SharePoint 2010 ashx handler anonymous access

2
votes

I've seen plenty of information on the web about how to allow anonymous access to a specific SharePoint Application page by inheriting from UnsecuredLayoutsPageBase, etc.

How can I achieve the same thing for an ashx handler that lives in the layouts directory? By default, SP will require authentication to get to the handler. I can get around this by allowing anonymous access to the site itself, but I can't get away with that...I need anonymous access to only the handler. I have tried to stick a web.config file in the same directory as the handler and allow anonymous access there, but that still doesn't work.

1
sharepointashxanonymous
Did you ever find a solution to this? I have a webpart that points to a handler in the layouts directory. It works fine on our sandbox because that allows anonymous access but we cant allow anonymous access on our prod serverMungoid

1 Answers

3
votes

I had the same situation. You stated that you "can't get away with [...] allowing anonymous access to the site itself", so I'm not sure if my solution will work for you, but here it is:

  1. Turn on Anonymous Access to SharePoint (Steps 1 - 6 of http://www.topsharepoint.com/enable-anonymous-access-in-sharepoint-2010)
  2. In IIS manager, turn on Anonymous Authentication to the layouts subfolder that contains your ashx file. (SharePoint appears to still require authentication to application pages because they extend from LayoutsPageBase).

Alternatively, on my dev site I enabled SharePoint Anonymous Access, turned on anonymous access from IIS manager, and then created 2 web.config rules

<system.web>
    <authorization>
        <deny users="?" />
    </authorization>
    ...
</system.web>
<location path="_layouts/Folder/Anonymous.ashx">
    <system.web>
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>

However, I think that version is overcomplicated. I prefer the first option.