Category Archives: Configuration and Customization

A Tool that Answers the SharePoint Development and Provisioning Riddle

Solving the SharePoint App/Add-in Problem

Today I’m excited to be on the Office 365 Developer Podcast with Jeremy Thake to talk about the release of IQApp Central beta!

IQApp Central is the product of a multi-year effort to build a platform that makes creating, deploying, and managing SharePoint customizations easier. The goal is ambitious – to change the way people build SharePoint farm solutions, apps, and add-ins by offering better tools than they have ever along with a process that works the same on premises as it does in SharePoint Online. IQApp Central codifies everything I and others learned doing and teaching others about SharePoint for the last 8 years and what we at InstantQuick learned developing, maintaining, and operating our popular Instant Consulting Practice and Instant Legal Practice add-ins in the Office 365 Store.

Core to IQApp Central is the IQApp Editor, a set of tools that let you use SharePoint to create reusable solutions and components that are easy to deploy and track. IQApp Editor is backed up by an advanced provisioning platform that provides visibility into what packages are in use, where they are used, and how they are licensed.

Think I must be exaggerating? You can try IQApp Central for free, or watch the getting started videos. There are 6 and it takes less than 45 minutes to watch them all.

Beware KB979917

If you are using claims based authentication on SharePoint 2010 you will eventually see the following error from the Health Analyzer.

Title Web Applications using Claims authentication require an update.  
Severity 1 – Error  
Category Security  
Explanation Web Applications using Claims authentication are at risk for a potential security vulnerability, which may allow users elevation of privileges. 
Remedy A security update is required on each server in the farm. For more information about this rule, see "http://go.microsoft.com/fwlink/?LinkID=184705".

The security update is KB979917 – QFE for Sharepoint issues – Perf Counter fix & User Impersonation and it introduces a pretty major change to the behavior of the affected SharePoint Web Applications that can break your code.

You can read about the ‘fixes’ in this update here: http://support.microsoft.com/kb/979917.

The parts of interest here are:

Issue 1

You deploy some partially trusted Web parts on the SharePoint site. These Web parts have more permissions than they should have. This issue may create a security risk on the SharePoint site. For example, these Web parts may generate database requests or HTTP requests unexpectedly. This behavior creates a security risk.

Note Partially trusted Web parts are Web parts that are deployed to the Bin directory of a Web application.

And:

Issue 1

This issue occurs because of an error in the ASP.NET 2.0 authentication component. The error causes the partially trusted Web parts to impersonate the application pool account. Therefore, the Web parts have full permission to access the SharePoint site.

And:

Issue 1

This hotfix makes a new application setting available in ASP.NET 2.0. The new application setting is aspnet:AllowAnonymousImpersonation. You can enable this setting by adding the following section to the Web.config file:

<appSettings>

<add key="aspnet:AllowAnonymousImpersonation" value="true" />

</appSettings>

To enable this setting, you must have IIS 7 or IIS 7.5 running in Integrated mode. When this setting is enabled, the application runs under the security context of the IUSR identity.

This hotfix updates the .NET 2.0 framework’s System.Web assembly and makes a major change when aspnet:AllowAnonymousImpersonation is set to true in web.config. Instead of code running under the application pool account as is traditional, code now runs under NT Authority\IUSR – anonymous. If you have any code that depends on an authenticated identity or the specific app pool identity – SQL connections that use integrated security, for example, the code will break with Access Denied errors.

If you are doing any integration of legacy code based on ASP.NET 2.0, there is a good chance this security fix will break your code. The good news is you can turn it off by setting aspnet:AllowAnonymousImpersonation to false in web.config. The bad news is that, no matter how you change the value (by hand, PowerShell webconfigmod, or via a feature) if you edit the claim authentication provider settings in Central Admin, it will helpfully change it back to true.

So be careful, KB979917 is like a little bomb that has the potential to go off every once in a while to ruin your day and your user’s day.

Author: Doug Ware

FeedBurner Stats Pro and FeedFlare Code for a SharePoint Blog

I wrote about FeedBurner in an earlier post about how I track site usage on this site.

If you are a regular reader of this blog, you’ll notice that I recently put ads on the site. I really don’t expect to make any money off of them and I’ll probably take them down in a few months, but I use this site as a test bed for lots of things and I figure ads and SEO in general on public facing sites using SharePoint is something people need to know about and since we do consulting and training here at eLumenotion…

Anyway, I wanted to hook up the FeedBurner Ad Network along with Google AdSense on this site. AdSense was easy, but FeedBurner was a little trickier. Hooking up FeedBurner Ad Network requires the same script needed for FeedBurner Stats Pro, which tracks individual item usage. I never got around to including the Pro code into the site because I use two other stats packages in my quest to understand the plusses and minuses of different approaches and I can get that data from one of those.

To get the full-on FeedBurner service you need a script tag that looks like this:

<script src="http://feeds.feedburner.com/~s/MyFeedName?i=http://www.mysite.comhttp://www.elumenotion.com/blog/Lists/Posts/Post.aspx?ID=POST_ID_HERE" type="text/javascript" charset="utf-8"></script>

The tricky bit is to get the data for i in the query string.

I started out trying to use the SharePoint:ListItemProperty web control I wrote about in this post and it worked alright by passing the ID property to the control, but then I tried to update the Categories.aspx page using SharePoint Designer.

I right-clicked the ListViewWebPart and chose Convert to XSLT Data View and the conversion worked perfectly, except that the page no longer worked. No posts. Nada, just "There are no posts for this category". So… back to the drawing board. (Fortunately?), the convert to XSLT data view works seldom enough that I’ve gotten fairly proficient at modifying the ListView’s XML by hand.

I wanted the ad to appear directly above the footer links.

The unencoded script tag looks like this:

<script src="http://feeds.feedburner.com/~s/ MyFeedName?i={$HttpVDir}/Lists/Posts/Post.aspx?ID={@ID}" type="text/javascript" charset="utf-8"></script>

The encoded script tag I need to embed looks like this:

&lt;HTML&gt;&lt;![CDATA[&lt;script src=&quot;http://feeds.feedburner.com/~s/ MyFeedName?i={$HttpVDir}/Lists/Posts/Post.aspx?ID={@ID}&quot; type=&quot;text/javascript&quot; charset=&quot;utf-8&quot;&gt;&lt;/script&gt;]]&gt;&lt;/HTML&gt;

If you spend a little time looking at the list view XML, this makes sense. It’s just some HTML encoded markup containing a CDATA section that gets rendered by the web part.

I needed to insert this in default.aspx, post.aspx, and category.xml using SharePoint Designer into the list view for the post body immediately before the post footer DIV.

Locate &lt;HTML&gt;&lt;![CDATA[&lt;div class=&quot;ms-PostFooter&quot;&gt;]]&gt;&lt;/HTML&gt; and paste the code for your site immediately before the first &lt;.

This portion of the XML is in the middle of the web part, so be careful to paste it into the right spot. You might also want to create a backup beforehand. 😉

Good luck!

Anonymous Access in SharePoint – Shocking Secrets Revealed!

Reza Alirezaei has an excellent 3-part article on anonymous access in SharePoint that uses the example I created here but improves upon the concept in a number of important respects, not least of which includes packaging it as a feature.

He does a thorough job of explaining some of the implications of out-of-the-box anonymous access that I alluded to, but never got around to really explaining.

Since I hate to just link without adding anything, I’ll point out one quirk in anonymous access that he doesn’t mention. Turning on anonymous access in one zone has the unfortunate behavior of giving all authenticated users the same rights as an anonymous user on all of the zones in the web application.

I encountered this recently when I had one zone set up that did not allow anonymous access and the Restricted Read permission level. I extended the site to another zone and configured it for anonymous access to the entire site. The members on the original zone were then able to browse the list because the configuration gave them more rights than Restricted Read even though the zone they were using was not configured for anonymous access!

Based on my reading of the documentation it was by design. That said, it’s no secret that I find the design lacking and that is one more reason why I use FBA when I want anonymous access; uniform control of authorization via Permission Levels.

Ok, maybe not ‘shocking’ or ‘secrets’….

Adding a Name Field to Comments on a WSS Blog

The other morning I got a comment on one of my posts that said:

"Oh, another one of these Sharepoint Blogs with no input field for a name – strange concept this is."

When I read this I thought to myself, "my, that is peculiar!"

And then I thought, "bah! I’ll just add the column to the comments list!"

This turned out to be a little trickier than I was expecting so I thought I might share how it was done in case anyone else is bothered by this….

First, navigate to the comments list

and create a new column.

I chose to name mine "Your name" and configure it as follows:

Feeling smug and very good about myself and my WSS prowess I decided to test the results.

Well, well. It seems the SharePoint gods hate the overly proud. Chastened and humbled I decide to have a look at the Posts.aspx form under the Posts list in SharePoint Designer. I wanted to look at the ListViewWebPart in an easy to consume fashion so I right clicked it and chose Convert to XSLT Data View.

I’m not sure if the blame lies with designer or the list template, but the result was not pleasing.

Now, at this point I could have tried fixing up the XSLT, but the output resulting from the conversion operation was good enough for me to see that I needed to replace the "Author" field with my new field which is called "Your_x0020_name". So, I closed the form without saving it, because you can’t just CTRL-Z undo the conversion, and reopened it. In the ListViewXML element of the Comments web part I located the applicable portion shown below:

Field Name="Author"/&gt;&lt;HTML&gt;&lt;![CDATA[ at &lt;span dir="ltr"&gt;]]&gt;&lt;/HTML&gt;&lt;Field Name="Created"/&gt;&lt;HTML&gt;&lt;![CDATA[&lt;/span&gt;&lt;/div&gt;]]&gt;&lt;/HTML&gt;&lt;/ViewBody&gt;&lt;ViewFooter&gt;&lt;IfHasRights&gt;&lt;RightsChoices&gt;&lt;RightsGroup PermAddListItems="required"/&gt;&lt;/RightsChoices&gt;&lt;Then&gt;&lt;HTML&gt;&lt;![CDATA[&lt;/div&gt; &lt;h3 class="ms-CommentHeader"&gt;Add Comment&lt;/h3&gt;]]&gt;&lt;/HTML&gt;&lt;/Then&gt;&lt;Else&gt;&lt;HTML&gt;&lt;![CDATA[&lt;/div&gt;]]&gt;&lt;/HTML&gt;&lt;/Else&gt;&lt;/IfHasRights&gt;&lt;/ViewFooter&gt;&lt;ViewFields&gt;&lt;FieldRef Name="Title"/&gt;&lt;FieldRef Name="Body"/&gt;&lt;FieldRef Name="PostTitle"/&gt;&lt;FieldRef Name="Author"

and edited it to use my new field instead of Author:

Field Name="Your_x0020_name"/&gt;&lt;HTML&gt;&lt;![CDATA[ at &lt;span dir="ltr"&gt;]]&gt;&lt;/HTML&gt;&lt;Field Name="Created"/&gt;&lt;HTML&gt;&lt;![CDATA[&lt;/span&gt;&lt;/div&gt;]]&gt;&lt;/HTML&gt;&lt;/ViewBody&gt;&lt;ViewFooter&gt;&lt;IfHasRights&gt;&lt;RightsChoices&gt;&lt;RightsGroup PermAddListItems="required"/&gt;&lt;/RightsChoices&gt;&lt;Then&gt;&lt;HTML&gt;&lt;![CDATA[&lt;/div&gt; &lt;h3 class="ms-CommentHeader"&gt;Add Comment&lt;/h3&gt;]]&gt;&lt;/HTML&gt;&lt;/Then&gt;&lt;Else&gt;&lt;HTML&gt;&lt;![CDATA[&lt;/div&gt;]]&gt;&lt;/HTML&gt;&lt;/Else&gt;&lt;/IfHasRights&gt;&lt;/ViewFooter&gt;&lt;ViewFields&gt;&lt;FieldRef Name="Title"/&gt;&lt;FieldRef Name="Body"/&gt;&lt;FieldRef Name="PostTitle"/&gt;&lt;FieldRef Name="Your_x0020_name"

After saving my work I returned to the page that had so rudely mocked my vain pride earlier and hit refresh.

Viola!

–Doug Ware

Author: Doug Ware

Anonymous Access to Add Items to Document Libraries – Solution

Yesterday I received a comment from Søren Nielsen on my earlier post on this subject:

"Hi

We have had the same problem as you – SharePoint don’t seem to be designed to have any interaction with anonymous users.

We did:
1. created an ordinary SharePoint site
2. extended the site and enabled forms authentication on the new site, using our very own custom build forms authentication, that just handles one "Guest" account
3. Gave the new Guest account proper rights to the list in question
4. Create a auto login page
5. Connected the dots, and the anonymous user is now signed in as Guest (through our own forms authentication provider) and can do whatever we grant the Guest the liberty to.

I’m not (yet) at liberty of sharing the exact solution.

Hope it helps.

soerennielsen.wordpress.com"

This is a much better solution than the one I was contemplating because it solves a wider range of issues than simply mucking about with the lists in question!

I was able to refine the approach slightly by simply using an event in global.asax instead of creating an auto login page as Søren suggests for step 4. You can now upload themes to the theme library!

Here is a brief overview of the solution. It assumes a basic understanding of membership providers and forms based authentication as it relates to SharePoint. And it assumes you have already created a site and extended it so that you have two zones, one for the public and one for authoring. If you don’t know what I mean by that, you need to do some reading before going any further. Here is an excellent article on the subject by my friend Dan Attis.

You can download the code and example configuration files here.

Step 1. Create a simple membership provider

All we want to do is create a named identity for our anonymous web friends that we can use to assign permissions. This makes the membership provider very simple. Aside from telling the site that the name is valid we need it to also return a list containing the anonymous user in a few methods so that the people picker works and so we can actually add the user to the site.

The complete code is available in the downloads section, but here are the applicable snippets.

public class AnonymousMembershipProvider : MembershipProvider

{

//If the user is named "Anon" it is valid. Otherwise something funny is going on!

public override bool ValidateUser(string username, string password)

{

if (username == "Anon")

return true;

else

return false;

}

 

//Create a MembershipUserCollection consisting of our single user.

private MembershipUserCollection GetMembers()

{

MembershipUserCollection users = new MembershipUserCollection();

users.Add(new MembershipUser("AnonymousMembershipProvider", "Anon",

"Anon", string.Empty, string.Empty, string.Empty, true, false,

DateTime.MinValue, DateTime.MinValue, DateTime.MinValue,

DateTime.MinValue, DateTime.MinValue));

return users;

}

 

//These mthods are used by SharePoint to get names for People Picker

//and to validate the name when adding it to People and Groups.

public override MembershipUserCollection FindUsersByName(string usernameToMatch,

int pageIndex, int pageSize, out int totalRecords)

{

totalRecords = 1;

return GetMembers();

}

 

public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)

{

totalRecords = 1;

return GetMembers();

}

 

public override MembershipUser GetUser(string username, bool userIsOnline)

{

return new MembershipUser("AnonymousMembershipProvider", "Anon", "Anon",

string.Empty, string.Empty, string.Empty, true, false,

DateTime.MinValue, DateTime.MinValue, DateTime.MinValue,

DateTime.MinValue, DateTime.MinValue);

}

 

public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)

{

return new MembershipUser("AnonymousMembershipProvider", "Anon", "Anon",

string.Empty, string.Empty, string.Empty, true, false,

DateTime.MinValue, DateTime.MinValue, DateTime.MinValue,

DateTime.MinValue, DateTime.MinValue);

}

Step 2. Install the AnonymousMembershipProvider to the Global Assembly Cache

 

1.

2.

3.

4.

 

Step 3. Configure the Web.Config of the FBA site

In the <SharePoint> section configure a key for the people picker:
<PeoplePickerWildcards>

<clear />

<add key="AnonymousMembershipProvider" value="%" />

</PeoplePickerWildcards>

Configure <system.web> as so:

<authentication mode="Forms">

<forms loginUrl="/_layouts/login.aspx" />

</authentication>

<identity impersonate="true" />

<authorization>

<allow users="*" />

</authorization>

<membership defaultProvider="AnonymousMembershipProvider">

<providers>

<add name="AnonymousMembershipProvider" type="AnonymousMembershipProvider, AnonymousMembershipProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=701fdd64fcd5ceb2" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />

</providers>

</membership>

If you know your web.config you may have noticed that this site is still configured for anonymous access. The next step will assign our named "Anon" user during the authentication.

Step 4. Modify Global.asax on the FBA site to Log in as Anon

<%@ Assembly Name="Microsoft.SharePoint"%>

<%@ Application Language="C#" Inherits="Microsoft.SharePoint.ApplicationRuntime.SPHttpApplication" %>

 

<script RunAt=’server’>

 

public void FormsAuthentication_OnAuthenticate(object sender, FormsAuthenticationEventArgs args)

{

if (Membership.ValidateUser("Anon", ""))

{

FormsAuthentication.SetAuthCookie("Anon", true);

}

}

 

</script>

Step 5. Configure the Web.Config of the Authoring Site

In the <SharePoint> section configure a key for the people picker:
<PeoplePickerWildcards>

<clear />

<add key="AnonymousMembershipProvider" value="%" />

</PeoplePickerWildcards>

Configure <system.web> as so:

<authentication mode="Windows" />

<identity impersonate="true" />

<authorization>

<deny users="?" />

<allow users="*" />

</authorization>

<membership defaultProvider="AnonymousMembershipProvider">

<providers>

<add name="AnonymousMembershipProvider" type="AnonymousMembershipProvider, AnonymousMembershipProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=701fdd64fcd5ceb2" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />

</providers>

</membership>

Even though the authoring site is configure to use Windows authentication, we still need access to the provider so that permissions can be assigned.

Step 6. Configure the Permissions

On the authoring site, do the following.

1.

2.

3.

4.

 

That’s it! If the SharePoint gods are smiling on you, you can now allow anonymous type folks to upload files, add attachments to lists, and generally have more control over your anonymous permissions!

Author: Doug Ware

Anonymous Access to Add Items to Document Libraries – Solution

Yesterday I received a comment from Søren Nielsen on my earlier post on this subject:

"Hi

We have had the same problem as you – SharePoint don’t seem to be designed to have any interaction with anonymous users.

We did:
1. created an ordinary SharePoint site
2. extended the site and enabled forms authentication on the new site, using our very own custom build forms authentication, that just handles one "Guest" account
3. Gave the new Guest account proper rights to the list in question
4. Create a auto login page
5. Connected the dots, and the anonymous user is now signed in as Guest (through our own forms authentication provider) and can do whatever we grant the Guest the liberty to.

I’m not (yet) at liberty of sharing the exact solution.

Hope it helps.

soerennielsen.wordpress.com"

This is a much better solution than the one I was contemplating because it solves a wider range of issues than simply mucking about with the lists in question!

I was able to refine the approach slightly by simply using an event in global.asax instead of creating an auto login page as Søren suggests for step 4. You can now upload themes to the theme library!

Here is a brief overview of the solution. It assumes a basic understanding of membership providers and forms based authentication as it relates to SharePoint. And it assumes you have already created a site and extended it so that you have two zones, one for the public and one for authoring. If you don’t know what I mean by that, you need to do some reading before going any further. Here is an excellent article on the subject by my friend Dan Attis.

You can download the code and example configuration files here.

Step 1. Create a simple membership provider

All we want to do is create a named identity for our anonymous web friends that we can use to assign permissions. This makes the membership provider very simple. Aside from telling the site that the name is valid we need it to also return a list containing the anonymous user in a few methods so that the people picker works and so we can actually add the user to the site.

The complete code is available in the downloads section, but here are the applicable snippets.

public class AnonymousMembershipProvider : MembershipProvider

{

//If the user is named "Anon" it is valid. Otherwise something funny is going on!

public override bool ValidateUser(string username, string password)

{

if (username == "Anon")

return true;

else

return false;

}

 

//Create a MembershipUserCollection consisting of our single user.

private MembershipUserCollection GetMembers()

{

MembershipUserCollection users = new MembershipUserCollection();

users.Add(new MembershipUser("AnonymousMembershipProvider", "Anon",

"Anon", string.Empty, string.Empty, string.Empty, true, false,

DateTime.MinValue, DateTime.MinValue, DateTime.MinValue,

DateTime.MinValue, DateTime.MinValue));

return users;

}

 

//These mthods are used by SharePoint to get names for People Picker

//and to validate the name when adding it to People and Groups.

public override MembershipUserCollection FindUsersByName(string usernameToMatch,

int pageIndex, int pageSize, out int totalRecords)

{

totalRecords = 1;

return GetMembers();

}

 

public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords)

{

totalRecords = 1;

return GetMembers();

}

 

public override MembershipUser GetUser(string username, bool userIsOnline)

{

return new MembershipUser("AnonymousMembershipProvider", "Anon", "Anon",

string.Empty, string.Empty, string.Empty, true, false,

DateTime.MinValue, DateTime.MinValue, DateTime.MinValue,

DateTime.MinValue, DateTime.MinValue);

}

 

public override MembershipUser GetUser(object providerUserKey, bool userIsOnline)

{

return new MembershipUser("AnonymousMembershipProvider", "Anon", "Anon",

string.Empty, string.Empty, string.Empty, true, false,

DateTime.MinValue, DateTime.MinValue, DateTime.MinValue,

DateTime.MinValue, DateTime.MinValue);

}

Step 2. Install the AnonymousMembershipProvider to the Global Assembly Cache

 

1.

2.

3.

4.

 

Step 3. Configure the Web.Config of the FBA site

In the <SharePoint> section configure a key for the people picker:
<PeoplePickerWildcards>

<clear />

<add key="AnonymousMembershipProvider" value="%" />

</PeoplePickerWildcards>

Configure <system.web> as so:

<authentication mode="Forms">

<forms loginUrl="/_layouts/login.aspx" />

</authentication>

<identity impersonate="true" />

<authorization>

<allow users="*" />

</authorization>

<membership defaultProvider="AnonymousMembershipProvider">

<providers>

<add name="AnonymousMembershipProvider" type="AnonymousMembershipProvider, AnonymousMembershipProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=701fdd64fcd5ceb2" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />

</providers>

</membership>

If you know your web.config you may have noticed that this site is still configured for anonymous access. The next step will assign our named "Anon" user during the authentication.

Step 4. Modify Global.asax on the FBA site to Log in as Anon

<%@ Assembly Name="Microsoft.SharePoint"%>

<%@ Application Language="C#" Inherits="Microsoft.SharePoint.ApplicationRuntime.SPHttpApplication" %>

 

<script RunAt=’server’>

 

public void FormsAuthentication_OnAuthenticate(object sender, FormsAuthenticationEventArgs args)

{

if (Membership.ValidateUser("Anon", ""))

{

FormsAuthentication.SetAuthCookie("Anon", true);

}

}

 

</script>

Step 5. Configure the Web.Config of the Authoring Site

In the <SharePoint> section configure a key for the people picker:
<PeoplePickerWildcards>

<clear />

<add key="AnonymousMembershipProvider" value="%" />

</PeoplePickerWildcards>

Configure <system.web> as so:

<authentication mode="Windows" />

<identity impersonate="true" />

<authorization>

<deny users="?" />

<allow users="*" />

</authorization>

<membership defaultProvider="AnonymousMembershipProvider">

<providers>

<add name="AnonymousMembershipProvider" type="AnonymousMembershipProvider, AnonymousMembershipProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=701fdd64fcd5ceb2" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />

</providers>

</membership>

Even though the authoring site is configure to use Windows authentication, we still need access to the provider so that permissions can be assigned.

Step 6. Configure the Permissions

On the authoring site, do the following.

1.

2.

3.

4.

 

That’s it! If the SharePoint gods are smiling on you, you can now allow anonymous type folks to upload files, add attachments to lists, and generally have more control over your anonymous permissions!

Author: Doug Ware

Anonymous Access to Add Items to Document Libraries

Update: A few days later a solution presented itself. Read about it here.

Long story short: I don’t think it can’t be done using the built-in list forms. If you can prove me wrong I will sing your praises to all who will listen.

Before writing the previous post in which I asked people to email me *shudder* their themes I tried to set up the document library to allow anonymous users to add new items to the library as you can do with most lists.

From the Settings Menu I chose Permissions for this Document Library:

And on the following screen I chose:

And finally I found myself on the screen where I could give anon the ability to add items to the list!

But alas!!! Thwarted again! Add, Edit, and Delete are all disabled.

Well, I don’t need no stinkin’ UI anyway. I’ll just use code.

SPSite site = new SPSite("http://www.elumenotion.com");

SPWeb web = site.OpenWeb("blog");

SPDocumentLibrary lib = (SPDocumentLibrary)web.Lists["Themes"];

lib.AnonymousPermMask64 = SPBasePermissions.ViewListItems | SPBasePermissions.OpenItems | SPBasePermissions.Open | SPBasePermissions.ViewFormPages | SPBasePermissions.AddListItems;

After running the code I go back to the list and:

Hooray! I win! There is an upload button. Let’s just test it shall we?

DOH!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 

After much experimenting I come to the conclusion that it just isn’t meant to be with a document library without creating some custom bits that don’t exclusively involve the list forms. I am hopeful that I can use impersonation to upload a file to a library via a user control or web part. But, I don’t have time for that any time soon.

So, maybe I could use an attachment on a custom list instead of a document library? Nope, same deal.

Author: Doug Ware