HTML clipboardWhenever one completes setting up with anonymous site in SharePoint , major part
comes into picture is with security. Anonymous users must not be able to
navigate through form pages (_layouts/page.aspx) and so MOSS provides cool way
to achieve this. You can easily do this with a help of a feature known as
ViewFormPagesLockDown.
You just need to activate this feature on the CMS site (base web site) and
that's all.
But I was wondering that what exactly happens when you just activate this
feature?? So my curiosity took me to open up Reflector, and found a very simple
way how Microsoft has done this
Basically that gets anonymous user by guest role as
SPRoleDefinition byType =
site.RootWeb.RoleDefinitions.GetByType(SPRoleType.Guest);
And then removes permission for this guest role
byType.BasePermissions &= ~(SPBasePermissions.EmptyMask |
SPBasePermissions.ViewFormPages);
byType.BasePermissions &= ~SPBasePermissions.UseRemoteAPIs;
SPBasePermission Enum has value ViewFormPages which restricts users from
browsing pages under _layouts directory directly And also one more interesting
thing I came to know from
this post that when ViewFormPagesLockDown feature is activated then only
those pages gets secured which derives from
LayoutsPageBase class sometimes when you want anonymous users to browse some
application under Layouts directory then you need to derive those pages from
UnsecuredLayoutsPageBase.