Troubleshooting: Anonymous access on a public SharePoint site collection failing

SharePoint vs. Anonymous

Ah, everyone’s favorite, classic topic! Debugging SharePoint On-Premises configuration issues is the best thing since sliced bread, right? This post is about allowing/enabling Anonymous Access to a site collection – a simple configuration, that “simply works” like once every ten times you try it.

Symptoms

A lot of different ways to hit your head on this one. In any case, your on-premises SharePoint doesn’t allow anonymous access to a site where you are trying to allow it. Most typically, they’ll just encounter 401 error when accessing the site, or they might be missing some of the content or styles, resulting in partially broken site.

Causes

Usually incorrect configuration or non-published resources. Multiple reasons can cause this, though, I’ll describe some of them below with the solutions.

Solutions

A lot of things to check – let’s go through all of the most typical issues here!

Enabling anonymous access on web application level

This is basically the first thing you should do:

  1. Go to SharePoint Central Administration
  2. Manage web applications
  3. Edit authentication providers
  4. Choose to enable Anonymous Access. See below for a screen shot!
Enabling SharePoint Anonymous Access at the web application -level

Enabling SharePoint Anonymous Access at the web application -level

Do you have an anonymous user policy that stops users from accessing the content?

You can check and modify this in the web application settings, too.

  1. Go to SharePoint Central Administration
  2. Manage web applications
  3. Select “Anonymous Policy” in the “Policy”-group in the ribbon
  4. Enable access in the dialog

This link describes the steps for changing the user policy and enabling the Anonymous Access.

Do you have anonymous access configured at site permissions?

You’ll also need to enable the Anonymous Access on the actual site level. The easiest way to do that is with PowerShell – see below:

Using PowerShell to modify anonymous access permissions on SharePoint On-Premises

Is Anonymous Access enabled at IIS?

Ah – the classic. IIS might still be blocking Anonymous Access, even if SharePoint would accept it. To fix this, open IIS Manager, select your web site (it’s either by the same name as your web application or extended application), check authentication and make sure “Anonymous Access” is enabled.

IIS Authentication settings

IIS Authentication settings

You should enable Anonoymous Access in the dialog you can open by double-clicking on that entry.

Is some of the content unpublished?

This is the next thing to check. There are multiple files that can cause authentication prompts when unpublished, for example the following ones:

  1. The front page of the site colletion (or any other page that you’re trying to access) published?
  2. Publishing images or the ones used by the branding of the site published?
  3. CSS-files, master and publishing page layouts (check out the design galleries)

Figuring out which one is always an issue – if none of the super straight

Are you trying to let anonymous users access an application page that’s not meant to be accessed by anonymous users?

Okay – this is about your own, custom application pages. It’s really easy to actually make them inherit the wrong base class. If you’re trying to access a custom aspx that you’ve built for your own solution, make sure you’re not inheriting it from “System.Web.UI.Page” or “LayoutsAppPage” or  – that class requires authentication! Instead, use “Microsoft.SharePoint.WebControls.UnsecuredLayoutsPageBase” instead!

See this: https://social.msdn.microsoft.com/Forums/office/en-US/f8b567d4-1cd0-46c1-ac47-4498af88d798/how-to-provide-anonymous-access-to-a-custom-aspx-page-in-layouts-folder?forum=sharepointdevelopmentlegacy

Check that the location is allowed at web.config

Okay, let’s be honest about this – at this point, I’m probably already pretty desperate, but web.config is still definitely worth checking. You’d need to have something like this, for example, to allow access to a certain application page:

Okay – that’s all I’ve found so far!


None of these help? Drop a comment below, let’s figure it out 🙂

Note: This post was written slowly over 3 years after having to fix very similar issues in a couple of different environments. There’s a chance I’ve missed some changes introduced in some obscure CUs or something. If I did, let me know!

The following two tabs change content below.

Antti K. Koskela

Solutions Architect / Escalations Engineer at Koskila / Norppandalotti Software / Valo Solutions
Antti Koskela is a proud digital native nomadic millenial full stack developer (is that enough funny buzzwords? That's definitely enough funny buzzwords!), who works as a Solutions Architect for Valo Intranet, the product that will make you fall in love with your intranet. Working with the global partner network, he's responsible for the success of Valo deployments happening all around the world. He's been a developer from 2004 (starting with PHP and Java), and he's been bending and twisting SharePoint into different shapes since MOSS. Nowadays he's not only working on SharePoint, but also on .NET projects, Azure, Office 365 and a lot of other stuff.This is his personal professional (e.g. professional, but definitely personal) blog.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.