none
How to provide anonymous access to a custom ASPX page in _layouts folder? RRS feed

  • Question

  • We have a sharepoint site which is a public facing site and when user tries to access the site, it will ask for authentication.

    However for one of the ASPX page (that I created and copied to  _layouts folder within 12 hive), I do not want the users to be asked with authentication if they have already accessed the site in the last 90 days or so.  In case if they have not accessed, then I would like to trap their windows login and use the same as 'current user'. If either of the above fails, then I would like to ask for authentication.

    In case if the above cannot be done at page level, then I can consider doing the same at site level.

    Please suggest.

    PS: In case if this needs any programming (or related), please move to development forum.How to provide anonymous access to a custom ASPX page in _layouts folder?

     

    ns-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

    We have a sharepoint site which is a public facing site and when user tries to access the site, it will ask for authentication.

    However for one of the ASPX page (that I created and copied to  _layouts folder within 12 hive), I do not want the users to be asked with authentication if they have already accessed the site in the last 90 days or so.  In case if they have not accessed, then I would like to trap their windows login and use the same as 'current user'. If either of the above fails, then I would like to ask for authentication.

    In case if the above cannot be done at page level, then I can consider doing the same at site level.

    Please suggest.

    PS: In case if this needs any programming (or related), please move to development forum.

    • Moved by Mike Walsh FIN Wednesday, July 21, 2010 2:57 AM prog q (From:SharePoint - Setup, Upgrade, Administration and Operation (pre-SharePoint 2010))
    Tuesday, July 20, 2010 8:46 PM

All replies

  • (No need to ask to move to programming twice)

     

    Authentication OOB is not at .aspx page level and certainly not with the restriction that "I would like to trap their windows login and use the same as 'current user'.". Moving to Programming. 

     

    (Moderator)

     


    2010 Books: SPF 2010; SPS 2010; SPD 2010; InfoPath 2010; Workflow etc.
    2007 Books: WSS 3.0; MOSS 2007; SPD 2007; InfoPath 2007; PerformancePoint; SSRS; Workflow
    Both lists also include books in French; German; Spanish with even more languages in the 2007 list.
    Wednesday, July 21, 2010 2:56 AM
  • Do the following to allow anonymous access to a custom ASPX page in _layouts folder....

    1.  Inherits your page from Microsoft.SharePoint.WebControls.UnsecuredLayoutsPageBase

    2.  Override the AllowAnonymousAccess property and return true
    protected override bool AllowAnonymousAccess
    {   
          get{   
                 return true;   
             }   
    }



    Thanks
    Ganesh Jat [My Blog | LinkedIn | Twitter ]
    • Proposed as answer by QMKevinB Friday, March 11, 2011 1:43 PM
    • Unproposed as answer by Mike Walsh FIN Sunday, May 1, 2011 10:58 AM
    Wednesday, July 21, 2010 7:02 AM
  • Thanks Ganesh. Sorry for late reply.

    The ASPX page I am using (from _Layouts folder) is like a server page with first few lines that look like below.  I do not know how to incorporate the above code into this type of ASPX file. Please suggest.

     


    <%@ Page Language="C#" Inherits="System.Web.UI.Page" %>


     

    <%@ Register TagPrefix="SharePoint"Namespace="Microsoft.SharePoint.WebControls"


    Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>


    <%@ Import Namespace="Microsoft.SharePoint" %>

    Friday, July 23, 2010 6:05 PM
  • Anirudh,

     

    Change Inherits ="System.Web.UI.Page"   to Inherits =" Microsoft.SharePoint.WebControls.UnsecuredLayoutsPageBase "


    Thanks
    Akhilesh Nirapure
    Saturday, July 24, 2010 5:03 AM
  • thanks but I think I didn't phrase my question properly. When I put the below code in the ASPX page, it gives me errors. 

    protected override bool AllowAnonymousAccess 
    {    
          get{    
                 return true;    
             }    
    }

     

    Currently the ASPX page looks like this,

     

    <%@ Page Language="C#" Inherits="Microsoft.SharePoint.WebControls.UnsecuredLayoutsPageBase" %>
    <%@ Register TagPrefix="SharePoint" 
    
    Namespace="Microsoft.SharePoint.WebControls"
    Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, 
    
    PublicKeyToken=71e9bce111e9429c" %>
    <%@ Import Namespace="Microsoft.SharePoint" %>
    
    protected override bool AllowAnonymousAccess 
    {  
       get{  
           return true;  
         }  
    }
    
    <html>
    <head>
    <title>AprRj</title>
    </head>
    <body>
    
    <%
      
    using (SPWeb web = SPControl.GetContextWeb(Context))
    {
       web.AllowUnsafeUpdates = true;
       //........ get data...do business logic here.
    }
    %>
    </body>
    </html>
    

     

    Monday, July 26, 2010 2:30 PM
  • plz , either use this code in Code behind file of ur page or inline in aspx within script block

     <script runat="server" type="text/C#"></script>

    In aspx inline approach ,  the code should look like this ......

    <%@ Page Language="C#" Inherits="Microsoft.SharePoint.WebControls.UnsecuredLayoutsPageBase " %>

     

    <script runat="server" type="text/C#">

    protected override bool AllowAnonymousAccess
    {   
          get{   
                 return true;   
             }   
    }

    </script>

     

    In code behnd approach ,  the code should look like this ......

     

    namespace MyNamespace

    {
      public class MyPageClassFile :  Microsoft.SharePoint.WebControls.UnsecuredLayoutsPageBase
        {
          protected override bool AllowAnonymousAccess { get { return true; }


    .......

    .....

    }

    }

     

     



    Thanks
    Ganesh Jat [My Blog | LinkedIn | Twitter ]
    Wednesday, August 4, 2010 9:04 AM
  • Surprised to see  "Unproposed As Answer by Mike Walsh FIN"  , I am not aware of rules for unproposing any answer , you should not proposed your own thread as an answer , but if someone is proposing your thread then it should not be unproposed by moderator...

      even Mike has quoted in some threads that "NEVER propose your own posts as answers. The function is there for people to propose the good answers of other people. Not for self-proposing."

     

     



    Thanks
    Ganesh Jat [My Blog | LinkedIn | Twitter ]
    Thursday, May 26, 2011 6:47 AM
  • > Surprised to see  "Unproposed As Answer by Mike Walsh FIN

    There are various cases where a Moderator has good reason for un-proposíng a proposed answer.

    Here are a few:  (not all, but perhaps the most common ones)

    1. when the poster proposes his own post (as you mention)

    2. when there is a better answer in the thread.

    3. when the OP comes back with a post that says that the proposed post did not answer his question.

    4.  when the OP comes back with a post that says that he actually meant something else.

    In order to do any of 2. 3. or 4. the entire thread or at least two posts in the thread need to be considered. Clearly this takes time and therefore will not be done in every thread with a proposed post or by every Moderator.

    In this thread the reason for unproposing was 4. because the OP later wrote "thanks but I think I didn't phrase my question properly. "

    I hope this answers your question. There aren't that many times I unpropose posts (or unmark posts as answers) but when I do so it's justified.   (Or at least it should be - I am human and get things wrong occasionally)

    Mike

    P.S. There is also 5. When I think the answer is technically wrong - a clear case of that being if someone had written that Windows Internal Database for WSS 3.0 has a database size limit of 4GB.

     

     


    SP 2010 "FAQ" (mainly useful links): http://wssv4faq.mindsharp.com/default.aspx
    WSS3/MOSS FAQ (FAQ and Links) http://wssv3faq.mindsharp.com/default.aspx
    Both also have links to extensive book lists and to (free) on-line chapters
    Thursday, May 26, 2011 8:56 AM
  • Thanks Mike, its clear now . Can we find someplace where all these rules and regulations are documented?


    Thanks
    Ganesh Jat [My Blog | LinkedIn | Twitter ]
    Thursday, May 26, 2011 9:22 AM
  • There are guidelines somewhere but in the end it's down to the individual Moderator where he stretches/bends them.  (One example being self-proposing which I dislike because there are too many "false positives" in proposals made by the poster him/herself.)

    For better or worse I am probably one of the more active Moderators (and the usual "rule" is that the more you do, the more there is that people can object to) - some like this, some don't. In my experience the newcomers don't like it and the old hands do - but often enough newcomers become old hands and change their opinion.

    Mike


    SP 2010 "FAQ" (mainly useful links): http://wssv4faq.mindsharp.com/default.aspx
    WSS3/MOSS FAQ (FAQ and Links) http://wssv3faq.mindsharp.com/default.aspx
    Both also have links to extensive book lists and to (free) on-line chapters
    Thursday, May 26, 2011 9:43 AM
  • Anirudh123,

    Did you ever get your original problem solved? Let us know if you still need help.

    Thanks,

    Dan


    http://wssguy.com/blogs/dan
    • Edited by Mike Walsh FIN Wednesday, June 1, 2011 11:17 AM Let US know, Dan. These aren't private conversations.
    Tuesday, May 31, 2011 9:29 PM
  • Hello Dan,

    The custom ASPX page is in _layouts folder (as discussed with Ganesh above) but the page still goes through authentication (meaning when I redirect to this page, user is being asked to authenticate. This is a windows authenticated public facing site).

     

    Wednesday, June 1, 2011 2:08 PM
  • Ganesh : I didn't mark as answer as authentication is failing. The code examples we discussed seems to be working fine and I thought of answering for that but then it will mean that the entire solution (authentication issue) is also resolved. Sorry about that.
    Wednesday, June 1, 2011 2:08 PM
  • I have public facing website with  LOGIN and SignUP. Anonymous access is enabled at Web App and Site collection level.

    I want all lists and files to be secured and be accessable only when logged in.

    I want anonymous user should acccess only Sign Up page. how can i achieve in a single web app?

    please advise

    roy

    Wednesday, June 13, 2012 6:13 PM
  • I have added an application page to my solution. This page doesn't require authentication. I have removed the DynamicMasterPage attribute from the Page directive. I have inherited from UnsecuredLayoutsPageBase. And I override the AllowAnonymousAccess to always return true. Yet, it redirects to the AccessDenied.aspx when I try to access the page through the browser. How do I setup anonymous access for a specific page? I am using FBA authentication for the rest of the site.
    Wednesday, October 30, 2013 11:51 AM