During testing of a SharePoint 2010 public facing website we noticed that when using mobile devices anonymous users were getting authentication prompts. Not good! The intended behaviour was to send users to the standard view of the website but SharePoint was detecting mobile browsers and redirecting to the mobile view of the site. We ended up modifying the compat.browser files as pointed out by Randy Drisgill so that all users on all devices got directed to the standard view. It got me thinking about if the out of the box mobile views could ever be used with SharePoint 2010 WCM solutions, and I’m afraid my conclusion has to be probably not!
The closest I could find to others people experiencing the issue was on this TechNet discussion, and also being able to confirm the issue on other public SharePoint sites (e.g. try ?Mobile=1 on http://sharepoint.microsoft.com). To track down what was causing the authentication prompt I created an out of the box Publishing Portal site collection and then enabled anonymous access for it in an extended web application. By forcing my browser to hit the mobile view of a page (by appending ?Mobile=1 to the URL) I could see from Fiddler that I was being redirected to a layouts page at /_layouts/mobile/mblwp.aspx. It seemed to be this page that was returning a 401 error and prompting for authentication.
So a publishing site and an error when hitting a layouts page – that has to be the lock down feature right? It turns out that it was and here are the steps I followed to confirm it.
I created four site collections from a Blank Site, Team Site, Enterprise Wiki and Publishing Portal templates. I then enabled anonymous access on all of them. By hitting the mobile views of the home page for each of these sites I was able to see that the blank site and team site functioned well for anonymous users; however both the enterprise wiki and the publishing portal prompted for authentication. I then used PowerShell to list the activated features and confirm that both of these sites had the site scoped ViewFormPagesLockDown feature enabled on them, and that the other two did not.
So everything was going as expected here. Deactivating the feature must surely now open up the mobile view. I used PowerShell to deactivate the feature on my publishing portal like so:
Disable-SPFeature -Identity "ViewFormPagesLockDown" -URL http://anon/sites/publishing
So closing my browser (and doing an IISReset, just for luck!) I hit the site with ?Mobile=1 again expecting to see the publishing site. Authentication prompt. Hmmm. At this point I started to think about going back to the drawing board and was wondering if there could be other interferences from the SharePoint Server Publishing Infrastructure feature. Before going too far down this road however thankfully I had an idea that simply deactivating the feature may not have been enough to fully ‘undo’ its effects. I went back into the anonymous site as an administrator and re-applied the anonymous access settings.
Now hitting the mobile view on the publishing site redirects me to the mobile view with no authentication prompts. Success! So I was able to confirm that it was the lock down feature that was causing the authentication prompts when hitting the mobile view on a publishing site.
Whilst deactivating the feature has helped me track down this as the route cause (in my development environment) it is certainly not something that I would recommend on a production system. I have to conclude therefore that the out of the box mobile views cannot be used with SharePoint 2010 web content management solutions. I guess some further work could be done to grant anonymous users access just to the /_layouts/mobile folder in the SharePoint Root, however in my scenario I think it’s more preferable to direct the users to the full site in any case.