there is a requirement in my project to create couple of anonymous pages in SharePoint Online for guest users. I know this is possible with SharePoint On Premise, however just wanted to check if its possible in SharePoint Online also to create anonymous pages, because in SharePoint Online, its always required to authenticate the user against Azure Active Directory.
Business Scenario - Guest users should be able to access 1-2 anonymous pages, after that they need to login into the application to access further application features and functionalities.
Anonymous access is not supported in SPO sites from safety reasons and because sharing with external users is well done through Azure Active Directory.
However, the "anonymous page" behavior can be reproduced in SPO as following:
Go to Microsoft 365 admin center
Select SharePoint
Go to Sites and select Active Sites
Select the Site Collection you want, go to Policies and select "Anyone" radio button
see screenshot
Also, when doing this be careful at what you have set here: Microsoft 365 admin center->Policies->Sharing (do not forget to pay attention on safety and security)
see screenshot
Basically, all you need can be achieved by using the Admin center. This link contains more details on what I have described: https://code2care.org/tutorial/how-to-enable-anonymous-public-access-microsoft-office-365-sharepoint-online-site-collection-file-folder-without-login
Hope it helps, best regards!
Related
We have an app that allows scanning mailboxes in Exchange Online (Office 365). This app works fine, using the Microsoft Graph API User.Read.All permission to first fetch all users, and then Mail.Read to read their mailboxes.
Problem: One customer wants to restrict our app to work over a single mailbox, as a test of our app, without granting our app access to their whole tenancy.
It looks like this is possible using a "mail-enabled security group": https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access . So the Mail.Read permission is not a problem.
But our app also lists users, so it needs the User.Read.All permission. I cannot figure out how to set this up for the "security group". Any ideas?
AFIK, this is not possible yet. Profile access in AD cannot be restricted as mailbox access in Exchange. We are facing the same issue.
I have created two applications in a microsoft office 365 account. When I saw the permission details for these two apps, I found one difference. For the first application, "OFFICE 365 SHAREPOINT ONLINE" was present, on the other hand it was absent in case of second app.
Can someone please explain why it was present in first application but absent in second one?
Also how to add the missing permission "OFFICE 365 SHAREPOINT ONLINE" for an application?
Sharepoint online Permission in first application
It looks in your screenshot like you're looking at the Enterprise Apps blade. I believe that will only show the permissions that the app has actually requested.
To change which permissions show up there you'll actually need to change the permissions being requested by the app which would happen under either the App Registrations or App Registrations (Preview) blade (slightly farther down in the list where you already are) depending on where you originally registered the app.
You should only need SharePoint permissions directly though if you plan to call SharePoint APIs that aren't covered by Microsoft Graph. You can do many tasks in Microsoft Graph directly so make sure you actually need the SharePoint permissions before requesting them.
We have a sharepoint site that is used both internally and externally. Internal users are authentication via AD and there are no issues. The external users are authenticated using STS and the Portal User Table. However whenever an external user tries to open a document they have to re-enter their login credentials.
This happens everytime they open a document unless they happen to have left the application that the document is read in is left open, i.e. if they open a word document, leave it open and then open another word document then they don't get asked for credentials.
This is obviously a royal pain as we are using the site for document review, revision and collaboration. Our systems team say this is working as designed and there is nothing that can be done about it. Is there any practical way to resolve this without the external users having to specifically configure something on their own system or network?
Thanks
Jim
Here is a solution I found quite some time ago..
In Internet Explorer, click on Tools and select Manage add-ons
Highlight Toolbars and Extensions in left navigation.
Locate SharePoint OpenDocuments Class
Right-click and click the Disable button
Close and refresh browser
What I have?
I have a SharePoint 2010 web application with FBA configured and it is exposed to Internet. The root site collection has a huge hierarchy and each site has document libraries with many documents.
There are more than 10 site groups defined and some of them has access only to some sites.
What problem am I facing?
Everything was working fine and suddenly I am facing a problem in Enterprise Search.
When a user searches, the search result displays everything (including the site where user does not have permission) and clicking on a result it either opens the item (page/document) or shows Access denied error depending on whether the user has permission on that item.
Can someone tell me why is this happening?
We finally figured out the problem with this one.
We had given Full Read permissions to NT AUTHORITY\Authenticated Users for All zones in User Policy of the web applications in question. I am not sure of the reason for giving this permission. We removed it. Then, a full crawl fixed the issue.
Thanks!
How to login to windows authenticated sharepoint site automatically without prompting for credentials using VB.net. any help would be appreciated.
Thanks in advance.
Info you've given us is not enough to answer corretly; I hope this helps:
If it's a custom solution that is in the sharepoint; sharepoint should do this automatically if the user has the appropriate read permissions given in the "User permissions" of the site and there should be a ie trick like:
Go to Internet Explorer options.
Add the SharePoint site to the Trusted Location.
Go to Custom Level and scroll to last option and change it Automatic logon with current username and password.
You may also do it for Intranet Zone if required.
reference here
Like you can understand, it's a client based decision as well, so there should be no fully-operable way to do this.