I've moved my blog to!. Please update your links. This blog is no longer in use--you can find all posts and comments at my new blog; I will no longer be posting to this site and comments have been disabled.

Thursday, March 6, 2008

Set Anonymous Access

If you're trying to configure a site for anonymous access via stsadm you can get most of the way using the out of the box "extendvs" (or my createwebapp) and "authentication" commands. The problem is that this only enables the web application for anonymous access but it doesn't "turn it on" at the site collection or web level. To complete the process I created a new command: gl-setanonymousaccess. There are three levels that you can set: Entire Web, Lists and Libraries, and Nothing. If you set the access to Entire Web anonymous users will be able to view all pages in your site and view all lists and items which inherit permissions from the site. If you select Lists and Libraries anonymous users will be able to view and change items only for those lists and libraries that have enabled permissions for anonymous users. And of course, if you set the access to Nothing anonymous users will have no access. To make this change programmatically is really simple - it's just a matter of setting a single property on the web site of interest. I also added some additional code to enable breaking of the permissions inheritance if necessary:

   1:  public override int Run(string command, StringDictionary keyValues, out string output)
   2:  {
   3:      output = string.Empty;
   5:      InitParameters(keyValues);
   7:      string url = Params["url"].Value.TrimEnd('/');
   8:      WebAnonymousState state = (WebAnonymousState)Enum.Parse(typeof (WebAnonymousState), Params["anonstate"].Value, true);
  10:      using (SPSite site = new SPSite(url))
  11:      using (SPWeb web = site.OpenWeb(Utilities.GetServerRelUrlFromFullUrl(url)))
  12:      {
  13:          if (!web.HasUniqueRoleAssignments && Params["enableuniquepermissions"].UserTypedIn)
  14:          {
  15:              web.BreakRoleInheritance(true);
  16:              web.Update();
  17:          }
  19:          if (state == WebAnonymousState.EntireWeb)
  20:              web.AnonymousState = SPWeb.WebAnonymousState.On;
  21:          else if (state == WebAnonymousState.ListsAndLibraries)
  22:              web.AnonymousState = SPWeb.WebAnonymousState.Enabled;
  23:          else
  24:              web.AnonymousState = SPWeb.WebAnonymousState.Disabled;
  26:          web.Update();
  27:      }
  29:      return 1;
  30:  }
The syntax of the command can be seen below:
C:\>stsadm -help gl-setanonymousaccess

stsadm -o gl-setanonymousaccess

Sets the anonymous access settings for a given site collection.

        -url <url containing the content types>
        -anonstate <entireweb | listsandlibraries | none>
        [-enableuniquepermissions (breaks permissions inheritance for the web if not already broken)]
Here's an example of how to enable anonymous access for the entire web:
stsadm -o gl-setanonymousaccess -url "http://intranet" -anonstate entireweb


Jerry Rasmussen said...

Does this work at the site collection level or just the web application level?

Gary Lapointe said...

Actually it's at the web level.

Anonymous said...

This worked perfectly for me! I needed a way to set anon access on 500 individual sites being deployed with unique permissions via script. Thanks!

Amreesh Sharma said...

Hi Gary,
I deployed the custom WSP solution for MOSS gievn by you.
Lapointe.SharePoint.STSADM.Commands.wsp. it was successful. I created a Survey list under my site collection. but i am not able to respond to my survey anonymously. i gave anonymous access for Survey list also. Can you please assist me regarding this. i found a lot but not able to get the answer.
Thanks and Regards
Amreesh Sharma

Anonymous said...

This command does what I have been looking for. By using the following parameters:
-anonstate none -enableuniquepermissions
I can finally break inheritance from the parent site.

I can add unique group permissions with the stsadm.exe -o creategroup command.

Now all I need to do is remove the group permissions I do not want. Do you have any ideas on how to do this using stsadm commands?

lobchis said...

Hi Gary, i deployed the custom WSP solution for MOSS, and excecuted gl-setanonymousaccess for the site but the search results won´t show anonymously, might i be missing something? Cheers

Gary Lapointe said...

Make sure you've enabled anonymous access for the web application.