Wednesday, July 23, 2014

SharePoint + Configuring "anonymous access" for web application + Restrict access to application pages

Configuring anonymous access at the SharePoint web application level can also be accomplished with PowerShell or code using the server-side object model.
Configuring anonymous access for web applications using PowerShell
Follow these steps to configure anonymous access for a web application using PowerShell:
  1. Get the SharePoint web application with the following Get-SPWebApplication Cmdlet:
2.  $webApp = Get-SPWebApplication http://SP:80
  1. Set the AllowAnonymous property for the IIS settings of the Default zone to true:
4.  $webApp.IisSettings[[Microsoft.SharePoint.Administration.SPUrlZone]::Default].AllowAnonymous = $true
  1. Update the web application using the following command:
6.  $webApp.Update()
Configuring anonymous access for web applications with code using the server-side object model
Follow these steps to configure anonymous access for a web application with code using the server-side object model:
  1. Get the SharePoint web application by its URL:
var webApp = SPWebApplication.Lookup(new Uri("http://SP:80"));
  1. Set the AllowAnonymous property for the IIS settings of the Default zone to true:
webApp.IisSettings[SPUrlZone.Default].AllowAnonymous = true;
  1. Update the web application using the following line of code:
webApp.Update();
Limiting access to application pages
In previous versions of SharePoint, enabling anonymous access allowed users to access application pages such as the Site contents page. Preventing access to the application pages (/_layouts) previously required some manual configuration. In SharePoint 2013, access to application pages can be restricted using the new Limited-access user permission lockdown mode feature. In this recipe, we will activate this feature on our site collection.
How to do it…
Follow these steps to enable the site collection feature to limit access to application pages:
  1. Navigate to the site collection in your preferred web browser.
  2. Select Site settings from the Settings menu.
  3. Select Site collection features from the Site Collection Administration section.
  4. Activate the Limited-access user permission lockdown mode feature.


How it works…
With the Limited-access user permission lockdown mode feature enabled anonymous users will no longer be able to access pages within the /_layouts folder. This prevents these users from accessing pages such as the Site contents page and reduces the surface area for anonymous users to identify or exploit content in the site.

 Using the Site contents page is one way hackers attempt to identify content on SharePoint sites in an attempt to exploit the site. Using this feature helps to eliminate that option for anonymous users.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)