Reza Alirezaei has an excellent 3-part article on anonymous access in SharePoint that uses the example I created here but improves upon the concept in a number of important respects, not least of which includes packaging it as a feature.
He does a thorough job of explaining some of the implications of out-of-the-box anonymous access that I alluded to, but never got around to really explaining.
Since I hate to just link without adding anything, I’ll point out one quirk in anonymous access that he doesn’t mention. Turning on anonymous access in one zone has the unfortunate behavior of giving all authenticated users the same rights as an anonymous user on all of the zones in the web application.
I encountered this recently when I had one zone set up that did not allow anonymous access and the Restricted Read permission level. I extended the site to another zone and configured it for anonymous access to the entire site. The members on the original zone were then able to browse the list because the configuration gave them more rights than Restricted Read even though the zone they were using was not configured for anonymous access!
Based on my reading of the documentation it was by design. That said, it’s no secret that I find the design lacking and that is one more reason why I use FBA when I want anonymous access; uniform control of authorization via Permission Levels.
Ok, maybe not ‘shocking’ or ‘secrets’….