Locking down InfoPath forms within a SharePoint Internet environment

By default SharePoint isn’t that great at restricting anonymous users to perform custom tasks and this includes submitting forms. In order to allow users permissions to submit forms and nothing else I’ve implemented the following. All of these details are being included in the work instruction that details how to create internet facing web sites with SharePoint. Currently I’ve only created a cheshireeast site but cheshirewestandchester will be the same.
 
I have currently only tested this with a ‘submit to e-mail’ form. I will shortly configure a ‘submit to forms library’ form and a ‘submit to spreadsheet’ form and test those.
 
Anonymous permissions
Turn on anonymous permissions and grant access to entire site (now trying with Lists and Libraries)
 
Administration of site
Most administration tasks can be performed by viewing the internal version of the site on http://ceforms.ourcheshire.cccusers.com
 
Administration of anonymous version of site
Administration of the anonymous site itself is made slightly more difficult. The only aspect of the site that I am aware would actually need to be configured on the anonymous site itself is the permissions for the anonymous user. If this is required you need to:
           Add an entry in your hosts file – 10.33.247.200        forms.cheshireeast.gov.uk
           Add forms.cheshireeast.gov.uk to your proxy exclusion list in IE
You can then browse to the anonymous site, forms.cheshireeast.gov.uk, with the ability to sign-in to administer the site
 
Reverse proxy configuration
To restrict users to only be able to access certain pages within the site I have added one additional rule to the reverse proxy configuration. This rule only allows reverse proxying of the following three pages: FormServer.aspx, Postback.FormServer.aspx and FormServerAttachments.Aspx.
RewriteCond Host: forms.cheshireeast.gov.uk
RewriteCond URL (^/_layouts/FormServer\.aspx.*|^/_layouts/Postback\.FormServer\.aspx.*|^/_layouts/FormServerAttachments\.aspx)
RewriteProxy (.*) http://ceformsext.ourcheshire.cccusers.com:8448$1 [I]
Clearly if requirements change and we need to grant users access to additional pages this can be updated.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s