Anonymous Access
By default, SharePoint requires users to
authenticate before gaining access to a site collection. In some cases,
the organization may have a desire to open a site to anonymous users.
Anonymous users are those users who visit a SharePoint site without
ever authenticating—as far as SharePoint is concerned, there is no user
information or user context for the user accessing the site collection
anonymously. Typically, anonymous user access does not make a whole lot
of sense for team sites and intranet-like site collections, but it
makes perfect sense when used in conjunction with publishing web sites
in SharePoint.
Note A
publishing site is a site based on the Publishing Site Collection
template, which provides content management services for owners of an
organization’s public web site .
Anonymous access begins with the web
application, which ties configuration to the application in Internet
Information Server (IIS). If an administrator does
not enable anonymous access at the creation of the web application, or
later in the web application settings, then SharePoint does not allow
anonymous access at the site collection level. The following steps detail how to enable anonymous access for
an existing web application:
- Open Central Administration.
- Click the Manage Web Applications option under the Application Management heading.
- Select the desired web application from the list.
- Click the Authentication Providers icon on the ribbon.
- SharePoint shows a dialog containing configured zones for the web application (Figure 4).
- Click the title of the zone to change the authorization and enable anonymous access (typically Default).
- In the dialog that appears, check the check box in the Anonymous Access section.
- Scroll to the bottom of the dialog and click the Save button. (Note: you may notice a slight delay before the dialog closes.)
You should now have enabled anonymous access
for the web application. However, you must now also enable anonymous
access at the site collection. The following steps demonstrate how to
achieve this:
- Open the site collection of the site to enable anonymous access.
- Click the gear icon and then select the Site Settings menu option.
- Click the link for site permissions, under the Users and Permissions heading.
- Click the Anonymous Access icon on the ribbon (this icon grayed out
if anonymous access not enabled at the web application level).
Figure 5 shows the options for anonymous access:
- Entire Web Site—Anonymous users see everything in read mode.
- Lists and Libraries—Anonymous users can only see lists and list items where the owner has explicitly granted permissions to anonymous users.
- Nothing—No anonymous access to the site collection.
The Client Object Permission Requirement
ensures that anonymous users cannot interact with your site collection
without the Remote Interfaces permission. This is important—without this option checked, anonymous users can write script via the Client Object Model
to interact with your site collection. This is not to say that secure
content in the site collection is available to anonymous users—the
Client Object Model respects security—but leaving this option checked
provides another layer of protection.
