Thursday, June 16, 2005

SPS Anonymous Authentication and Sign-In Button

If you've been having difficulties configuring Sharepoint for anonymous users, welcome to the club. Let's face it - good as it is, SPS was just not designed for extranet environments which require anonymous access. That being said, there is a way to work around this restriction - if you're willing to make a few trade-offs.

The first stumbling block is deceptively complex - giving autenticated users the ability to login and administrators access to administrative functions. The Sharepoint Administrators Guide suggests using separate virtual directories - one for anonymous users and another for everyone else. Am I the only one that thinks this is completely ridiculous? How are we supposed to administer the anonymous site, add content, manage lists, etc. without the ability to login? And why on earth would we want to maintain two sets of separate content? Nonsense, if you ask me.

There should be a button in SPS that permits authenticated users to login, just like there is in WSS. In fact, after many hours of trying every other possible method (including writing my own web parts, which is NEVER a good idea - I shouldn't even be allowed to install Visual Studio on my machine), WSS provided the answer. Although I couldn't find any evidence of this actually being supported by Microsoft (big disclaimer implied), I simply copied the code from the STS site template into my SPS template pages - VOILA! Instant 'Sign-In' button.

If you don't want to go digging around in template files for it (which, I'll admit, you probably should avoid), here's the code:

WebPartPages:AuthenticationButton runat="server"

[Remember to insert opening and closing tags - my HTML editor won't let me paste them in]

There are a few caveats to this approach:

1) It won't prevent the "My Site", "Site Settings", and "Help" links from being displayed, even though anonymous users can't actually get anywhere by clicking on them. If you don't mind remembering a few URL's, you can remove the SPSWC:PageHeader web part entirely.

Tip: The Site Settings link is /_layouts/1033/default.aspx">http:///_layouts/1033/default.aspx

2) The 'Action' links don't immediately show up when you login. You'll need to view the page in edit mode using the following URL: /default.aspx?mode=edit&pageview=shared">http:///default.aspx?mode=edit&pageview=shared.

3) There is no corresponding 'Sign-Out' button.

I'm sure there are other limitations to this approach, I just haven't found them yet. Post a comment if you find any others.