May 24, 2011 - 21:10, by Dostalek, Kevin
Some of you may be familiar with a feature named ViewFormPagesLockdown that ships with MOSS 2007 and SharePoint Server 2010. It’s automatically enabled when you create a new site using the publishing template. Basically, if you enable anonymous access then this feature will keep those anonymous users out of application pages and form pages while still allowing them read access to the underlying list/document data. So for example, they can open a publishing page in a Pages library or download a document from a document library, but they are not able to access the page item property view form or view a list of all the documents in the library.
This feature wasn’t present in WSS, but that makes sense since WSS doesn’t support the publishing infrastructure anyway. However, now that we have Wiki Page libraries (/SitePages) available in SharePoint 2010 Foundation (SPF from here on) you very well might want to have that same behavior to lock out anonymous users from the “backstage” of a public facing web site.
Take a look at the screenshot below that was taken from the SharePoint Management Shell running on a SharePoint 2010 Server:
It’s a hidden feature, but no problem on Server; you can simply activate this feature from PowerShell. However, if you run the same command on an SPF server you will get NADA. It’s not installed. What to do?
Well, it turns out that all that this feature does is change a few of the permissions for the Limited Access Role in the site collection. There’s not an easy way to get at that via the web UI, but it’s almost trivial with a tiny bit of code. Here’s a very truncated version of what you need to do:
1: string url="http://yoursite";
2: using(var site = new SPSite(url))
3: {
4: SPWeb rootWeb = site.RootWeb;
5: SPRoleDefinition guestRole = rootWeb.RoleDefinitions.GetByType(SPRoleType.Guest);
6: guestRole.BasePermissions &= ~(SPBasePermissions.EmptyMask | SPBasePermissions.ViewFormPages);
7: guestRole.BasePermissions &= ~SPBasePermissions.UseRemoteAPIs;
8: rootWeb.AnonymousPermMask64 &= ~(SPBasePermissions.UseRemoteAPIs | SPBasePermissions.ViewFormPages);
9: rootWeb.Update();
10: }
For those that would like something a bit more polished, say a well behaved command line application or an actual SharePoint feature you can turn on and off, contact me and I’ll hook you up.
May 9, 2011 - 23:00, by Dostalek, Kevin
Hey all! I've been needing to do some work on the blog here for awhile, and since it looks like I'm about to get very busy starting tomorrow I figured I better try and sneak it in tonight!
I've had to chnage out the comment engine again. This time to the new Facebook comment plugin. I know this may be an unpopular move and I *really* liked Echo (the last comment engine we had), but the price had jumped from $12 a year to $120, and I couldn't relly justify that since I only had about 100 comments last year anyway. I will miss the cool way it pulled in stuff from Twitter and Friendfeed automatically, but it seemed like the best discussions were either directly "on the site" (no social networks) or Facebook.
So anyway, try out the new comments widgets... it's just like facebook. Cool thing is if you allow it to post through to facebook as well, then any comments your friends make on the post will also show up here on the blog (don't worry, it makes it clear whats happening when they reply).
Unfortunately, this also means that every post on The Kickboard now has 0 comments. That kind of hurts, but since I've been so bad at posting over the last 6 months or so anyway, it doesn't hurt nearly as much as it might. Please let me know if you notice something not working right!