SharePoint – thoughts on MSDN “Configuring and Deploying Anonymous Publishing Sites for SharePoint Server 2007”

Andrew Connell’s white paper on Configuring and Deploying Anonymous Publishing Sites for SharePoint Server 2007 just went up on MSDN.

The following are my thoughts in detail.  For the most part – I agree with the views presented in the white paper, and I believe the white paper covered at a glance many of the crucial aspects of anonymous publishing.

Some of these points I wanted to further elaborate and explain some of my own experiences and/or approaches that I’ve found to work better.


Limiting the Page Payload

Fiddler is great.  FireFox’s FireBug also serves a similar purpose.  You want to try to reduce the number of files that are sent across.  Reducing CSS, core.js, core.css will go a long way to reduce the page payload.

I’ve found HttpModule to be far better at stripping core.js, core.css and much of the unused form hidden fields from the output.  Need a lot of testing though.

In addition – check out YSlow FireFox add-in.  Which discusses issues such as E-Tags not being set properly in IIS – you might as well turn it off and let browsers determine file base on modified date / size.

Managing the Name ActiveX Control

This is related to my earlier blog SharePoint – Name ActiveX Control error.  I discussed the circumstances on why this ActiveX control is appearing, what does it do, and why does it only give you grief when running in the Internet Zone on IE.

While the Mossman Way works – I prefer using a HttpModule.

Anyway – I thought if Person Name Smart Tag and Presence Settings is switched off via Central Administration this would have gone away (mentioned later in the white paper).  UPDATE - tested this doesn't work - while the setting is off it still asks for the Active-X

Taking Advantage of Custom CAS Policies for Custom Code

Use CAS policies so you can keep to WSS_Minimal.

Many of our assemblies are deployed in the GAC which runs in full trust.  The reason we put them in the GAC is more a decision related to solution package deployment, and not from a security point of view.

Configuring a SharePoint Site Collection or Site

Blocking Users from Seeing All Pages in a SharePoint Publishing Site

ViewFormPagesLockdown is absolutely necessary.  I’m so glad it’s mentioned in this white paper.

Enabling and Configuring Caching

page output caching and object caching are mentioned – both are very useful.  Page Output caching for the anonymous profile is necessary to achieve high performance from a public site.  Remember to switch on the comment so you can catch caching issues from your staging and production servers.

blob caching is not mentioned – I’m not sure the reasons, but I’ve found it to be useful but I have seen the blob cache rendering and cropping only half of the CSS file that I have.  Is that a SharePoint bug?  Hard to say.  I found some blog articles that asked the same questions – blob caching is one of those supposedly-low-risk-high-gain performance configurations that you can do, but I ended up with only use blob caching with sufficient testing.

Configuring a SharePoint Web Application

Disabling User Presence Information

Just echoing this – I think this should stop the ActiveX presence “name.dll” appearing on IE when you stop this.

UPDATE - tested this doesn't work - while the setting is off it still asks for the Active-X

Disabling the Blog API

Disabling Incoming E-Mail

Separating Content Between Authoring and Production Environments

I noticed I stopped commenting much towards the end of the article.  It was good to see publishing content deployment being discussed at the end - great article.