Wednesday, January 8, 2014

Cross site publishing and anonymous access in Sharepoint 2013

With cross site publishing feature in Sharepoint 2013 you may make your content stored in some list or document library in one site collection, available via search index in other site collection (it is the most frequent use case mentioned in the documentation, although cross site publishing works also within single site collection and across different web applications in the same farm). What if you develop public site and you need to enable the content from e.g. authoring site, which is accessible only for content editors, also for anonymous users?

When you enable document library as catalog (Doclib settings > Catalog settings) there is possibility to specify whether or not anonymous access should be enabled:


When you leave it off like shown on the picture above, list.AnonymousPermMask64 property will contain default flag SPBasePermissions.AnonymousSearchAccessWebLists, which according to documentation means the following:

Content of lists and document libraries in the Web site will be retrieveable for anonymous users through SharePoint search if the list or document library has AnonymousSearchAccessList set.

I.e. if list or doclib contains only this flag, it doesn’t have anonymous access enabled. When you will enable anonymous access from UI:


AnonymousPermMask64 property will contain the following mask: AnonymousSearchAccessList | AnonymousSearchAccessWebLists. AnonymousSearchAccessList flag means the following:

Make content of a list or document library retrieveable for anonymous users through SharePoint search. The list permissions in the site do not change.

I.e. when it is set, content will be available for anonymous users (as our experience shows it will be available even if AnonymousSearchAccessWebLists flag is not explicitly set for the list).

Setting anonymous access for the list when it is published as catalog is done in PublishingCatalogUtility.EnableAnonymousAccess() method:

   1:  internal static bool EnableAnonymousAccess(SPWeb parentWeb, SPList list)
   2:  {
   3:      CommonUtilities.ConfirmNotNull(parentWeb, "parentWeb");
   4:      CommonUtilities.ConfirmNotNull(list, "list");
   5:      if (GetIsAnonAccessEnabled(list))
   6:      {
   7:          return false;
   8:      }
   9:      SPWeb firstUniqueAncestorWeb = parentWeb.FirstUniqueAncestorWeb;
  10:      firstUniqueAncestorWeb.AnonymousPermMask64 |=
  11:  SPBasePermissions.AnonymousSearchAccessWebLists;
  12:      list.BreakRoleInheritance(true);
  13:      list.AnonymousPermMask64 |= SPBasePermissions.EmptyMask |
  14:  SPBasePermissions.AnonymousSearchAccessList;
  15:      return true;
  16:  }

And the last note: if you connect to catalog programmatically using CatalogConnectionManager class (see example here), it will also set anonymous access, i.e. list will have AnonymousPermMask64 = AnonymousSearchAccessList even though there is no explicit option for that in the example above.

No comments:

Post a Comment