12/08/2012

SharePoint 2010–Hiding "Sign in as Different User"

 

The "Sign in as Different User" is a bad idea for a lot of reasons, but the two biggest are:

  • Security on the computer where "User B" wants to access SharePoint. While at this computer they could perform any number of actions as "User A".
  • Mixed experiences when using software other than a browser. As an example, "User B" can "Sign in as Different User" on the "User A" computer. Everything done from the browser, such as adding list items, is logged as "User B", but many actions performed from Word, Outlook and other tools will be logged as "User A"

"Sign in as Different User" is available from the Welcome menu and from the Access Denied page:

           clip_image002[6]           clip_image002[8]

 

How a Site Owner can hide "Sign in as Different User"

You can hide the "Sign in as Different User" option by adding a small block of JavaScript code to your site's master page just before the </body> tag.

<script type="text/javascript"> 
var doc = document.getElementsByTagName('ie:menuitem');  
for (var i = 0; i < doc.length; i++)  
{
    itm = doc[i];
    if (itm.id.match('LoginAsDifferentUser') != null)
      { itm.hidden=true; }
 } 
</script> 

Note: You can still "Sign in as Different User" by navigating directly to the Access Denied page:
  http://yourserver/sites/yoursite/_layouts/AccessDenied.aspx

 

How a developer or server administrator can hide "Sign in as Different User"

As there are two ways a user can get to the "Sign in as Different User" option you will need to make two different changes, one to the Welcome menu and one to the Access Denied page.

Warning:

  • Changes to ControlTemplates and Layouts folder impact all users on all sites in the farm!
  • Changes to the pages in the ControlTemplates and Layouts folder need to be documented as farm rebuilds or service pack updates could overwrite your changes.
  • You should make a backup copy of any files you edit.
  • All changes must be made identically on all web front end servers.
Updating the Welcome menu

The Welcome menu is implemented as an ASPX user control (.ascx) and is stored in the …\14\TEMPLATE\CONTROLTEMPLATES folder. Editing this file impact all users on all sites in the farm. You may want to use the "Site Owner" solution listed earlier in this article. Another option is to create a copy of the Welcome.ascx file and modify selected master pages to point to the custom version of the file.

  1. Open the Welcome.ascx file (or your custom copy) using Notepad or Visual Studio from
        …\14\TEMPLATE\CONTROLTEMPLATES 
  2. Find the MenuItemTemplate with the ID of ID_LoginAsDifferentUser
  3. Then do one of the following
    • Delete the MenuItemTemplate control
    • Add these two options to the MenuItemTemplate control to limit the display of the menu item to only Site Owners
         PermissionsString="ManageWeb"
         PermissionMode="Any"
Updating the Access Denied page (AccessDenied.aspx)
  1. Open the AccessDenied.aspx page using Notepad or Visual Studio:
       …\14\TEMPLATE\AccessDenied.aspx
  2. Find the following code:
      <asp:HyperLink id="HLinkLoginAsAnother"
      Text="<%  $SPHtmlEncodedResources:wss,accessDenied_logInAsAnotherOne%>"
      CssClass="ms-descriptiontext" runat="server"/>
  3. Then do one of the following:
    • Delete the code
    • Wrap the code in a comment block
    • Wrap the code in a SPSecurityTrimmedControl with a permission level such as ManageWeb (see this article) so Site Owner can still see the option.

<Sharepoint:SPSecurityTrimmedControl runat="server" PermissionsString="ManageWeb">

  <asp:HyperLink id="HLinkLoginAsAnother"
  Text="<%$SPHtmlEncodedResources:wss,accessDenied_logInAsAnotherOne%>"
  CssClass="ms-descriptiontext" runat="server"/>
</SharePoint:SPSecurityTrimmedControl>

 

.

No comments:

Note to spammers...

Spammers, don't waste your time... all posts are moderated. If your comment includes unrelated links, is advertising, or just pure spam, it will never be seen.