Challenge:

How can anonymous access to a site in SharePoint 2010 be set up, and how do the steps differ from SharePoint 2007?

Solution:

If you have been running MOSS or WSSv3 on Server 2003 and you’ve set up anonymous access before, you know the site needs to be configured in IIS to allow anonymous access as a preliminary step prior to configuring SharePoint. But IIS 7 on Server 2008 has anonymous access enabled default, so that is one step that you had to take in IIS 6 (Server 2003) that is no longer needed. But what about the rest – the configuration of anonymous access in SharePoint? Well, the basic principles remain the same, they’re just done through new locations and interface screens in SharePoint 2010.

Let’s get started with a common scenario where you want to configure anonymous access on one particular site in a Site Collection. The first step is to access Central Administration > Application Management > Manage web applications:

Select the Web Application containing the site you want to configure for anonymous access. Here I’ve picked my “SharePoint – bl2” Web App. But I shouldn’t select Anonymous Policy from the Ribbon just yet; I’ll need to configure the Authentication Providers first:

The Authentication Provider popup lets you choose the zone of the Web App you want to work with. Here, I only have the “Default” zone, so I’m going to click on it:

This opens the settings to Edit Authentication, where I can check the box to ‘Enable anonymous access’ for that Web App zone:

Once this has been done, when I go back to the Web App Ribbon and select Anonymous Policy, I will be able to select the zone (or All Zones in this case, since Default was the only zone), and then choose any restrictions to anonymous access. By default, “None – No policy” is set, so I need do nothing here since in my example I don’t want to place any restrictions on anonymous access:

At this point, I have been preconfiguring down to where I want to allow anonymous access to be set. But until I actually make the final settings at a Site Collection or Site level, anonymous users will not have any access. So I navigate to the location where I want to allow anonymous access and then go to Site Actions > Site Permissions:

For example, at the top-level Site Collection, I have access to an Anonymous Access button on the Ribbon (note: this is not the Anonymous Policy button seen at the Web App level):

If I want to grant anonymous access only to a subsite in that Site Collection, then nothing should be done with Anonymous Access at the Site Collection top-level. I instead navigate to the subsite and, from there, select Site Actions > Site Permissions. This will show that this subsite is inheriting permissions from its parent. Therefore, to allow anonymous access to this subsite, first I need to break inheritance (i.e., Stop Inheriting Permissions):

Once that is done, the Anonymous Access button is available on the subsite Ribbon:

Here, I can allow anonymous access to the Entire Web Site or Lists and Libraries:

Note that once that has been done, Anonymous Users has been added to the Site Permissions:

And I’m done. This site can now be accessed without the need to login.

See Also:

For information about the SharePoint permissions given to the anonymous account, the section on “Decide whether to allow access for anonymous users” in this TechNet article provides a good summary.