Restrict content to anonymous users

In a SharePoint project we’ve enable to anonymous users to create new elements in a list. This requiere to allow public access to the list forms, but as you will guess this is an important hole in the SharePoint security, so what we can do?

In our case we have used the control SPSecurityTrimmedCOntrol, so we modified the form pages where the webpart in cuestion were used. The code used is similar to the following:

<SharePoint:SPSecurityTrimmedControl runat="server" AuthenticationRestrictions="AuthenticatedUsersOnly">

 <WebPartPages:WebPartZone>"Your WEbParts zone"</WebPartPages:WebPartZone>
</SharePoint:SPSecurityTrimmedControl>
<SharePoint:SPSecurityTrimmedControl runat="server" AuthenticationRestrictions="AnonymousUsersOnly">
<div class="alert alert-danger" role="alert"><strong>ERROR: </strong>Acceso
denegado</div>
</SharePoint:SPSecurityTrimmedControl>
By using this procedure it is necessary to repeat it in all the aspx that you have in the form, including the forms that correspond to personalised view. For example, in our case we had a personalized webpart to the new elements, so we needed to insert the code in this new webpart.
As a result to implement this code, when a anonymous user try to access to any page in the administration list, receive the following error:
denegado
In this case, it is possible to personalise the style of the message. In our case we were using Bootstrap, if you need the CSS code, here we go:
.alert-danger {
color: #a94442;
background-color: #f2dede;
border-color: #ebccd1;
}
.alert {
padding: 15px;
margin-bottom: 20px;
border: 1px solid transparent;
border-radius: 4px;
}
Hope it helps!
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s