Disabling anonymous access on a single site through PowerShell

Anonymous access in SharePoint 2013

This post is about managing Anonymous Access on a SharePoint site (SPWeb) using PowerShell commandlets. It’s often a lot more feasible and even easier than using the browser interface!

Description

Assume you have a site collection that’s published to the whole world. You’ll have anonymous access enabled at both web application and site collection -levels, and configured permissions at the root web -level. Now, let’s assume you want to disable anonymous access on a certain site deeper in the site structure. This way anonymous users could access your site at http://site.com and http://site.com/subsite, but not at http://site.com/subsite/deepsubsite. As an added bonus, that web would even be removed from the navigation for anonymous users (security trimming).

Solution(s)

Of course, you could do this through site permissions -page via browser (http://site.com/_layouts/15/user.aspx) by breaking permissions inheritance and disabling anonymous access, but there are multiple situations when this is not feasible – say, for example, that you already have a redirection for that certain url set in the IIS or gateway, and can’t access the page. Luckily, this can also be done with PowerShell.

 

This is a lot faster than through browser, right? 🙂 Just remember to use the right url for the web, SharePoint will find out the right zone for you!

How to properly use SPWeb.AllowUnsafeUpdates?

SharePoint2013

At times you may need to allow unsafe updates to SPWeb objects to get your code to run. This, in SharePoint C# code-behind is done by setting SPWeb.AllowUnsafeUpdates to true. However, as this is an exception to security settings, and should generally not be done, it’s a good practice to limit the change to as small a scope as possible – even though the setting is only persisted for the duration of the request (unless the SPWeb object was gotten from SPSite.GetWeb() or SPSite.Webs[]).

What to do?

I’ve found the easiest way to temporarily allow unsafe updates in a safe way but without too much of extra code to be this:

Please note, that it’s unwise to simply set the AllowUnsafeUpdates to false after the code, because there’s an ever-so-slight possibility of it screwing up some other code running in the same context at the same time! And of course, it’s likely to be unwise to allow unsafe updates if you’re handling data that was gotten as user input.