SP 2010发布网站匿名访问 [英] SP 2010 publishing site anonymous access

查看:84
本文介绍了SP 2010发布网站匿名访问的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

您好,


我有一个向公众开放的SP 2010门户网站 - 发布网站。整个站点都启用了匿名访问。


有一个自定义主服务器,用户可以查看已发布的应用程序页面。


在应用程序页面上,他可以看到存储在库中的文档(指向该文档的链接)。


但是,如果用户编写了适当的URL(http://server_name/myList/AllItems.aspx),他就能看到整个文档库的内容。


他可以看到整个网站的内容,每个文档库的内容等。


好的,他只能看到它们,不要编辑它们,但那不行。这是安全隐患吗?而且我认为它不符合GDPR。

解决方案

Hello Mario,


添加位置web.config中的标记,并指定要限制未经身份验证的用户访问的路径如下。


================ ================================================== ====


< location path =" / _ layouts / viewlsts.aspx">

  &NBSP; &NBSP; < system.web>

  &NBSP; &NBSP; &NBSP; <授权>

  &NBSP; &NBSP; &NBSP; &NBSP; < deny users ="?" />

  &NBSP; &NBSP; &NBSP; < / authorization>

  &NBSP; &NBSP; < /system.web>

  &NBSP; < / location>



< location path =" /Forms/AllItems.aspx">

  &NBSP; &NBSP; < system.web>

  &NBSP; &NBSP; &NBSP; <授权>

  &NBSP; &NBSP; &NBSP; &NBSP; < deny users ="?" />

  &NBSP; &NBSP; &NBSP; < / authorization>

  &NBSP; &NBSP; < /system.web>

  &NBSP; < /地点>

=========================================== ==========================


Hello,

I have one SP 2010 portal which is open to public - publishing site. Anonymous access is enabled on entire site.

There is a custom master and user is allowed to see application pages which are published.

On application pages, he can see documents which are stored in libraries (links to that documents).

But, if user writes appropriate URL (http://server_name/myList/AllItems.aspx), he is able to see the contents of entire document library.

He can see contents of entire site, contents of every document library, etc.

Ok, he can only see them, not edit them, but that is not ok. This is security risk isn't it? And it is not GDPR compliant I would say.

解决方案

Hello Mario,

Add Location tag in web.config and specify the path which you want to restrict the access from unauthenticated users is as follows.

======================================================================

<location path="/_layouts/viewlsts.aspx">
      <system.web>
        <authorization>
          <deny users="?" />
        </authorization>
      </system.web>
    </location>

<location path="/Forms/AllItems.aspx">
      <system.web>
        <authorization>
          <deny users="?" />
        </authorization>
      </system.web>
    </location>

=====================================================================


这篇关于SP 2010发布网站匿名访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发语言最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆