Nick Hadlee's Blog on SharePoint and Other Occasional Rants…


Search Service, Anonymous Access and 401s
July 7, 2009, 11:26 pm
Filed under: Administration, Authentication, SharePoint

In another semi-related post I was talking about anonymous access in SharePoint and a work around that can be used if you need to force authentication to work at the same time. It is as counter intuitive as it sounds…

An unexpected side affect of anonymous access can be that SharePoint web services might not work as expected. This certainly was the case in the situation I described in the other post but luckily Dave Wollerman describes a fix for this issue.

An issue I can see arising is when you start to disconnect what SharePoint is managing – configurations via central administration – versus what you are now directly responsible for managing with IIS then your maintenance headache increases. For example: In a farm you will need to make sure all front-ends are synchronised by changing the IIS settings on each server.

Advertisements


Anonymous Access, Windows Authentication and ‘Forcing’ an Automatic Sign In
July 7, 2009, 10:35 pm
Filed under: Authentication, SharePoint

If for what ever reason (read disclaimer at end) you need anonymous access enabled on a SharePoint site that is using windows authentication, you will notice that even as an authorised user you are not signed in automatically. The anonymous ‘experience’ will always take precedence over the users credentials [1]. This is the way the HTTP protocol works so IIS and SharePoint are off the hook for this issue.

If you do want to be a recognised user then you will  need to click on the ‘Sign In’ link at the top of the site. Depending on your browser security settings you will either be signed in automatically or prompted for credentials. 

Solution

This is less of a solution and more of a work around but it will achieve the desired result. To force an auto-sign in under SharePoint you need a page that has unique permissionsto force the challenge/response for credentials. This can then be provided to the authenticated users as the ‘authenticated’ homepage url.

There are a few limitions with this method:

  • Anonymous users will not be able to access this page
  • To be more useful the page will probably need some redirection, i.e. To pass the user back to a global home page, and this provides its own set of challenges
  • Unless the authenticated user hit this page first, i.e. They follow direct links to somewhere else in the site, they will not be signed in 

Disclaimer: This was a work around to an issue I recently had to face because anonymous users and authenticated users needed to access SharePoint via the same url. There are much better ways to provide multiple authentication methods which are recommended as the preferred option.

References: [1] To be completely safe I confirmed this behavior is expected with Paul Stork at his ‘Anonymous Access: Everything you always wanted to know, but didn’t know to ask’ session while at the New Zealand SharePoint Conference.




%d bloggers like this: