ViewFormPagesLockDown – Restrict Permission to Application Pages in SharePoint

ViewFormPagesLockDown is a SharePoint Feature (not in WSS) that helps us in:

  1. Allows anonymous users to only view the Publishing pages, not any of the form or view pages (DispForm.aspx, AllItems.aspx)
  2. Disallows anonymous access to pages in the _layouts directory that inherit from LayoutsPageBase.

By default, all publishing sites have the feature called ‘ViewFormPagesLockdown’ activated, but not on the Collaboration Portal site or Team site definitions. Without this feature active on anonymous public sites, any users – including search engines like Google will be able to view (and crawl) SharePoint out-of-box pages which are tied to lists and webs that allow viewing by anonymous users.

Yes, These users might not have the ability to do anything, but you may not want anonymous users to view the form pages.

If you want to place your custom application pages inside the _layouts directory, which anonymous users must hit, there’s the UnsecuredLayoutsPageBase class you can use as the base class of your page, and there’s always just the Page class as in a standard ASP.Net application page.

To Activate the Feature using STSADM: stsadm -o activatefeature -url -filename ViewFormPagesLockDown\feature.xml

If you still get the Form pages visible for the end users, Try: With the ViewFormPagesLockDown feature Enabled, disable Anonymous Access in the site, then re-enable it.
MSDN Link:

In SharePoint 2016 and SharePoint Online viewformpageslockdown feature is renamed to “Limited-access user permission lockdown mode Feature

Salaudeen Rajack

Salaudeen Rajack - SharePoint Expert with Two decades of SharePoint Experience. Love to Share my knowledge and experience with the SharePoint community, through real-time articles!

3 thoughts on “ViewFormPagesLockDown – Restrict Permission to Application Pages in SharePoint

  • I don’t see that in my SP2013 Team Foundation. Is that feature only available in Enterprise?

  • But, how do you do this for a user with Full control?

  • Nice, thanks for information.
    Sad but MS is still pushing us to use stsadm instead of PowerShell in many situations.


Leave a Reply

Your email address will not be published. Required fields are marked *