Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, June 3, 2013 2:15 PM
Hi Team,
we are using sharepoint foundation for website and sub site as mobile site using jquery mobile technology which has a dependency of _vti_bin/lists.asmx to access the SharePoint services. i am able to blocking the _vti_bin/lists.asmx using custom lockdown feature but my complete mobile site is not working since it is having dependency on main site. please guide me how to relove this issue.
I am able to see _vti_bin/lists.asmx from top fortune 500 sharepoint sites(IDBI,Dell..........).is it vulnerable?correct me if i am wrong.
Thanks, Balanarasimha Reddy
All replies (3)
Monday, June 3, 2013 5:18 PM ✅Answered
Hi,
I am not sure how you would be able to access the service when the lists.asmx is blocked for anonymous users and also logically I dont think there is way to elevate the permissions on client side, not sure though, however there are 2 options you can try :
1) Call the (lists.asmx)webservice through Sharepoint client object model and set the ClientCallableSettings for the anonymous users using Powershell :
$webapp = Get-SPWebApplication “http://somesite/”
$webapp.ClientCallableSettings.AnonymousRestrictedTypes.Remove
([microsoft.sharepoint.splist], "GetItems")
$webapp.Update()
Link for your reference :http://blogs.msdn.com/b/bobgerman/archive/2012/01/10/anonymous-client-access-to-sharepoint-2010.aspx
2) Create a new anonymous service and host it onto the Sharepoint box. This service would act as a proxy for communicating with sharepoint lists.
Thanks,
Amit
Thanks.,
Amit
Monday, June 3, 2013 3:40 PM
Hi,
if you have selected "Entire web site" in the site sollections "Anonymous policy" , you need not worry as this setting only allows anonymous users "View access" to all lists and libraries. However , if you have selected "Lists and Libraries" , you need to go to every list and allow "View Only access" to the anonymous user.
Thanks,
Amit
Monday, June 3, 2013 4:40 PM
Hi Amit,
Thanks for your reply.
Yes, we have selected anonymous access to entire website with view items option. Here client requirement is we should not display allitems.aspx,allpages.aspx,lists.asmx...etc to the anonymous users..i have implemented custom lockdown feature for anonymous users since we are using SharePoint foundation 2010.if i block lists.asmx my mobile site is not working. Is it possible to run the piece of code under admin rights like object model (run with elevated privileges) in jquery?
Thanks, Balanarasimha Reddy