Skip Ribbon Commands
Skip to main content

See the Point

:

 

 Other Blogs

 
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
 

 Links

 
  
  
  
  
See the Point > Posts > Anonymous Users Need Love (or data), Too
 

 Posts

 
June 23
Anonymous Users Need Love (or data), Too

When I’m logged into a site sometimes I stare at the page

and in the back of my mind I hear my conscience rage

Telling me I need some data that I just don’t see

For the first time I wonder just how can it be

 

Okay, so I’m not LL Cool J and no one wants to hear me rap, but recently I was presented with a need to share external content through SharePoint to anonymous users. Sounds simple, right? Turns out, not so much.

First, we had to set up a site that had anonymous access, that’s the easy part!

Next set an account that can manage the Metadata Store permissions in the Business Connectivity Service Application.

  1. Go to Central Admin
  2. Manage Service Applications
  3. Click beside the Business Data Connectivity Service Application
  4. Click Manage
  5. Click on “Set Metadata Store Permissions”
  6. Add the account
  7. Give it ALL permissions

This was a simple SQL database table that needed to be viewed, so we used SharePoint Designer 2010 to create the external content type.

  1. Open the Site
  2. Click on External Content Types
  3. Click New External Content Type
  4. Name the content type
  5. Click on “Click here to discover external data sources and define operations”
  6. Click Add Connect
  7. Select SQL Server and then click OK
  8. Enter the database server, the database name, and select connect with user’s identity (make sure the user actually does have access to the database, at least as “datareader”) and then click OK
  9. Expand the data source
  10. Select the table you will be using and then right-click on it to create the operations (since this was going to an anonymous site, we only wanted read item and read list)
  11. Save the connection and the External Content Type (ECT)

Since this was going to be anonymous access, we had to set up the ECT to be able to read no matter who was logged on. So we decided to use Revert To Self in the connection. What this means is that the connection will be made with the credentials from the account used as the application pool identity. You will have to make sure this account has permissions to the database you are connecting to as well. This is really the only method I’ve found that will allow anonymous users access in any manner. Don’t worry, you can set permissions on the data in the service application after you have created the ECT.

  1. Go back to the External Content Types gallery in SPD2010
  2. Click on your new ECT
  3. Click Edit Connection Properties.
  4. Change the Default Authentication Mode to BDC Identity

You will probably get a warning that you cannot set it up this way unless you have turned on the ability to use revert to self. If you haven’t, open PowerShell and run these commands. In SP2010, revert to self is disabled by default due to security, however, you will need this ability for anonymous users to have the ability to read external data.

$bcsapp = Get-SPServiceApplication | where {$_ -match "Business Data Connectivity Service"}
$bcsapp.RevertToSelfAllowed = $true;
$bcsapp.Update();

Next you will need to set permissions on the new ECT you have create

  1. Go to Central Admin
  2. Manage Service Applications
  3. Manage Business Connectivity Service
  4. Select External Content Types in the drop down
  5. Select the ECT by checking the box next to it
  6. Click Set Object Permissions
  7. Type NT Authority\Anonymous Logon and then click Add
  8. Give execute permissions (this is all you can give to anonymous users, anyway!)

Now you can create your external list

  1. Go to the site
  2. Create a list by clicking on Site Actions and create External List (if that is not there, you will need to turn on the Team Collaboration Lists feature)
  3. Name your list
  4. Select whether or not to display on quick launch (your choice)
  5. Select your ECT
  6. Click Create
  7. View data if the ECT is set up correctly, you will see data since you are a logged in user.

I followed these steps. however, every time I went to the list it either logged me in or prompted for credentials. How do I truly get an anonymous user access? After a bit of testing I discovered that I could create a DVWP with this list and view the data as an anonymous user. So what was the issue?

Well turns out I was working in a publishing site, as you might have guessed by the second step in creating the external list. In SharePoint 2010 the publishing site comes with the ViewFormPagesLockdown feature activated as well as all sorts of other security features to prevent anonymous users from seeing things they shouldn’t. Since this was truly a public facing site, I could not turn off this feature.

If you run into this same issue, just create a page and add a DVWP web part to the page to be able to view it anonymously. It works, I promise.

      
 
Comments Use SHIFT+ENTER to open the menu (new window).
  
There are no items to show in this view of the "Comments" list.
 

 About Me

 

 
Lori Gowin
SharePoint Administrator

Lori is a SharePoint Administrator who has been working with SharePoint and InfoPath technologies for over 5 years. When not focusing on SharePoint, Lori unwinds watching sports and spending time with her husband and children.

Women in SharePoint