iPhone Detected, site running in minimal mode.
Home     Tags/Archives     Tweets     About Kevin

ViewFormPagesLockdown for SharePoint Foundation 2010
May 24, 2011 - 21:10, by Dostalek, Kevin

Form Lockdown​Some of you may be familiar with a feature named ViewFormPagesLockdown that ships with MOSS 2007 and SharePoint Server 2010.  It’s automatically enabled when you create a new site using the publishing template.  Basically, if you enable anonymous access then this feature will keep those anonymous users out of application pages and form pages while still allowing them read access to the underlying list/document data.  So for example, they can open a publishing page in a Pages library or download a document from a document library, but they are not able to access the page item property view form or view a list of all the documents in the library.

This feature wasn’t present in WSS, but that makes sense since WSS doesn’t support the publishing infrastructure anyway.  However, now that we have Wiki Page libraries (/SitePages) available in SharePoint 2010 Foundation (SPF from here on) you very well might want to have that same behavior to lock out anonymous users from the “backstage” of a public facing web site.

Take a look at the screenshot below that was taken from the SharePoint Management Shell running on a SharePoint 2010 Server:

ViewFormPagesLockdown Powershell Screen


It’s a hidden feature, but no problem on Server; you can simply activate this feature from PowerShell.  However, if you run the same command on an SPF server you will get NADA.  It’s not installed.  What to do?

Well, it turns out that all that this feature does is change a few of the permissions for the Limited Access Role in the site collection.  There’s not an easy way to get at that via the web UI, but it’s almost trivial with a tiny bit of code.  Here’s a very truncated version of what you need to do:

   1:  string url="http://yoursite";
   2:  using(var site = new SPSite(url))
   3:  {
   4:      SPWeb rootWeb = site.RootWeb;
   5:      SPRoleDefinition guestRole = rootWeb.RoleDefinitions.GetByType(SPRoleType.Guest);
   6:      guestRole.BasePermissions &= ~(SPBasePermissions.EmptyMask | SPBasePermissions.ViewFormPages);
   7:      guestRole.BasePermissions &= ~SPBasePermissions.UseRemoteAPIs;
   8:      rootWeb.AnonymousPermMask64 &= ~(SPBasePermissions.UseRemoteAPIs | SPBasePermissions.ViewFormPages);
   9:      rootWeb.Update();
  10:  }
 
For those that would like something a bit more polished, say a well behaved command line application or an actual SharePoint feature you can turn on and off, contact me and I’ll hook you up.

Tags: security, SharePoint, code | Bookmark with:      

Comments

 

RSS FeedBack to the HomepageMy Twitter Feed and More!Video Chat Now!

Tags

Hide Low Frequency Tags

Archives

Aug11(1), Jul11(2), May11(2), Mar11(1), Dec10(1), Oct10(1), Sep10(1), Aug10(1), Jul10(1), Jun10(1), May10(2), Apr10(1), Mar10(1), Feb10(2), Jan10(2), Oct09(1), Sep09(2), Aug09(3), Mar09(1), Feb09(1), Jan09(2), Dec08(4), Nov08(18), Oct08(17), Sep08(15), Jun08(1), May08(2), Mar08(1), Feb08(1), Jan08(1), Dec07(1), Nov07(1), Aug07(1), Jun07(3), May07(1), Apr07(3), Mar07(2), Feb07(3), Jan07(2)

Recent Posts


View All Posts