Anonymous Access disabled due to User Policy

Anonymous Access disabled due to User Policy

In SharePoint 2013, some scenarios require Anonymous Access.

It is the case for:

  • Internet sites: any user can access the site without being logged in.
  • Extranets with Form-Based Authentication: any user can create an account and recover his password, before to login and be allowed to access sensitive areas of the Extranet.

Many blogs explain how to setup this anonymous access on a specific site. It is a straightforward operation and we won’t detail it in this article.
More information are available here: https://technet.microsoft.com/en-us/library/cc263363(v=office.12).aspx.

However, it may occur that the anonymous access does not work as expected…

Problem

For one of our customers, we faced one problem we never met.

 Any anonymous users trying to access a site with anonymous access enabled were constantly redirected to the login page.

During the troubleshooting phase, we checked that:

  • The configuration for anonymous access was correctly set for the Web Application zone and for the site, as described in TechNet.
  • There was no particular error in the logs.
  • There was no custom code deployed on the Web Application or the site.

Everything seemed to be set correctly. Except one thing…

Resolution

The issue came from one User Policy set of the Web Application.

In our case, a specific User Policy was explicitly denying access for a specific user (a user that was forbidden to access the Extranet).

Get the User Policy in Web Application

Removing that User Policy solved the problem.

Anonymous users were able to access the site.

Decoding

SharePoint was preventing access to all anonymous users because it could not give access to this “forbidden user”, as specified in the User Policy.

By allowing access to anybody, SharePoint would potentially give access to this user, unbelievable!
So SharePoint prefer to block everybody. Clever…

iNext Consulting SA

Chemin des Aulx 14 - Bât14 CTN

CH-1228 Plan-les-Ouates


+41 22 794 71 36

contact(at)inext-consulting.ch