Tag Archives: Anonymous Access

SharePoint 2010-How to Hide the Ribbon from Anonymous Users and Users without Edit Privileges

In SharePoint 2010 the new ribbon bar (or Fluent UI as they call it) is great when you need to Author a site, but looks rather ugly and “SharePointish” for internet facing sites.  After all who wants to see this at the top of their pages?

image

As such I often have to remove it from the UI.  I have found that the best way to do this is through the CSS style sheets and a little SPSecurityTrimmedControl magic in the site Master Page.  Here are the steps to quickly and easily remove this bar for people who are not authoring on the site:

  1. Open your SharePoint master page
  2. Locate this line:<div id="s4-ribbonrow" class="s4-pr s4-ribbonrowhidetitle">
  3. Change it to:<div id="s4-ribbonrow" class="s4-pr s4-ribbonrowhidetitle" style="display:none">
  4. Now find the end of the “s4-ribbonrow” tag and add following block right after it:
    <Sharepoint:SPSecurityTrimmedControl ID="SPSecurityTrimmedControl2" runat="server" PermissionsString="AddAndCustomizePages"> 
    
    <script type="text/javascript"> 
    document.getElementById("s4-ribbonrow").style.display = "block";
    </script>
    
    </Sharepoint:SPSecurityTrimmedControl>
  5. Save the new master page and publish

And as simple as that, the ribbon bar is now hidden from all visitors who don’t have the ability to edit pages, including those who are coming in Anonymously.

SharePoint 2010–Allowing Anonymous Users to Answer Surveys

Recently I was asked to create an anonymous survey in SharePoint.  In many ways these are fairly annoying because SharePoint really wants to know who you are when you’re on the site, so you have to be careful about what features you utilize in your anonymous sites.  However, I think I’ve found a pretty straight forward way of addressing the issue as long as the company is comfortable with creating a separate web application that only allows anonymous access and doesn’t try to authenticate.  This site should only be used to house items that they want to have as anonymous access, so I tend to “portal” the functionality from the anonymous web app inside something like an intranet if needed.

First step is to create an anonymous web application for anonymous surveys.  There are several reasons for wanting to use this approach:

  • You have an external facing site where users don’t log in.
  • You have an internal web site and you want to be absolutely certain that user responses to a survey are 100% confidential and anonymous.
  • You want to use only the out-of-box capabilities of the SharePoint survey module.

However, realize that being anonymous does come with some drawbacks:

Multiple page surveys don’t work on an anonymous site

So what exactly does this mean? Well typically longer surveys will contain multiple pages and / or branching logic. In SharePoint when you respond to a survey that has multiple pages, SharePoint automatically saves the state of the survey when you move from one page to the next. It does this so that in case you lose connectivity while completing a long survey, you’ll be able to continue where you left off. It doesn’t really matter whether there might be better ways to implement this; the fact is that SharePoint writes the work-in-progress survey to the survey list when you move to another page in the survey. The problem is that SharePoint cannot write the incomplete survey to the list unless it can associate that survey with a particular user. If the user cannot log in at the point when they move to the next page, they won’t be able to continue with the survey.

Anonymous users can’t save progress

If the user is not logged in (i.e. anonymous) SharePoint will automatically request the user credentials. If the user is using IE (Internet Explorer) and the web site is in the Intranet zone, IE will by default automatically send through the user’s domain credentials and the user will be logged in (defeating the purpose of being anonymous). Alternatively the user will be prompted for credentials and if they don’t enter these credentials, they will be presented with an unauthorized dialog box:

image

If the user does log in, they will then move from the NewForm.aspx page to the EditForm.aspx page with the survey id as one of the query string parameters (e.g. …/EditForm.aspx?ID6&…). Since the survey is now in edit mode as opposed to new item mode, it stands to reason SharePoint needs to have the user context in order to retrieve that specific survey and to ensure the user can’t retrieve anyone else’s. The Create responses and edit responses that were created by the user setting on the Advanced Settings page of the survey has no mean unless the user is logged in:

image

If you want to edit the partially complete survey at this point, you simply have to be logged in.

Intranet sites are typically not anonymous

Another caveat is that Intranet sites are almost always not anonymous. To get around this you could set up a separate web site specifically for surveys where users could connect anonymously. This would entail something along these lines:

Create a new web application that supports Windows Authenticated users for survey administrators (e.g. http://survey.admin). This would normally be created in the Default zone. Create a top level site collection and grant specific permissions to the Survey Administrators so they are able to create new surveys on this site. You could further grant other permissions as necessary to any other users that may need to view survey responses or perform other actions on the site.

Extend the web application to another zone / IIS web site (e.g. to the Intranet zone on the http://survey site). Grant access to anonymous users for this zone, and remove access for Windows Authenticated users.

image

This will prevent users from being able to log into the http://survey web site using their Windows credentials, but survey administrators will still be able to log into the http://survey.admin web site to manage content as this is in a different zone.

Of course you still won’t be able to have multiple page surveys, but users will never be able to log into this site (http://survey) either accidently or automatically.

This method is the same approach you would typically take on an Internet facing site.

Once you have created the anonymous only web application, the next step is to create a survey like you normally would, remembering that features like branching logic will not work.

You could further enhance the user experience to create the perception of having multiple pages by incorporating some clever JavaScript / jQuery and css to show and hide sections on the survey as a user progresses through it. This would likely mean editing the NewForm.aspx page in SharePoint Designer for the specific survey you wanted to do this on. You’d then have to repeat the process for future surveys you wanted this functionality on.

After the survey has been created, you’re still not completely done.  You have to apply a little anonymous permissions magic in order to allow for anonymous users to actually contribute to the survey and fill it out…

Set advanced settings

On this screen, we set ‘Read Access’ to ‘All Responses’, ‘Edit Access’ to ‘Only their own’ and ‘Allow items from this survey to appear in search results’ to ‘No’. Setting read access to ‘All Responses’ seems a bit weird. After all, you will normally not want your anonymous users to see the responses of all other users. We will change this back later, but for some reason, it is necessary to select this option here.

Set Permissions

Next we go to the permissions screen:

The survey by default inherits the permissions from the site, but for anonymous surveys this will not do. By selecting ‘Edit Permissions’ from the ‘Actions’ menu, you can specify specific permissions for this survey.

The Setting menu has now appeared and from it, we choose ‘Anonymous Access’.

In this screen, make sure that the check boxes for ‘Add’ and ‘View’ are selected.

Set advanced settings again

If this is alright, we can go back to the ‘Advanced settings’ screen to set Read Access back to ‘Only their own’.

There, you’re set. The survey can be filled out by all anonymous users, but they cannot see each others entries. The information entered in these forms will be stored in the survey’s library and you can inspect each entry or view aggregated graphs of all entries. So what happened here? We first set the ‘Read Access’ to ‘All Responses’, because only then can we set the Anonymous Access settings (all check boxes will be greyed out otherwise). But after setting the permissions, we can safely turn access to all responses off again. This procedure is a bit odd, but it works.

Enable Anonymous Access in SharePoint 2010

Here are the 8 steps on how to set up anonymous access in Microsoft SharePoint 2010 .

1. Starting in Central Administration, under Application Management, click on the Manage web applications.

clip_image002

2. Make sure you select the site you want to enable anonymous access and click on the Authentication Providers icon.
clip_image004

3. On the Authentication Providers pop-up window click on the Default zone.
clip_image006

4. Under Edit Authentication, check Enable anonymous access and click Save.
clip_image008

5. Going back to Web Application Management click on the Anonymous Policy icon.
clip_image010

6. Under Anonymous Access Restrictions select your Zone and set the Permissions to None – No policy and click Save.
clip_image012

7. Now, web application will allow anonymous access to be set. So, navigate to your top level site collection for the web application. Click the Site Actions > Site Settings. Under Users and Permissions click Site permissions.
clip_image013

8. Under Permission Tools, click Anonymous Access icon and set the permissions to Entire Web site and click OK.
clip_image015
clip_image017

clip_image019

If you followed these steps properly you should have now Anonymous Access enabled.