Home > SharePoint Development, WSS Customisation > Internet-facing WSS Sites – redirecting anonymous users

Internet-facing WSS Sites – redirecting anonymous users

Most internet sites are aimed at anonymous users which causes a few problems if your site is built using Windows SharePoint Services 3.0.  The anonymous user settings for a WSS site contain the following options:

Anonymous Access - Site Level

Entire Web site permits anonymous users to browse the contents of your web site, including such behind-the-scenes pages such as View all site content.  (You can try this for yourself, just browse to most WSS (and MOSS 2007) internet sites and add /_layouts/viewlsts.aspx to the URL of the site.  Clearly this isn’t good.)

Lists and libraries on the other hand allows each individual list or library on the site to specify whether or not anonymous users are permitted to view its contents.  Much better, I’m sure you’ll agree.

However there is one major problem with the Lists and libraries option which becomes apparent very quickly: anonymous users cannot access the default page of the web site.

The default page for a WSS site is <site>/default.aspx and this cannot be changed using the SharePoint user interface (unlike MOSS).  This page is special as it’s not contained within a library, as such, cannot be made available to anonymous users when using the Lists and libraries option.


A solution to this problem involves writing an HTTP Module to redirect anonymous users to a page within a document library that has anonymous access turned on. 

HTTP Modules seem to strike fear in the hearts of some developers, however this one is very easy:

namespace AccessControl
  public class AnonymousPageRedirector : IHttpModule
    public void Init(HttpApplication context)
      context.PreRequestHandlerExecute +=
        new EventHandler(context_PreRequestHandlerExecute);
    void context_PreRequestHandlerExecute(object sender, EventArgs e)
      // if no path is specified in the request
      if (HttpContext.Current.Request.Url.AbsolutePath.Equals("/",
         && !HttpContext.Current.User.Identity.IsAuthenticated)
        // redirect unauthenticated users to the custom welcome page
        HttpContext.Current.Response.Redirect("/Pages/Welcome.aspx", true);

This piece of code checks if an anonymous user is attempting to access the site without specifying a target page, and therefore would be otherwise be directed to the unreachable default.aspx page, and instead redirects them to a welcome page within the Pages document libary.

To deploy, drop the dll into the GAC and then add the HTTP Module to the web.config of your WSS site by adding the following to the <httpModules> section:

<add name="AnonymousPageRedirector"
    AccessControl, Version=, Culture=neutral,
    PublicKeyToken=<your public key>" />
  1. August 13, 2008 at 12:36 am

    This sounds like an elegant solution to a problem that has bothered us for some time. Do you have any idea of the effect this would have on public search engine indexing (like Google)? We are almost at the point of using 2 urls, one for the landing page (anon access on) and one for the pages library (anon access for the site, off, but for the pages library, on). We would value your advise on this. We would be happy to pay your consulting fee for a 1 or 2 hour GoToMeeting or LiveMeeting. Please contact me if you are interested. Thank You. – Jon Frost.

  2. oidatsmyleg
    August 13, 2008 at 12:44 pm

    The solution outlined in the article appears to work for Google without issue; the WSS site that this HTTP Module was developed for is the top-ranked item on Google if I search for the site’s title. Yahoo also lists the site within the top-ten search results. No search optimisations have been attempted with the site, its vanilla WSS.

    Interestingly, this is not the case for Microsoft’s Live Search which doesn’t show the site at all. Ironic?

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: