Tuesday, December 11, 2007

Using InfoPath Forms Server with anonymous users

For so long I have been trying to convince my customers that the right combination of InfoPath, MOSS and workflow can solve 70% of their day to day business needs.

Well, guess what – I finally succeeded.

Only to learn that by default – forms server does not allow anonymous users to create new forms.

Well, my customer wanted to implement a “contact us” and “register to…” forms on his WCM MOSS internet site that will (of course) be published on the internet and allow any potential customer to fill in these forms with no need for logging in or registering for their site.

So, the solution for this consisted of 2 major steps.

Step 1 – defining out SharePoint site to use forms authentication provider.

I extended my AD web application (i.e. http://moss.kwizcom.com ) to a new web application (i.e. http://forms.kwizcom.com ) that uses forms authentication – this way I could create a simple user that has no privileges at all except to create items in the forms library (no edit / delete as well).

Step 2 – setting up a default logon user for anonymous users.

After step 1, all I had to do is to create a forms authentication user named: Internet User and give him write access to the forms library. Now, I added some code to auto login with that user when anyone browses to this web application http://forms.kwizcom.com.

For more information about completing step 1 you can see may blogs articles – simply google it.

I like Andrew connell’s one here: http://www.andrewconnell.com/blog/articles/HowToConfigPublishingSiteWithDualAuthProvidersAndAnonAccess.aspx

After you have forms authentication enabled on your second web application, the solution is rather easy.
  1. Create an InfoPath form, save it and publish it to a document library on your SharePoint server
  2. Create a new permission level on your site collection for “Add Only Read Only Permission”
    1. Go to Site Settings – top level site settings
    2. Click on advanced permissions
    3. On the “Settings” menu click on “Permission Levels”
    4. Add a new permission level named “Add Only Read Only Permission”
    5. Select only the “Add Items” check box (others will be auto selected – leave them)
    6. Click “Create”
  3. Create a new forms user named: Internet User
    1. Use the ASP.Net application to create a new user as explained in the Andrew Connell blog post above
  4. Give Internet User “Add Only Read Only” permission on the published form library
    1. Browse to the document library
    2. On the “Settings“ menu click “X Library Settings”
    3. Click on “permissions for this document library”
    4. If you don’t see the “new” menu item – you will have to break permissions for this library by clicking “Actions” and then “Edit Permissions”
    5. Click “New”, select Internet User give user permission directly to “Add Only Read Only Permission” permission level.
  5. Set up auto login for Internet User
    1. Go to the http://forms.kwizcom.com web root folder (by default: under c:\inetpub\wwwroot\wss\virtualdirectories\*
    2. Locate the global.asax file, back it up and open it in notepad
    3. Add this lines to the file to enable auto login as Internet User,
      replace [password] with the password you given the user.
      <script runat="server">
      public void FormsAuthentication_OnAuthenticate(object sender, FormsAuthenticationEventArgs args)
      if (Membership.ValidateUser("Inernet User", "[password]"))
      FormsAuthentication.SetAuthCookie("Inernet User", true);
    4. Save the file and close it.
Now we have to prepare the link for filling out this form using the browser.
To do so you will need a client PC that does not have InfoPath installed, browse to http://moss.kwizcom.com to the forms library, and click “New” on the forms library.
The forms server will open a browser based form for you to fill in.
Copy the URL of the create form page and replace http://moss.kwizcom.com with http://forms.kwizcom.com , replace moss with forms anywhere you see it in the query string as well, except for the “Source=” query string parameter.

That’s it! Simply put that URL at your site where you want users to create forms from and you are done!

Note: you might want to prevent user from browsing to http://forms.kwizcom.com and redirect them to the http://moss.kwizcom.com. This can be done in several ways. For demo purposes you could add this javascript to your master pages to make them do the redirect for you:

if(window.location.href.toLowerCase().slice(0,12) == “http://forms”)
window.location.href = window.location.href.toLowerCase().replace(“http://forms”, “http://moss”)


Martin said...

Nice information, will most likely be handy down the road.

If possible, feel free to post more about your InfoPath implementation as I'm trying to convince management to go this route without much success and could use all the ammo I can get.

Shai Petel (Ben Shooshan) said...

Sure thing,

If you need help with presale for InfoPath I have success rate of 100% so far :)

Martin said...

I'll take any help I can get. :)

Shai Petel (Ben Shooshan) said...

feel free to mail me: shai at kwizcom.com

Marshall Sutton said...

I have followed these instructions, as best as I can tell, but my Internet User does not have a New button on the library, and when I try to submit the form by manually entering the URL to load the form, I get an error that submission failed.

Strangely enough, the Internet User does have an Upload button, so I don't think that the user's rights are the issue.

Shai Petel (Ben Shooshan) said...

Ok, what i want you to do is:
log in using AD user to http://SRV...

click "new" to get the new form opened in browser.

copy the link, replace the http://SRV... with HTTP://FORMS.SRV....

use this link to add content as forms "internet user".

does this help?

Anonymous said...

We are trying to use InfoPath/MOSS to replace some paper processes in our organization. We are using this in conjunction with workflows in MOSS but we are finding that locking down security on each phase of workflow and for selections on the forms is very challenging. We are subject to SEC and FSA regulations due to our business. Any suggestions outside of site permissions? Also, we want the last stage of the workflow to send the form to a read-only doc library so that the forms can never be altered. Suggestions?

Anonymous said...


I am just trying change manage permissions of list item (Form library to which infopath form is saved)to specific user.
Is it possible to change the permission level from infopath forms

Shai Petel said...


There is no way to control item permissions directly from info path.

What you can do is develop an event handler or workflow action that will take care of the permissions in SharePoint. You can add meta fields in info path that will flag the event handler / workflow what permissions to give and this way it will be like controlling permissions using the info path.

Tim Mills said...


There is quite a lot of ways of submitting anonymous infopath forms.

I came across a nice solution that consists of only a few lines of code in the infopath form.

SharePoint Anonymous Infopath Forms - EASY!

Shai Petel said...

Thanks Tim!

Anonymous said...

Tim's way seems to make lists accessible, and is thus a security vulnerability. With the anonymous acces configured the lists allitems.aspx will be visible to anyone directly querying it.

Joseph said...

Hi everybody,Need help urgently!!!
I went through the instructions of this article, and sometimes I get login screen, like not getting the user or something...
does anybody else having this issue ever?


Shai Petel said...

Hi Joseph,
I think I need more info on your situation, like versions, logins used (AD? FBA?) etc...
Feel free to email me to shai at kwizcom dot com and I will see if I can help.