Has anybody experienced Sharepoint always returning true for rlAuthorizationModule.CheckUrlAccessForPrincipal even if the virtual path is not configured to allow anonymous access. Is there an alternative method to check for anon access in SharePoint?
A:
Long shot, but two things you could check:
- Is your virtual path inherriting anonymous access from a higher level path?
- Are you checking the anonymous user or are you checking a user principle that has access?
Shiraz Bhaiji
2009-08-03 18:30:54
I am doing the following: IPrincipal anonUser = new GenericPrincipal(new GenericIdentity(string.Empty, string.Empty), new string[0]); bool allowAnon = UrlAuthorizationModule.CheckUrlAccessForPrincipal(requestPath, anonUser, "get");It returns true for a page that is not configured to allow anonmyous access.
complexcipher
2009-08-03 18:40:58
A:
When anon access is enabled on Sharepoint for a site the method will always return true.
complexcipher
2009-08-05 18:09:35
A:
Security Note: If the UrlAuthorizationModule is not defined in the httpModules configuration section for the application, the UrlAuthorizationModule always returns true.
Please see the following url: http://authors.aspalliance.com/aspxtreme/sys/web/security/UrlAuthorizationModuleClassCheckUrlAccessForPrincipal.aspx
Nadav Yeheskel
2010-06-11 08:33:03