Sunday, July 19, 2009

Anonymous access Webpart and List security

I was reading one of the article below from Mike Walsh and was also concerned about our Web part security displacing sensitive data.

Whats the concern :
In simple words , if you have a site with Anonymous Access enabled and have one more list / document library with inheritance broken. Users can still access the list data/documents because of Anonymous Access setting on web.

Is it Bug ?:
I don't think so, its kinda same behavior as we have for Nested folders on Windows, where if you open door for the top level folder then all sub folders become open to all.

1. You can fix it from UI
a. Navigate the list / document library you want to restrict the permissions.
b. Settings > List Settings > Permission for this list
c. Settings > Anonymous Access
d. Remove the check box from View Items and save.

2. If you have written a custom web part to access the list data/documents, then you need to perform additional check before displaying data to the user as shown below.


if (!SPContext.Current.Web.AllowAnonymousAccess )
// Code goes here