Rights on UsersDisp.aspx

Topics: FBA, Forms Based Authentication, MOSS, SharePoint
Feb 25, 2008 at 11:52 AM
Edited Feb 26, 2008 at 1:32 PM
Hi there

I'm currently working on fixing a moss installation which others have developed.

They have set up this site to use FBA, which works great.. However I found out that anonymous users have access to the administration pages of FBA and through this will be able to create, edit and delete users on this installation..

Can anyone who have FBA set up, check "_layouts/FBA/Management/UsersDisp.aspx" with an anonymous user and point me in the right direction for limiting other users than administrators to access this page..
Feb 26, 2008 at 1:34 PM
Which is offcourse just setting up the web.config to disallow other users than FBAAdmin on the /_layouts/FBA folder.. ;o)


scopas wrote:
Hi there

I'm currently working on fixing a moss installation which others have developed.

They have set up this site to use FBA, which works great.. However I found out that anonymous users have access to the administration pages of FBA and through this will be able to create, edit and delete users on this installation..

Can anyone who have FBA set up, check "_layouts/FBA/Management/UsersDisp.aspx" with an anonymous user and point me in the right direction for limiting other users than administrators to access this page..