Restrict access to a hive page
-
10-12-2019 - |
Question
The purpose is to block the Incoming e-mail settings internal page (/_layouts/EmailSettings.aspx) to non-admin users or, simply, to all with an exception account.
Via authorization element in web config no access is restrain with the following entry:
<location path="_layouts/EmailSettings.aspx">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
Any thoughts?
Solution 2
Not recommendable, but I added the following code to the layout page:
in a script element, with runat="server" property
protected void Page_Load(object sender, EventArgs e)
{
if(!SPContext.Current.Web.CurrentUser.IsSiteAdmin)
SPUtility.HandleAccessDenied(new Exception("Only Site Admins can access Incoming e-mail settings."));
}
OTHER TIPS
The way I did exactly this a couple of years back was developing a SharePoint DelegateControl WebControl and staple it to the PlaceHolderAdditionalPageHead.
The WebControl would include code to check if the "/_layouts/EmailSettings.aspx" page is hit and if so check who is trying to reach this page (in my case checking web.config for a particular username).
Wasn't actually very hard once I got the basic plumbing done but requires C# coding skills (not necessarily Visual Studio if you can live with some basic tools like Notepad++ and the CodePlex WSPBuilder commandline tool).
Let me know if you're up for some rough C# code and I'll dig it up from an old archive once I'm back at home from traveling later.