Monday, August 6, 2012

User Policy to restrict Form Authentication Users from visitingapplication pages like viewlsts.aspx

• On web application management ( e.g. http://ServerName:CentralAdminPort/_admin/WebApplicationList.aspx) page under central admin , go to Permission Policy :

• Mark the check box which says deny users to view application pages and save.

• Output is :

• Now go to user policies tab for main web application and click on add user :

• Select the zone on which public main application is deployed :

• Under people picker type "ASP.NET Membership provider name" , Permissions : Deny System Pages and click finish :

• Output is like :

Now access few application pages and lists directly to verify with a form authentication user .

Alternative approach and suggestions are welcome under comments section.

1 comment:

  1. Security Issues to be taken care while configuring SharePoint Search for Public facing Portals – SharePoint :