The Question of the Day came in through Richard following Sharon Richardson’s EUSP Live Online Workshop on Security and Permissions in SharePoint 2007.

From Richard:
I have a browser-enabled infopath form that needs to allow anonymous submission. Permissions for form libraries do not allow anonymous add only view rights. I’ve tried a few setting changes to make this work but have not been successful. Let me know if you need more details of what I’m doing.

From Sharon:
Do you know if you are using forms-based authentication (FBA) or Kerberos/Windows NTLM? There’s a good series of 3 posts covering anonymous access in detail, here’s part 1 – http://blogs.devhorizon.com/reza/?p=498 – but the working solutions provided rely on FBA. Life gets trickier than it already is if you are working with a site that requires Kerberos or NTLM.

Here’s a post explaining how you can hack around SharePoint settings and access more than the ‘View’ option for the anonymous account – http://blog.metrostarsystems.com/2009/06/04/anonymously-submit-infopath-form-to-sharepoint-library/ – however, Microsoft closed a loophole in Service Pack 1 which means the coding solution is no longer effective. Trouble is, the service pack included several bug fixes for forms-based authentication…

From Richard
We use NTLM authentication; we have tried the solution from metrostarsystems.com after we installed SP2, and it didn’t work. We also tried creating a custom web service, which didn’t really work either.

From Sharon:
I checked with an ASP.NET developer for ideas and the options are not great with MOSS 2007. His suggestion went along the following lines: Write an ASP.NET page containing whatever it is you want to be able to submit (e.g. a form for anonymous comments from a blog). Then on the SharePoint site, you ‘ll need to modify the template with a URL for anonymous users to click to submit content. That URL takes them to the ASP.NET page (hosted separately in IIS) where they can submit their information. You can then process/moderate the form under a different authenticated account (e.g. ‘Anonymous User’) to move the content into SharePoint. That account will be displayed as the user when the form is submitted into SharePoint. (In other words, you’re using an authenticated account to submit the information without requiring the original poster to login)

It would require a bit of work to set-up but should be do-able with any authentication mechanism that IIS supports (essentially IIS will manage the process) which includes NTLM.

Sorry I can’t be of more help. It’s a definite weakness for SharePoint 2007 public facing sites. Default behaviour for anonymous access ‘out of the box’ is too black and white, expecting login to be required if any content is to be submitted.