Friday, September 28, 2007

Anonymous Users – Access Denied

At a client recently we tried to enable Anonymous Access to a WSS site, but unauthenticated users were still being prompted for a username and password. If you cancelled the log-in prompt, you would get an IIS "Access Denied" page. So I ran through the default tests:

  • Web Application created with the "Allow Anonymous" setting enabled – Check
    (by the way, after the Web Application has been created this setting is managed from the Application Management – Authentication Providers section)
  • Site Collection has anonymous access enabled for the entire site – Check
    (Site Settings – Go to top level site settings – Advanced Permissions – Settings – Anonymous Access)

That should have been it. After some tinkering around I discovered the problem was a web part on the home page. This was trying to filter the list of tasks based on the current user. Taking the web part off the page resolved the problem.

If you really need this functionality you will need to develop your own custom web part that will first check if the current user is authenticated before retrieving and filtering the items.