Blocking anonymous access to a SharePoint list while still being able to write to it

Posted: 12th July 2011 in Configuration, Security, SharePoint

Scenario: Using a Data View Web Part to create a form to submit anonymous user’s enquiries.  These enquiries were submitted to a list called “Contact Us” on the root sites.  This was all very well, but as it was a internet exposed publishing site,  the anonymous user had to have RW access to the list to allow it to write the enquires.   Unfortunately, it is not possible to give the anonymous user write only access to a list. 

Solution: To block browser access you need to add a location path to the web.config on all of the front end servers. In this instance it was the Contact Us list which was done as follows.

     <location path="Lists/Contact Us">
      <system.web>
         <authorization>
            <deny users="?"/>
         </authorization>
      </system.web>
   </location>

Note: A space is used in the path, not %20

This is only applicable to the top level site and if you want to restrict access to lists on sub sites, they will need to be prefixed with the site name.

To see some other security factors use the Plan for and design security and Plan security for an external anonymous access environment pages on MSDN

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s