-1

I have a custom page in sharepoint 2010 deployed (to .../mysite/_layouts/...aspx) and operational. I write an proxy-redirect rule in apache to access this page via an internet url (port 80). The proxy works fine. I have set the sharepoint 2010 "enable anonymous access" options. I see on my sharepoint WFE in the IIS7 logs that the call is getting through to the WFE machine and that the sharepoint access URL is correct. So far so good: I am on the machine with the correct URL.

But I am still getting a 401 unauthorized. What do I have to set on the WFE, site, or sharepoint central to enable true anonymous access to this page? I checked the (custom) web page web.config and verified that anonymous access is turned on, so I suspect a general central sharepoint admin or IIS setting is missing.

thanks!

Improve this question
1
  • SharePoint would probably be a better fit for this.
    – user1864610
    Commented Jun 15, 2014 at 7:29

1 Answer 1

Reset to default
0

Here was the solution in our case:

  1. Our apache proxy is configurd with ProxyPreserveHost On and this cannot be changed without side-effects. Thus, the proxy is routing to the sharepoint machine but the http header still contains the external (extranet) hostname. Solution: in IIS, add a virtual host. This is done by right-clicking on your sharepoint portal name in iis => edit bindings and add a binding to your external host name on port 80 (http).

  2. Then, in your sharepoint central, you need to add a so-called "Central Administration Alternate Access Mappings" Just go to central admin and you will see this in the system settings category. Then just add an Internet (not intranet) zone and map it to they new hostname (the one coming on from your proxy).

  3. Lastly, be sure that both your central admin as well as your sharepoint web site have enabled anonymous access. How this is done can be found, for example, here: here or here

  4. A real SNAFU that could cause major frustration if you are not an insider is the fact that you must disable loopback control in regedit on the machine. See here and here. If you don't do this, you will still get Status 401 in-spite of it all!

  5. You can test locally by using "in-cognito" mode in your browser to attain anonymous status.

Worked for us.

Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.