locked
SP 2010 publishing site anonymous access RRS feed

  • Question

  • Hello,

    I have one SP 2010 portal which is open to public - publishing site. Anonymous access is enabled on entire site.

    There is a custom master and user is allowed to see application pages which are published.

    On application pages, he can see documents which are stored in libraries (links to that documents).

    But, if user writes appropriate URL (http://server_name/myList/AllItems.aspx), he is able to see the contents of entire document library.

    He can see contents of entire site, contents of every document library, etc.

    Ok, he can only see them, not edit them, but that is not ok. This is security risk isn't it? And it is not GDPR compliant I would say.

    Friday, March 22, 2019 1:33 PM

All replies

  • Hello Mario,

    Add Location tag in web.config and specify the path which you want to restrict the access from unauthenticated users is as follows.

    ======================================================================

    <location path="/_layouts/viewlsts.aspx">
          <system.web>
            <authorization>
              <deny users="?" />
            </authorization>
          </system.web>
        </location>

    <location path="/Forms/AllItems.aspx">
          <system.web>
            <authorization>
              <deny users="?" />
            </authorization>
          </system.web>
        </location>

    =====================================================================


    Thanks Ravikant Chaturvedi

    Monday, March 25, 2019 5:19 AM
  • Hi,

    When you configure Anonymous Access for the site, if you select Entire Web site, anonymous users will be able to view all pages in your Web site and view all lists and items which inherit permissions from the Web site; if you select Lists and libraries, anonymous users will be able to view and change items only for those lists and libraries that have enabled permissions for anonymous users.

    As you have enabled anonymous access for the entire site, anonymous users can view contents of the entire site. You can stop inheriting permissions on the libraries, list and items that you don't want to share with anonymous user and the disable permissions for anonymous users manually.

    Best regards,

    Linda


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Monday, March 25, 2019 5:51 AM