Lock Down Feature for WSS


When we setup the anonymous access for the SharePoint site, all anonymous user gets the limited access to the site. Because of the limited access to the site, users are able to view the list form pages like AllItems.aspx, DispForms.aspx etc.

MOSS provides a feature called ViewFormPagesLockDown which allow us to secure these form pages from anonymous users. The following table details the default permissions of the limited access permission level and the reduced permissions when lockdown mode is turned on.

Permission

Limited access — default

Limited access — lockdown mode

List permissions: View Application Pages

Site permissions: Browse User Information

Site permissions: Use Remote Interfaces

Site permissions: Use Client Integration Features

Site permissions: Open

Unfortunately this feature comes along with MOSS only and is not the part of WSS. So how can we achieve the similar functionality in WSS?

What about creating our own Lock Down feature?

Yes, I developed the custom Lock down feature to achieve this. Following is the code i used to suppress the permissions of Limited Access permission level.

private void UpdateLimitedAccess(bool LockDown, string StrSiteCollURL)
       {
           SPSecurity.RunWithElevatedPrivileges(delegate()
           {
               SPSite Site = new SPSite(StrSiteCollURL);
               Site.AllowUnsafeUpdates = true;
               SPWeb RootWeb = Site.RootWeb;
               RootWeb.AllowUnsafeUpdates = true;
               SPRoleDefinition ByType = RootWeb.RoleDefinitions.GetByType(SPRoleType.Guest);
               if (!LockDown)
               {
                   ByType.BasePermissions |= SPBasePermissions.EmptyMask | SPBasePermissions.ViewFormPages;
                   ByType.BasePermissions |= SPBasePermissions.UseRemoteAPIs;
               }
               else
               {
                   ByType.BasePermissions &= ~(SPBasePermissions.EmptyMask | SPBasePermissions.ViewFormPages);
                   ByType.BasePermissions &= ~SPBasePermissions.UseRemoteAPIs;
               }
               ByType.Update();
           });
       }

Call this method in your feature activation event passing true as parameter value and in feature deactivation event passing false as parameter value.

Advertisements

Tags: , , ,

2 Responses to “Lock Down Feature for WSS”

  1. Vikash Says:

    Hi Neelesh ,
    i didnt get the use of these tow lines

    ByType.BasePermissions |= SPBasePermissions.EmptyMask | SPBasePermissions.ViewFormPages;

    ByType.BasePermissions |= SPBasePermissions.UseRemoteAPIs;

    and as the blog is for every one , kindly write the comment with the code so that we can figure it out the functionality our self.

  2. Neelesh Kalani Says:

    Vikash,

    In these code statements we are assigning the permissions to the Guest (Limited Access) permission level. SPBasePermissions is an enum and you can read more about it at below link on msdn.

    http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spbasepermissions.aspx

    -Neelesh-

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: