inside inetpub folder for each Sharepoint site). So how Visibility of MenuItemAnonAccess item is controlled? It becomes clear after analyzing of UserRoles class in Reflector:

   1: protected override void InitPage()
   2: {
   3:     ...
   4:     this.MenuItemAnonAccess.Visible =
   5: base.Site.IISAllowsAnonymous && SPSecurity.WebConfigAllowsAnonymous;
   6:     ...
   7: }

So Anonymous Access item is appeared when the following conditions are true: anonymous access is enabled in IIS and web.config is configured to allow anonymous access. These conditions are not the same – sometimes they may differ (i.e. anonymous access may be configured in web.config, but not allowed in IIS). You can control anonymous access during creation or extending of web application:


Or for existing web applications in Central Administration > Application Management > Authentication Providers and click on provider name:


In order to test these settings I created test application _layouts page which shows these settings for the current site:

   1: <%@ Page Language="C#" %>
   2: <%@ Import Namespace="Microsoft.SharePoint" %>
   4: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   6: <html xmlns="http://www.w3.org/1999/xhtml" >
   7: <head id="Head1" runat="server">
   8:   <title>test</title>
   9: </head>
  10: <body style="font-family:Arial">
  11:   <form id="form1" runat="server">
  12:     <div>
  13:       <%
   2:         this.lbl1.Text = SPContext.Current.Site.IISAllowsAnonymous.ToString();
   3:         this.lbl2.Text = SPSecurity.WebConfigAllowsAnonymous.ToString();
  15:       IISAllowsAnonymous:&nbsp;<asp:Label ID="lbl1" runat="server" />
  16:       <br />
  17:       <br />
  18:       <br />
  19:       WebConfigAllowsAnonymous:&nbsp;<asp:Label ID="lbl2" runat="server" />
  21:     </div>
  22:   </form>
  23: </body>
  24: </html>

In order to use it copy paste content into test.aspx page and copy this page into 12/template/layouts folder on file system. After that you will be able to see anonymous settings if you will enter the following URL into browser: http://example.com/_layouts/test.aspx. Hope it will be useful.

No comments:

Post a Comment