Archive for December, 2009

Lock Down Feature for WSS

December 31, 2009

When we setup the anonymous access for the SharePoint site, all anonymous user gets the limited access to the site. Because of the limited access to the site, users are able to view the list form pages like AllItems.aspx, DispForms.aspx etc.

MOSS provides a feature called ViewFormPagesLockDown which allow us to secure these form pages from anonymous users. The following table details the default permissions of the limited access permission level and the reduced permissions when lockdown mode is turned on.

Permission

Limited access — default

Limited access — lockdown mode

List permissions: View Application Pages

Site permissions: Browse User Information

Site permissions: Use Remote Interfaces

Site permissions: Use Client Integration Features

Site permissions: Open

Unfortunately this feature comes along with MOSS only and is not the part of WSS. So how can we achieve the similar functionality in WSS?

What about creating our own Lock Down feature?

Yes, I developed the custom Lock down feature to achieve this. Following is the code i used to suppress the permissions of Limited Access permission level.

private void UpdateLimitedAccess(bool LockDown, string StrSiteCollURL)
       {
           SPSecurity.RunWithElevatedPrivileges(delegate()
           {
               SPSite Site = new SPSite(StrSiteCollURL);
               Site.AllowUnsafeUpdates = true;
               SPWeb RootWeb = Site.RootWeb;
               RootWeb.AllowUnsafeUpdates = true;
               SPRoleDefinition ByType = RootWeb.RoleDefinitions.GetByType(SPRoleType.Guest);
               if (!LockDown)
               {
                   ByType.BasePermissions |= SPBasePermissions.EmptyMask | SPBasePermissions.ViewFormPages;
                   ByType.BasePermissions |= SPBasePermissions.UseRemoteAPIs;
               }
               else
               {
                   ByType.BasePermissions &= ~(SPBasePermissions.EmptyMask | SPBasePermissions.ViewFormPages);
                   ByType.BasePermissions &= ~SPBasePermissions.UseRemoteAPIs;
               }
               ByType.Update();
           });
       }

Call this method in your feature activation event passing true as parameter value and in feature deactivation event passing false as parameter value.