man thinking

Access denied, 401 Unauthorized or login prompt

​Very occasionally I would get an email along the lines of "please can I have a login for your site". Huh? It's, um, anonymous access - have they been trying to get to the _layouts folder or something? They would assure me that they just tried to enter the URL for the home page.

screenshot of error message

Eventually the penny dropped. What these users were failing to mention was that they were trying to navigate to the site on a mobile device. And by default certain devices, as determined by browser user agent strings, are redirected to the SharePoint mobile version of your site. The user agents that show this behaviour are determined by the browser capabilities file which isn't really that up-to-date so browsers on most modern devices don't trigger the mobile redirect, but a some do.

The mobile view is a bit of a throw-back to a bygone mobile era. It gives you a very restricted text view designed to work on older devices. Nowadays mobile browsers are much better and most users will prefer to see your site rendered using responsive design to render a mobile view that is actually useful. Failing that, they would probably prefer to pan and zoom your regular page than struggle with the very limiting SharePoint mobile view.

An even worse problem is that your anonymous users might not have access to the mobile pages, resulting in the authentication problems described above. Rather than start fiddling with permissions, and possibly revealing more to the world than you wanted to, the best solution is to simply switch off the mobile view entirely. The easiest way to achieve this is to add a few lines to your web.config file. You need to add the following to the System.Web element following the SharePoint section that contains your SafeControls. It's normally about a third of the way down the web.config file. Here's the code to add:

<browserCaps>

<result type="System.Web.Mobile.MobileCapabilities, System.Web.Mobile, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>

<filter>isMobileDevice=false</filter>

</browserCaps>

And here's what that section of your config file should look like when you are finished:

<Action id="68c8f882-0c21-4190-9c85-ec9672bf8c16" sourceFile="C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\config\Webconfig.rs.xml" />

</MergedActions>

</SharePoint>

<system.web>

<browserCaps>

<result type="System.Web.Mobile.MobileCapabilities, System.Web.Mobile, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>

<filter>isMobileDevice=false</filter>

</browserCaps>

<securityPolicy>

<trustLevel name="WSS_Medium" policyFile="C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\config\wss_mediumtrust.config" />

<trustLevel name="WSS_Minimal" policyFile="C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\config\wss_minimaltrust.config" />

</securityPolicy>

<httpHandlers />

<customErrors mode="On" />

<httpRuntime maxRequestLength="51200" />

<authentication mode="Windows" />

<identity impersonate="true" />

If you want to do this programmatically you can use the SPWebConfigurationModification class and deploy it as a feature by adding your code to the feature receiver.

​​