Restricting access to pages such as AllItems.aspx, EditForm.aspx in MOSS

In Moss 2007 we have the pages such as AllItems.aspx which are used to view the contents of a List or a document Library. Similary, the page AllForms.aspx is used to view all the Forms in a Forms Library. So as we have other pages Editform.aspx, DispForm.aspx.

Now if you have enabled anonynmous access on your system, then these forms are viewable for all the users, no matter if they are registered users or not, by simply typing the url.

However, these pages should be viewable only for the Admin users. So what's the trick?

One way is to go to each of these forms and add server side code blocks to check if the current user is Admin or not and depending on that redirect them to home page or may be login page in case of anonymous users. That's what i did initiall, but later found out an easy out-of-the-box solution available with Sharepoint 2007.

This issue is resolved using the feature called ViewFormsPagesLockdown Feature. This lockdown feature is enabled using the stsadm command as below:

stsadm.exe –o activatefeature –url -filename ViewFormPagesLockdown\feature.xml

You may have to first switch to the bin directory containing stsadm.exe and then change the text with your site collection's URL. Also, you may have to give the full path for the feature ViewFormPagesLockdown\feature.xml.

After you run this command, disable the anonymous access and enable it back again.

In case you want to go deep into this feature then follow this MSDN Blog Post.

No comments:


Powered by Blogger.