SharePoint 2013 and anonymous users accessing lists and libraries


The ViewFormPagesLockDown Feature (Site Collection) in SharePoint 2013 is activated and visible by default. This is not the case for previous SharePoint versions.

 Limited-access user permission lockdown mode

If you enable anonymous access to your site (or parts of it), you still need to deactivate this feature if you want those users to be able to dive into Lists or Libraries.

  • Enable anonymous access in “Authentication Providers” (Central Administration > Application Management)
  • Grant rights to anonymous users in “Site permissions”
  • Grant rights to specific library (if applicable)
  • Disable the “Limited-access user permission lockdown mode” Site Collection Feature (if applicable)

I’ve just spent the better half of the day troubleshooting this issue because it didn’t happen with a SharePoint 2010 upgraded Site Collection (because the feature is disabled by default), but was occurring on newly created SharePoint 2013 Site Collections.

Lesson learned.

 


Links to this post

Comments

Monday, 10 Jun 2013 05:54 by Daniel Christian
Hi Steven, Thanks for taking the type for creating this Blog. It helped me resolve my SharePoint 2013 blog access issue.

Tuesday, 13 Aug 2013 02:00 by Kannan
Hi Steven, Thanks for posting the info. It has saved us a lot of time. FYI, the feature is activated not by default but when Publishing Infrastructure Feature is activated.

Sunday, 15 Sep 2013 06:26 by sonbvh
Thanks alot Steven

Wednesday, 9 Oct 2013 03:36 by Maxime
Hi Steven, I put in place the Anonymous access on SharePoint (2013) with success (as you describe), but I cannot see the news feed (Site Feed app) with the Anonymous connected??? Maxime

Thursday, 10 Oct 2013 10:51 by Steven Van de Craen
Hi Maxime, I have never tried that. It could be unsupported since the feed is security trimmed anyway. Ask your question on SharePoint StackExchange or the MSDN forums where you might have better luck finding an answer. Kind regards, Steven

Wednesday, 23 Oct 2013 11:16 by Matt
Hi Steven, Your information looks good but I tried to implement it on my site and did not have any success. I have a page with a list view and anonymous users cannot open the properties page/dialog for specific items to view more details. Is there something else I need to do? Anonymous users can view the page and the web part but when they click the title of an item it prompts for login then gives a 401 error if they cancel. - Matt

Friday, 25 Oct 2013 10:53 by Steven Van de Craen
Matt, I've seen it happen before that the permission mask for anonymous users doesn't have the right permissions. Could you verify this with PowerShell or .NET code ? (http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.anonymouspermmask64.aspx). Also, is your list or item using unique permissions that check that out as well (SPList.AnonymousPermMask64).

Monday, 4 Nov 2013 01:42 by Neeraj
Thanks heaps for taking time to write this article....Just saved me from a frustrating day before go-live.....The anonymous users were not able to access the comments list and deactivating the feature at root site collection fixed the issue!

Wednesday, 6 Nov 2013 01:39 by Kyc
I've tried these setting. However, when I went to survey app permission setup. All the option such as Add Items, Edit Items, Delete Items and View Items are grey out. I have no way to apply the anonymous access. If I applied Anonymous Access Entire Web Site, I am able to access the main page without the password, but as soon as I click the survey. The username and password prompt. If I applied Anonymous Access List and Library, I get the prompt ask for the username and password even the main page. Please help. - Kyc

Wednesday, 6 Nov 2013 09:00 by Steven Van de Craen
Hi Kyc, you might have the same issue as Matt (see previous comments) had. If possible verify the settings of the AnonymousPermMask64 property.

Tuesday, 19 Nov 2013 12:50 by daniel
Hi Steven, thanks for your post. Unfortunaly I don´t see that faeture in foundation 2013?

Wednesday, 20 Nov 2013 11:03 by Steven Van de Craen
Daniel, could be Server only indeed. But you should be able to achieve the same result by manipulating the AnonymousPermMask64 value on webs.

Wednesday, 26 Feb 2014 11:35 by Derek
I double checked the first 3 items you recommend and they are great, I also found the "Limit user...." part in the root site collection and it was already deactivated. I activated it and deactivated it again just to make sure that toggling it wouldn't help, and it didn't. I'm stumped as to why anonymous users cannot comment on a blog post in my SharePoint 2013 site... Any help would be appreciated! Thanks,

Thursday, 27 Feb 2014 10:09 by Steven Van de Craen
Derek, Not sure, can anon users see the AllItems View or the DispForm? Did you break inheritance on the Comments list and explicitly grant anon users view or edit perms? It's not enough that they have it on site level.

Monday, 3 Mar 2014 05:03 by Derek
Steven, Yes, I did break the permissions months ago and explicitly grant anon users all of the available permissions for the comments "app" (add, edit, delete and view) still with no results. As far as seeing the All Items or Dispform, I am not sure. When visiting the blog as an anon user, I can click on "Site Contents" and see all "apps" or content on the blog site just fine. I am not sure about Dispform, how do I check that? Thanks Steven!

Tuesday, 4 Mar 2014 11:04 by Steven Van de Craen
Derek, All Items is just when you go to a list or library (that you made available anonymously). DispForm is when you click on an item to see its properties/metadata. Does either work?

Tuesday, 4 Mar 2014 05:49 by Dere
Steven - Yes, I can navigate as an anonymous user to any list or library on the blog site, but when I click on the eclipses (...) which would normally let you select its properties, it does not give the anonymous user the option to see anything. Only when logged in as an actual user will it let you view the properties. Perhaps this is the issue. The question is, what is the setting preventing this as I have allowed anonymous access to the site in general, and anonymous access to the comments "List" explicitly. I'm stumped....

Wednesday, 5 Mar 2014 01:42 by Steven Van de Craen
Derek, view the properties when authenticated, then copy the address to the properties page and then paste that in an anonymous browser session. Does it work anonymously?

Thursday, 6 Mar 2014 07:37 by Derek
Steven, I assumed you mean the properties of the "comments" list, correct? When I copied that URL and tried it in another browser entirely, it prompted for credentials and didn't allow me to go any further without them.

Tuesday, 11 Mar 2014 03:48 by Steven Van de Craen
Hi Derek, Can you check the AnonymousPermMask64 property on SPWeb and SPList through code or powershell? http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.splist.anonymouspermmask64.aspx

Tuesday, 1 Jul 2014 10:37 by Kensley
Hello Steven, is it possible to edit content in sharepoint 2013 for anonymous users only? For example, go to page edit mode, edit your content panel, publish and then see that content on the page only when the user is logged out? If this is possible, how can we go about creating steps to do this? Sorry for the bother

Wednesday, 2 Jul 2014 09:02 by Steven Van de Craen
Hi Kensley, have a look at this post: http://blog.mastykarz.nl/inconvenient-spsecuritytrimmedcontrol/

Wednesday, 1 Oct 2014 03:04 by Anonymous
Thanks a bunch , helped me a lot

Monday, 27 Apr 2015 09:32 by Tracy Vymola
This was a huge component of solving a PRODUCTION issue we had. We feared having to delete and recreate the entire web application, but this simple solution corrected the issues encountered with anonymous access. Thank you!

Thursday, 7 May 2015 05:45 by Fabio
Hi, I wonder if it works for Office 365 Business Essentials - SharePoint Online?? Tks.

Monday, 11 May 2015 02:04 by Steven Van de Craen
Hi Fabio, SharePoint Online (Office 365) does not allow anonymous access to sites. You can "share" with external accounts but that requires a Microsoft account or an Office 365 account.

Friday, 12 Jun 2015 05:52 by Heather Van De Sande
Thank you. This helped solve our issue.

Monday, 24 Aug 2015 02:14 by Tim
Hi Steven, I have been searching for a couple of hours on something similar to this topic. I just want to allow authenticated users to post anonymously to a blog if they wish. CodePlex has an old 2010 control that included a check box for Post Anonymously at the bottom of the form. My guess is that this merely hides the author of the post from the thread. Is there a way to facilitate this for SharePoint 2013 Blog site without having to jump through all the hoops of enabling Anonymous Users Access etc.? Thank you for your thoughts Steven, Tim

Tuesday, 25 Aug 2015 09:35 by Steven Van de Craen
Hey Tim, I don't know about the CodePlex solution but I'd guess it was a while custom page or control that would then use elevation to store the comment. But even then you'd have to get the page to show anonymously which isn't obvious if you're SharePoint/IIS isn't configured to allow that.

Monday, 9 Nov 2015 08:55 by Mani
Hi Steven , am facing issue while post the commands in blogs. My environment is SharePoint 2013 , and i have blog site with anonymous access , i tried all above steps , now i can post the commands , but am getting below error after post the commands , please help me to resolve this issue. 3 comments TypeError: Unable to get property 'trim' of undefined or null reference TypeError: Unable to get property 'trim' of undefined or null reference i want to login as anonymous and post the commands with anonymous account , but my issue is i cannot see the original commands , instead am getting above error. Thanks, Mani L

Thursday, 12 Nov 2015 01:56 by Steven Van de Craen
Hi Mani, I'm not sure I understand. It seems like you're having javascript errors? Which browser are you using? Do you get the issue when posting with an authenticated user? Cheers, Steven

Thursday, 7 Jan 2016 05:19 by Ariwibawa
Disabling "Limited-access user permission lockdown mode" has helped me. Thanks...

Thursday, 9 Jun 2016 09:11 by zquanghoangz
It works for me event to anonymous access sub-sites. But if anonymous is already setup, you may need to disable\re-enable anonymous on the site.

Monday, 29 May 2017 10:04 by Avahita
I have a strange problem with anonymous access in my sitecollection in sharepoint 2013(in all sites collection were visual upgraded to 2013 or sitecollections that were created in farm 2013 from the begining ) I grant to anonymous user to see Entire web site. I disabled this feature in site collection :"Limited-access user permission lockdown mode" I created custom sharepoint list in my site and set all permission for anonymous user (check all permission can get) when call this list by anonymous user creates items in list normally and without any problem but some activities by anonymous user get authentication where we don't expect it. you assume this items in the list: 1.item_createdbyInternaluser_1 2.item_createdbyInternaluser_2 3.item_createdbyExternaluser_1 4.item_createdbyExternaluser_2 when you call this list by anonymous user you can edit 1 and 2 but you can't edit 3 and 4.(the authentication window appears) you assume to edit 1. the items turns to below list: 1.item_createdbyInternaluser_1_editedbyAnonymoususer 2.item_createdbyInternaluser_2 3.item_createdbyExternaluser_1 4.item_createdbyExternaluser_2 after that, you can't edit 1,3 and 4 but you can edit 2.Why?!!!!!this is very strange!!!! it seems that the anonymous user steps into every page corrupts it. what's the problem I don't know what do I do????

Tuesday, 30 May 2017 10:04 by Steven Van de Craen
Hi Avahita, I cannot reproduce the issue; it works as expected on my machine. Which version and build number are you on? Did you break the permissions on the list and try giving Anonymous Add + Edit + Delete + View ?

Monday, 31 Jul 2017 02:26 by Marek
I have just realized that sometimes the user still gets a credential prompt. That "sometimes" happens when Office documents are being accessed. So zipping those file types worked for us.

Tuesday, 1 Aug 2017 07:39 by Steven Van de Craen
Hi Marek, could be this: http://ventigrate.codeplex.com/wikipage?title=Anonymous%20Office%20File%20Opener ? Cheers, Steven

CAPTCHA Image Validation