Security vulnerability if _vti_bin/authentication.asmx allowed for anonymous users access?
https://sharepoint.stackexchange.com/questions/289267
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I block _vti_bin/authentication.asmx in SharePoint 2013 web application web.config file. even when I disable anonymous access to this web service it is opened for anonymous users. Is it any security vulnerability if it is allowed for anonymous users access?
Solution
No, this isn't a security vulnerability. You should not be adjusting security settings via IIS or the web.config. All Web App security should only be changed via Central Administration -> Manage Web Applications or via SharePoint PowerShell.
Anonymous is enabled on the IIS site due to the implementation of Claims authentication.
For security hardening, see Plan security hardening for SharePoint Server. If it is outside of the scope of this for SharePoint, it likely isn't a supported change.
