Restricting access to contents in “_vti_bin” for both authenticated as well as anonymous users

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/167264

As per a new security standard implemented by my organization I need to restrict access to the /_layouts/15/_vti_bin/lists.asmx for both authenticated as well as anonymous users.

I am thinking of restricting "everything" that is inside the folder _vti_bin. If I do that, will there be any problem in normal functioning of SharePoint 2013? I have few custom webparts that uses REST webservice but none of them use lists.asmx.

Note: Due to some reason I couldn't use the method "<location>...</location> " in web.config as recomended by Microsoft. So I am using the approach mentioned in this SE post (the one marked as answer).

有帮助吗?

解决方案

This simply isn't supported. SharePoint needs to be able to make those calls as well, e.g. PowerPivot (call is translated from NT AUTHORITY\ANONYMOUS to the target caller). You will just need to communicate this to your security folks.

其他提示

did you tried adding authorization rule in web.config file. eg. for specific sitecollection

<location path="sub-site/_vti_bin">
  <system.web>
    <authorization>
       <deny users= "?" />
       <allow users = ”*” />
    </authorization>
  </system.web>
</location>

refer below link for further details : http://thuansoldier.net/?p=4267

许可以下: CC-BY-SA归因
scroll top