I recently ran into a problem with Anonymous Access in SharePoint 2010.
It was setup correctly in Central Administration – on the site, the Anonymous user had access, and in IIS, the site had Anonymous Authentication allowed. And yet, for some reason, I still could not get in anonymously.
After doing a bit of digging, I found a problem in IIS sites where permissions was not granted to the ‘Everyone’ user. This was very obvious after I found it, but not so much beforehand. So, at this point, you can either skip to the bottom of this article to fix that permission, or run through the steps I did to ensure that anonymous access is setup correctly.
Overview of Anonymous Access
Let’s say you’ve built out your SharePoint website and are now wanting anyone to come and visit your site, so you enable anonymous access on the site collection but no such luck. It still prompts you to log in, even with anonymous access settings turned on. Frustrating.
Let’s double check that anonymous access features have been turned on in three places:
1. Central Administration
2. On the site
3. IIS (Internet Information Services 7)
Log on to your SharePoint server and load up Central Administrator.
In Central Administration, we are going to navigate to your web application settings. Central Administrator -> Application Management: Manage Web applications, select the web app of the site you want to enable Anonymous access for and check Authentication Providers. Click the Default under Zone. In the Edit Authentication check the ‘Enable Anonymous Access.’
From the same place, Central Administrator -> Application Management: Manage Web applications, select the web app and check Anonymous Policy. Ensure that ‘None – No Policy’ is selected.
Now that everything in Central Administrator looks good, let’s check the site.
On the site:
Go ahead and navigate to the site in question, log in, and go to Site Actions -> Site Permissions. Click Anonymous Access in the Ribbon. In the Anonymous Access window select Entire Web site and click ok.
It will add the Anonymous Users to the permissions list.
So all looks good – Central Administration is set and the site has access for the anonymous user. But we are still getting prompted for credentials… Let’s check IIS.
Open Internet Information Services (IIS) manager and expand the Sites tab and look for your site in there. Select your site and click the Authentication icon under the IIS section.
In the Authentication window, make sure Anonymous Authentication is Enabled.
Now, here is where we get stuck: All the different places were the Anonymous Access could be turned off are on, but still we cannot get to the site without being prompted for credentials.
Well one last place to check is the web site’s permissions. In IIS manager, select the site, and right click it and select Edit Permissions.
This will open up a site properties box, select the Security tab. In the Group and Usernames that have access to the site, make sure that Everyone has Read privileges. If not, you’ll have to add it, by clicking Edit. On the next window, click Add. Find the Everyone user, click ok and then give them check the Read under the Allow column.
Now go back to the site and see if it prompts you to enter credentials. No prompt for credentials? Hurray!
This makes sense considering a web site is just a group of files, if the ‘Everyone’ user doesn’t have permissions to read it, no one without explicit permissions to the site will be able to view it.
Remember: This article is for SharePoint 2010, but if it’s an IIS permission problem, then it could affect more than just your SharePoint 2010 sites.