| As discussed previously in this chapter, anonymous access may need to be provided to SharePoint 2003 sites. Anonymous access must be enabled from within Internet Information Services (IIS) and can be enabled for the portal site directly, or for a specific virtual server. Then the SharePoint 2003 portal must be configured to allow anonymous access. Anonymous access needs to be configured from within the IIS Manager, as shown in Figure 7.14, and can be configured for the default website or for a Virtual Server created separately that points to the same database and uses the same application pools. This is significant because if anonymous access is allowed for the portal site directly, no users will need to authenticate to gain access to this portal because everyone is automatically granted access as an anonymous user. Figure 7.14. IIS authentication methods. 
As shown in Figure 7.14 the anonymous user account name is IUSR_PortalServerName by default. So when anonymous access is then granted in SharePoint 2003, this is the account that is provided access. By default, this user is a member of the Domain Users and Guests groups, with the account options User Cannot Change Password and Password Never Expires. If a different account is used for the anonymous access, it is important to include these group memberships and password restrictions. The following steps are required to enable anonymous access in IIS and to create and extend a new virtual server: 1. | Create a new virtual server in IIS.
| 2. | Extend the new virtual server.
| 3. | Enable anonymous access for the virtual server.
| 4. | Verify that anonymous access is allowed on the portal.
|
To create a new virtual server in IIS, follow these steps: 1. | From the SharePoint server, click on Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
| 2. | When in IIS Manager, click the node for the computer containing the portal site and then right-click Web Sites.
| 3. | Point to New and then click Web Site.
| 4. | On the Web Site Creation Wizard, click Next.
| 5. | On the Web Site Description page, type a description for the virtual server and then click Next.
| 6. | On the IP Address and Port Settings page, type a TCP port such as 8080 and then click Next. Each virtual server on the same server must either have either a unique IP address, TCP port, or host header information.
| 7. | On the Web Site Home Directory page, click Browse to browse to the folder where you want to create the virtual server.
| 8. | Click Make New Folder to type the name of the virtual server. Then click OK to return to the wizard.
| 9. | Click Next to accept the default Web Site Access Permissions.
| 10. | Click Finish to complete the process.
|
To extend the new virtual server from SharePoint Portal Server 2003, perform the following steps: 1. | Open the Portal site in Internet Explorer. On the navigation bar of the portal site, click Site Settings.
| 2. | On the Site Settings page, in the General Settings section, click Go to SharePoint Portal Server central administration.
| 3. | On the SharePoint Portal Server Central Administration page, in the Portal Site and Virtual Server Configuration section, click Extend an Existing Virtual Server from the Virtual Server List page.
| 4. | On the Virtual Server List page, click on the virtual server that you just created.
| 5. | On the Extend Virtual Server page, in the Provisioning Options section, click Extend and Map to Another Virtual Server.
| 6. | On the Extend and Map to Another Virtual Server page, in the Server Mapping section, select the appropriate host or IIS virtual server to map to. Then in the Application Pool section, click Use an Existing Application Pool and select the appropriate application pool.
| 7. | Click OK.
|
Follow these steps to enable anonymous access for the virtual server: 1. | Return to the IIS Manager, click the node for the computer containing the portal site, expand the Web Sites node, and then right-click the new virtual server.
| 2. | Click on Properties and then on the Directory Security tab.
| 3. | In the Authentication and Access Control section, click Edit.
| 4. | On the Authentication Methods page, select Enable Anonymous Access and then click OK.
| 5. | Click OK.
|
To verify that anonymous access is allowed on the portal, follow these steps: 1. | On the navigation bar of the portal site, click Site Settings.
| 2. | On the Site Settings page, in the General Settings area, click on Manage Security and Additional Settings.
| 3. | In the Users and Permissions section, click on the Change Anonymous Access settings.
| 4. | Now select the level of anonymous user access permitted for the site. In this case, either Areas and Content should be selected or Areas, Content, and Search.
| 5. | Click OK.
|
When this process is complete, test the anonymous access to the existing website with a client who currently has no access to the portal site (or create a test user for this purpose). This user should be asked to authenticate when the URL (http://abcsps01/default.aspx, for example) is entered. However, when the same URL is modified by adding the port number used by the new virtual server (http://abcsps01:8080/default.aspx, for example) the user will have anonymous access to the portal. |
