views:

926

answers:

1

With a SharePoint site which is partially anonymous and partially behind a forms authentication login, how do you manage the security of it?

I've got a site set up with the CMS portal (which uses Windows authentication) but since FBA is to be used by the public it has been extended to have FBA as the authentication provider and anonymous access has been enabled. Anonymous is not enabled on the CMS portal, as it is not relivent, only content editors will log onto that site.

But I can't work out how to manage what is and isn't anonymously accessible from the CMS portal, is it possible, or does there need to be a FBA-admin account which is used to manage that portion of the site?

+1  A: 

I think what you are asking is "How do I manage anonymous access for SharePoint / WSS sites?".

This article should get you started.

FAQ - How do I enable anonymous access ?

Enable anonymous access for a web application from the Central Admin.

Central Admin Home Page > Application Management > Authentication Providers

select the Membership Provider (authentication.aspx) and enable anonymous access from the next page.

You don't have to do anything on the IIS Manager ... enabling it from the Central Admin page will also enable it on IIS.

Explicitly turn it on for the sites you want to be accessed anonymously.

Browse to the site, click Site Settings > Advanced Permissions > Settings >Anonymous Access (setanon.aspx) and turn on anonymous access for the site.

From Mark Harrisons blog http://old.markharrison.co.uk/blog/2006/06/moss-2007-enable-anonymous_12.htm

Based on your follow up comment I believe you are asking if you can manage anonymous access when logged in to your default zone which only supports Windows Authentication. For some reason MSFT decided to disable the page controls on (_layouts/setanon.aspx) when access the site collection using a Web Application that has anonymous access turned off.

Since anonymous access is just another setting for the Webs there is no reason you cannot build your own web page to manage those settings. This article can help get you started. Granted this article discusses building an STSADM extension which will NOT help you manage your site via Web Browser, it does have the code you would need to have inside your custom page.

You should NOT need a special FBA account to manage the anonymous access. You can management it with any account that has proper permissions in your site collection.

JD
Got that done, but I'm more wondering if I can manage anon on the extended site from the "main" site
Slace
@Slace There is no reason you can't, unfortunatly the screens for managing Anon access (_layouts/setanon.aspx) disable the controls needed to do it when you access it using a Web Application that does NOT support Anon. So what you could do is write your on custom page, stsadm extension, powershell script, ... for managing Anon access . Here is a blog post that can help you get started. http://stsadm.blogspot.com/2008/03/set-anonymous-access.html
JD