Navigation

Thursday, 11 August 2011

How to enable Anonymous Access to a blog site on your Office 365 public website

This has been plaguing the forums for weeks now .. if I had a pound for everytime I've seen someone complaining about blogs on Office 365 .. I'd have .. erm .. about £15 ..

But seriously, this is something that a lot of folks have been complaining about .. but no more! :)

One thing that definately surprised me is that you can set anonymous permissions through Sandbox Solutions! This means that we can write our own custom code to enable full anonymous access for comments, categories and posts :) So I've done just that.

A link to download a Sandbox Solution can be found below. Just upload the WSP to your public website site collection, activate it, and drop the new "Hatch Solutions" web part onto the home page of your blog :)
NOTE: For those who aren't interested in how this works, and just want the web part, you can grab the WSP package here.
This installs a Web Part. Place this webpart on the home page of your Blog site, and hit the big button... it should do all of the work for you.

Important: You don't need to keep the webpart on there. Once you've checked it is working you can remove the webpart and remove the WSP from your Solution Gallery!
Regional Settings -  There have been numerous reported issues regarding regional settings (as the code looks for lists called "Posts" and "Comments"). Currently this WSP only works when your SharePoint Site regional settings are set to English.
So what are we doing?
This is really quite simple. The SharePoint API exposes the list permissions for anonymous users through an SPList property called AnonymousPermMask64. This is an enumeration of SPBasePermissions values which effectively describe what access anonymous users have.

The reason this doesn't work by default for anonymous users is because the "ViewFormPages" permissions is not included by default!

So our code is quite simple:

// get the "Comments" list
SPList list = SPContext.Current.Web.Lists["Comments"];

// check if it has unique permissions
if(!list.HasUniqueRoleAssignments)
{
 list.BreakRoleInheritance(true);
}

// make sure people can edit their own items
list.WriteSecurity = 2;

// grant permissions to anonymous users
list.AnonymousPermMask64 =
  (SPBasePermissions.Open |
   SPBasePermissions.OpenItems |
   SPBasePermissions.ViewFormPages |
   SPBasePermissions.ViewListItems |
   SPBasePermissions.AddListItems);

list.Update();


So all we are doing there is granting some additional permissions (ViewFormPages, ViewListItems and AddListItems) for anonymous users. Then we just rinse-and-repeat for Posts and Categories (but remember to remove the "AddListItems" bit!! otherwise anonymous users would be able to create new blog posts!).

That's it! I have a (short-lived) demo running on my current Office 365 site: www.hatchsolutions.co.uk/Blog/

Note - depending on how much spam and rubbish ends up on there, I will probably delete it sooner rather than later. I'll try and remember to update this post after I have.
To make this easy for you I have built a Web Part which you can download and install (link at the top of this post) which does all of the work for you.

So that is all you should need .. happy blogging folks!! (all we need now is a decent blog template with things like CAPTCHA.. )

59 comments:

  1. Martin,

    This is great. Question:
    There is no way to add anon permissions in the UI. Could your webpart be adapted to make the list name variable?

    Like have the web part display a text box for the user to enter the list\Library name then

    SPList list = SPContext.Current.Web.Lists[txtListName];

    If so, I could see lots of uses in templates that may not be intended for public site.

    TIA,
    Josh

    ReplyDelete
  2. Hi Josh :)

    Go and check out CKS:365.
    http://cks365.codeplex.com

    This is EXACTLY the kind of feature they would be gearing up to implement a bit more robustly!

    Tony Brindle is working on the initial release. The project isn't published yet but give it a few days and it should be live this weekend. Put in a feature request on the discussion board.

    Otherwise, you should be able to roll-your-own using the code above. If you are still really stuck and need something more urgently let me know :)

    ReplyDelete
  3. Thanks again.

    Hey do you know of a resource detailing which SPFeatures are activated on o365 public vs. private sites?

    Like this for o365:
    http://blogs.msdn.com/b/mcsnoiwb/archive/2010/01/07/features-and-their-guid-s-in-sp2010.aspx

    Hard to setup a proper dev environ if templates fail in o365 due to missing hidden features such as Web Analytics.

    Sharepoint Online dev guide is not very specific, reads like a carbon copy of guide for on-premises.

    Thanks,
    Josh

    ReplyDelete
  4. Martin,

    Does SPBasePermissions.ViewFormPages bypass the Forms Lockdown Features for anonymous users?

    Can anons see the list forms on public site after you do this?

    TIA,
    Josh

    ReplyDelete
  5. Josh,

    Re: Forms Lockdown Feature technically yes .. as all this feature does is amend the SPWeb.AnonymousPermMask64 value.

    When you run the code above you are breaking inheritence for 3 specific lists:
    * Posts
    * Categories
    * Comments

    So YES .. anonymous users will be able to access forms for those 3 lists .. but none of the others (you can by all means test this of course to confirm :))

    Regarding any "hidden" features I'm not sure. I would recommend using defensive programming, setting Feature Dependencies and code checks so that your code doesn't error.

    Otherwise maybe build a web part which spits out the SPSite.Features and SPWeb.Features collections so you can see what is and is not activated (including all of the hidden features)

    ReplyDelete
  6. Your office365 demo blog prompted me for authentication. Did you take the demo down?

    ReplyDelete
  7. Hi Tom,

    I just tested this again .. no authentication prompts.

    Were you using the Comments form at the bottom of the page?

    ReplyDelete
  8. I was browsing from my iPhone. The desktop browser solution works now that I've tried it, too.

    ReplyDelete
  9. Hi there, great tool but am having some problems trying to activate it on a blog subsite - any ideas please?

    ReplyDelete
  10. Geoff

    Thanks, what kind of problems are you having?
    Are you talking about a sub-site of a blog?

    e.g. http://www.mycompany.com/blog/sub-site/

    ReplyDelete
  11. M,
    quick question, does the same works for a sandboxed webpart that has GetItems() as a code???. In other words, lets say there is a silver light app webpart that reads data from a list and show images on the webpart. In plan p, this throws a wierd error for anonymous user - "The method GetItems of the type List with id is blocked by the administrator on the server". Would that be solved in E3???

    ReplyDelete
  12. This is working awesome - Great work Martin

    -Vin

    ReplyDelete
  13. Vin,

    If it is saying "blocked by the Administrator" then possibly not, although it is definately wortth a try.

    Give it a go and let me know if it works :)

    ReplyDelete
  14. Hi Martin,

    Great Solution! Just what I was looking for. I used your .wsp and it worked like a charm! Now anons can access my blog. However, I seem to be running into one issue. When I change the site theme on the blog site, it displays for logged in users, but not for anons. Is this by design or am I doing something wrong? Is there a way to allow them to see the new site theme?

    Thanks again,
    Lee

    ReplyDelete
  15. Lee,

    Thanks for the feedback :)

    I have to admit I've not seen this behaviour. In fact I have just applied a custom theme to my site and it is working fine.

    Don't forget if you are using custom master pages / CSS files you need to make sure that these are CHECKED IN, PUBLISHED and APPROVED before anonymous users can access them!

    ReplyDelete
  16. Hello Martin,

    Thx for this blog post. I have installed your WebApp too but it gave me an error are you realy on a blog page. Tried to figure it out so loaded your app into Visual Studio but you where using a dll. So I have built the App myself and I know now what went wrong. I am from the Netherlands and the lists have different names so it won't work for foreigners :). I thought I will leave this comment so that other people don't think that your app is bad!

    Anyway your blog post was a great help to me since it sent me in the right direction.

    thx again.

    ReplyDelete
  17. Anon,

    Doh .. yeh sorry about that. The code is pretty simple (i.e. hard coded list names ... slap). I didn't think about foreign language lists :S

    If you use something like .Net Reflector or Telerik JustDecompile then you should be able to get the source code out of my DLL (I haven't obfuscated it or anything).

    Thanks anyway, and glad it helped :)

    ReplyDelete
  18. Martin, Thanks for your hard work! I'm still having issues and I'm not by any means a sharepoint expert. I'm able import the wsp file and show the button. Then I was able to push the button and receive feedback, "Done. Your blog is now accessible anonymously" with success. However, I'm still having issues with viewing the blog site from the internet. When I do, I have to go to, "http://www.mydomain.com/TeamSite/BLOG/default.aspx" and it will ask for people to log in. I do notice one big difference is part of my address has, "TeamSite" where your's doesn't.

    Do you have any ideas?

    ReplyDelete
  19. James,

    Are you using the Small Business (P1) plan?

    I have only tested this on Enterprise Plans, so that might be the difference...

    ReplyDelete
  20. it's useful,but why alway show "Doh .. something went wrong. Are you sure you activated this on a BLOG site?"

    ReplyDelete
  21. a question, which page can I include
    the AnonymousPermMask64 code without webpart?

    ReplyDelete
  22. 法拉魚 (Farah Fish?),

    Thanks for your feedback. Did it work on your blog site or are you having problems?

    This was really just a quick sample to be honest (a bit of a "proof of concept"). If the code errors in any way then you will get the message "something went wrong". The most common reason for this is that the web part was placed on a non-blog site (hence the warning about that).

    If you want to code your own solution then you will need to use Visual Studio to create your own sandbox solution package which you can deploy to Office 365 SharePoint Online.

    ReplyDelete
  23. Hi Martin

    Does this fix work on Plan P1?
    Also how do I upload the WSP file?

    ReplyDelete
  24. Spud,

    Not sure if it works on P1..others have reported problems.

    Your Solution Gallery should be in the Site Settings page for your website (in P1 your Website and Teamsite are all in the same Site Collection)

    ReplyDelete
  25. Hi Martin,

    when I change language in my blog, it's working now. (chinese -> english)

    This webpart is working on E3 and P1.

    Another question, if I won't use webpart, sample code in which to use? (default.aspx?)

    by Felaray :P

    ReplyDelete
  26. Oops.. Sorry "Felaray" .. I'm blaming Google Translate (maybe should have used Bing!)

    thx for tip about Language settings, you're the second person to remind me about that now! Must try to remember :)

    Regarding custom code samples, you only ever need to run the code once (after the web part has run you can uninstall it).
    So default.aspx is probably not suitable. I would recommend a web part myself.

    ReplyDelete
  27. Thank you, I would like to say to it`s nice post for blog.

    ReplyDelete
  28. i have a list in office 365 intranet site and want to display the same in the internet site for anonymous users.
    i used page viewer webpart to display it,but it throws an error within the frame for anonymous users. is there a better work around for this?
    please help.. will your web part work?? else please suggest a solution.

    Thanks you

    ReplyDelete
  29. Hi sh,
    Unfortunately that won't work, because you can't enable anonymous access to SharePoint Online intranet sites.
    You COULD however build a custom web part which uses the ECMAScript SharePoint Client Object Model to pull the data from your intranet site, but you'd have to hard-code the username and password (which end users could then access as ECMAScript executes client side)

    ReplyDelete
  30. Hi Martin,

    first of all thank you for replying.. :)
    i do have a guest account, but how do i pass on the credentials? could u please explain a bit more

    ReplyDelete
  31. i mean is it possible to pass on the credentials using Client Object Model(ECMAScript)? i dont think it is possible to pass the credentials using ECMAScript.
    Please let me know if it is really possible

    ReplyDelete
  32. sh,

    No problem, it was a bit confusing at first (with the custom Claims provider Microsoft use) but there are some good blog posts now which explain how.

    Check out this post by Wictor Wilén (SharePoint 2010 MCM): http://www.wictorwilen.se/Post/How-to-do-active-authentication-to-Office-365-and-SharePoint-Online.aspx

    ReplyDelete
  33. Also .. here is the main MSDN article:

    http://msdn.microsoft.com/en-us/library/hh147177.aspx

    ReplyDelete
  34. sh,

    I've also noticed all of these are .Net based examples, so it might not be possible to do this with ECMAScript (i.e. JavaScript).

    You might have to write a .Net app locally which pulls data from your Intranet site and uploads it to another list on your Internet site. Would be a messy workaround but should work.

    ReplyDelete
  35. Hi Martin,
    can u give the code about sandbox mode?
    I'll fix your webpart and working in chinese blog :)

    ReplyDelete
  36. Hi Martin,

    I noticed on your test blog that when I try to search the blog it asks me to authenticate. I have been beating my head trying to figure out any way on earth to make search possible to anonymous users from a welcome page or any design element on SharePoint Online. I have tried copying the code by hand from internal search parts (since I cant seem to add any search web parts to external pages even with your trick about making the external page more configurable), I have tried a million ways to enable the anonymous permissions (setanon.aspx page just dies out). I have the E3 plan.

    Might you have any advice on this?

    Thank you - Matthew

    ReplyDelete
  37. Felaray,

    Send me an email using the Contact Us form at www.hatchsolutions.co.uk and I will send you the source code.

    ReplyDelete
  38. Anon,

    Good question, anonymous Search results is something a lot of people have been making noise about.

    You should be able to get this working using a "Search Center" sub-site.

    There is a blog article on this here:
    http://community.office365.com/en-us/b/the_grid/archive/2011/07/26/office-365-how-to-add-search-to-your-public-facing-web-site-with-sharepoint-online-grid-user-post.aspx

    ReplyDelete
  39. Hey Martin,

    Great work - I enjoy your site.

    I just started kicking the tires on Office 365 and have a P1 trial account going. I uploaded your wsp and clicked and it ran... Now for the Newb question... How did you get your POC Blog URL created?

    ReplyDelete
  40. Hi John,

    I just created a new sub-site using the "Blog" site template.

    ReplyDelete
  41. Martin, This works great for teh lists. Another quick question - is there a way to do the same thing for a document library or a picture library? I want the anonymous users to upload pictures on a specific picture library. The Upload pop-up doesn;t appear properly. Any thoughts?

    Vin

    ReplyDelete
  42. It unfortunately appears to break the ability to post from Windows Live Writer or Microsoft Word. I can't set up the blog on either client after using the anonymous 'hack' because the server is throwing in a redirect.

    ReplyDelete
  43. Steven - Doh .. thanks for that. A shame that this isn't just generally supported.

    Anon - the code samples should work for most things, of course the back-end forms may still be locked down due to the publishing features. You might need to write your own custom web part (and be careful of spam!!)

    ReplyDelete
  44. It is not working for me. "The method GetItems of the type List with id is blocked by the administrator on the server". I have Office 365 E1 Plan. I can set permissions (I review that in list permissions), but ... when an anonymous user enter... the "blocked" message appears.

    Any idea? I research and research but nothing works.

    Ariel

    ReplyDelete
  45. Ariel,

    Have you managed to deploy and run the webpart / code with an authenticated user?

    Once you have done that, remove the web part from the page.

    ReplyDelete
    Replies
    1. Hi Martin
      I have used your wsp for my blog site. Now I am able to comment on post anonymously.
      Only problem is that If i try to open blog site from mobile phone it is not opening site. It asks for login and after login in Only i can see blogs. But if i am trying to open site on computer it is opening without any login.
      Can you please help me why this is happening.

      Delete
    2. Amol,

      Thought this was a SharePoint Online feature. They pushed out a fix for this months back.

      Can you browse your main public website through a mobile? If not then I suggest you open a support ticket to get this resolved.

      I didn't have to do anything special for this to work on mine.

      Delete
  46. Martin, your solution is wonderful for the full site, but I'm having problems with the Mobile platform.

    I can reproduce the problem even with your example blog.

    If you goto you blog site, and goto site settings, the right hand side will have two URLS.

    Most likely it will be something like :

    Site Information
    Site URL:
    •http://www.hatchsolutions.co.uk/Blog/
    Mobile Site URL:
    •http://www.hatchsolutions.co.uk/Blog/?Mobile=1

    Your solution works great for the first url, but when you put /?Mobile=1 on the end of the line, it breaks!

    How to Reproduce:

    #1 Write down the two urls
    #2 Log out of sharepoint 365 (very important!)
    #3 Try to access the two URLs, you will quickly notice, the main Site URL has annoynmous access, but the Mobile site prompts you to login to Office 365.

    As you can see, http://www.hatchsolutions.co.uk/Blog/?Mobile=1 prompts for security. Any kind of solution to this would be wonderful!

    Thank You

    Nathan

    ReplyDelete
  47. Aye yes .. I tested before when my phone was in "desktop mode", but yes you do get redirected.

    I don't think the only plausible solution for this is some kind of page component which (in the OnInit event) detects the "?mobile=1" query string and strips it out for "?mobile=0" (which DOES work).

    I might try this and see if it works.

    ReplyDelete
  48. Hi Martin,
    I have tested it on my Office 365 public site but it doesn't work. It was successfuly deployed and activated, then I have successfuly put it on the blog site default page. But when I click to the button, i receive only: "Doh .. something went wrong. Are you sure you activated this on a BLOG site?"
    The architecture is very simple - I have created my blog web directly under public web site root site. Can You help me, please?
    Thank You
    George

    ReplyDelete
  49. Thanks Martin,
    I've wrapped the concept into a simple to use, no-frills web part (and it's free) to allow the modification of Anonymous Permissions for any list within the website.

    Managing Anonymous User Permissions on Office 365 Small Business

    -Xenox

    ReplyDelete
  50. Martin,
    Thank you much! I started my own business last year, and use office365, thus sharepoint for my public website...very early on i became frustrated and taught myself how to create a master page and "break free" from Microsoft's design template utilizing designer to edit my site. When I created a blog sub-site yesterday, same issues...until i stumbled upon your site.

    Your solution saved me hours of work! I then went in and customized the forms and master pages to add in social plugins etc...Anyway, thanks a million. One of my first posts will be thanking you and a link to your site! Still in design, but check it out: http://www.livingstonsolutions.com/blog (any further suggestions are always appreciated) - Scott

    ReplyDelete
  51. Martin,
    Ok, I am having a hard time understanding your directions. This is the part I am having trouble with

    A link to download a Sandbox Solution can be found below. Just upload the WSP to your public website site collection, activate it, and drop the new "Hatch Solutions" web part onto the home page of your blog :)

    I cannont find my public website site collection. I can't find it and I am probably overlooking it. I am new at this and need more information. Could you help please?
    Bob Rogers

    ReplyDelete
  52. Martin,

    Nicely done. It worked like a charm!

    Mike

    ReplyDelete
  53. Bob,

    You need to go to your public website "sign in" and go to Site Settings > Solution Gallery.

    You can upload it there

    Martin

    ReplyDelete
  54. Thanks a million! I used for solution for a different purpose. I can't open my public website in Sp designer before i installed your brilliant solution! thanks for sharing!

    ReplyDelete
  55. Hi,

    I have office 365 - P1 plan.
    I cannot use add solutions there. In site settings there is no solution gallery available in new office 365. (I don't know why they took out a lot of options from P1 plan).
    Looks like I cannot use ECMA script in new office 365 any more.
    How can I apply the above code in office 365 P1 plan?
    I am talking about the code starts with:
    SPList list = SPContext.Current.Web.Lists["Comments"]; ....

    Thanks for your feedback.

    ReplyDelete
    Replies
    1. Jan Vanderstappen2:38 pm, August 23, 2013

      Hi Aladdin,

      I got the same problem but I solved it by just going to the solutions page using the url.

      Add _catalogs/solutions/Forms/AllItems.aspx at the end of your URL and you should go to the solutions page.

      Don't forget to raise your site resources. For me, the default setting was 0 on my public SharePoint online site.

      @Martin... Brilliant solution! Thanks!

      Delete
  56. Aladdin,

    Yes lots of changes in the latest Wave release.

    I believe SPServices (the jQuery library which uses Web Services) still works for the public website. Might be worth looking to see if you can use the Web Service calls for this?

    Otherwise this might end up being a dead end in the latest wave (I've not really looked that closely)

    ReplyDelete

This blog has been moved to www.martinhatch.com

Note: only a member of this blog may post a comment.