tags:

views:

434

answers:

2
+2  Q: 

SharePoint 2003 - deny access using web.config

As all you know, Sharepoint 2003 has simple access rights privilages. You can only grant rights (Reader, Contributor, Administrator) but unfortunatelly you can not deny access. So, if someone is not welcome in SharePoint portal there is no simple way to restrict access for him.

I found nice articles how to secure access to certain page using web.config:

<authorization>
  <allow users="MySuperAdmin"/>
  <deny users="*"/>
</authorization>

But... It doesn't work in my two SharePoint installations (test and live). No matter what I enter in <authorization> tag, I am still able to enter SharePoint pages. Even when I deny access for all, like this:

<authorization>
  <deny users="*"/>
</authorization>

... I am still able to see all pages (with my local Administrator user or any other non-admin user).

Could you please help what is wrong in my code?

+2  A: 

Rather than editing web.config files, you should be able to design these security requirements with standard SharePoint 2003 features.

The key is that if a user isn't present in any of the groups then they don't have access. So just add the users/domain groups that should have access and not the rest.

Alex Angas  2009-07-27 13:59:27
I'm pretty sure this is right, but it's been a while since I've touched SPS 2003.
Alex Angas  2009-07-27 13:59:40
You are right that this could be a solution, but this would need redesign of current user groups configuration stored in ActiveDirectory.I am looking for option where I could specify a group which have restricted access for portal (for example: ex-employees).
Paweł Grądziel  2009-07-27 14:03:14
Another question for you answer: are modifications made for authorization tag in web.config working for SharePoint 2003? Maybe some other changes are needed?
Paweł Grądziel  2009-07-27 14:05:46
SharePoint 2003 is an ASP.NET 1.1 application so anything you specify in web.config should work for it as well. See Colin's answer :)
Alex Angas  2009-07-27 15:16:11
A: 

HAve you tried adding a location tag around the authorisation tag in your post? i.e. like so:

<location path="_layouts/images">
  <system.web>
    <authorization>
      <allow users="*" />
    </authorization>
  </system.web>
</location>

P.S. Alex's answer is ultimately the correct one, even though it means throwing things around in Active Directory. We did the same at my company.

Colin  2009-07-27 14:08:26
I have tried this as well - this also didn't work.Can anyone confirm that SharePoint ignores authorizatoin tag from web.config and it's is normal behavior (so it can be reproduced on other SharePoint 2003 installation)?
Paweł Grądziel  2009-07-28 10:02:57

related questions

Upgrading Sharepoint 3.0 to SQL 2005 Backend?
Webpart registration error in event log
Sharepoint COMException 0x81020037
Transactional Design Pattern
Deploying InfoPath forms to different SharePoint servers
Profiling/Optimizing (Sharepoint 2007) Web Parts
Retreiving the PC Name of a Client? (Windows Auth)
What's the best way to report errors from a SharePoint workflow?
How to get out parameters working in SharePoint workflows
Editing User Profile w/ Forms Authentication
WSS/MOSS Book
Creating a development environment for SharePoint.
Sharepoint Wikis
Have you used a wiki in your project or group?
Can I copy files to a Network Place from a script or the command line?
How do you deploy your SharePoint solutions?
SharePoint WSS 3.0 Integration with Mac OSX (either Safari or Firefox)
SharePoint - Connection String dialog box during FeatureActivated event
How can I improve the edit-compile-test loop when developing a SharePoint workflow?
Best ajax library for Sharepoint
Alternative Hostname for an IIS web site for internal access only
How to reference to multiple version assembly
MOSS SSP problem - Failed database logons from deleted SSP
Sharepoint: executing stsadm from a timer job + SHAREPOINT\System rights
Can ASP.NET AJAX partial rendering work inside a SharePoint 2007 application page?