Enabling Declarative Workflows for Anonymous Users in SP2010/2007

Christophe asked a question about how to allow anonymous users to start workflows in SharePoint 2010. The question spread on both Twitter and SharePointOverflow before I had a chance to answer directly, so I’m posting the response here rather than trying to chase all the locations Smile

By default, anonymous access to run declarative workflows are disabled. This only affects anonymous users because a workflow started by an anonymous user would need to be assigned special credentials that would exceed the normal permissions of the anonymous user. For authenticated users, the workflows run with the credentials of that user, but there are no such credentials for anonymous users.

This situation occurs when you’re trying to email enable lists that have automatically launched workflows attached. In these scenarios, anonymous users can send emails to a list and have a workflow start, regardless of their permissions on the list.

It’s actually a very useful feature, and I’ve described such a scenario as part of a solution in an article I wrote several years ago on SharePoint Designer Workflows. Back then, anonymous access was enabled by default. In WSS3 SP1, Microsoft changed the behavior to not allow anonymous access at all, but allowed it if you set a special property in WSS SP2.

You can enable anonymous workflow access by setting the declarativeworkflowautostartonemailenabled property on the farm, either using SharePoint Manager 2010 or through PowerShell or STSADM:

stsadm -o setproperty -pn declarativeworkflowautostartonemailenabled -pv true
 
.b

Found this article valuable? Want to show your appreciation? Here are some options:

a) Click on the banners anywhere on the site to visit my blog's sponsors. They are all hand-picked and are selected based on providing great products and services to the SharePoint community.

b) Donate Bitcoins! I love Bitcoins, and you can donate if you'd like by clicking the button below.

c) Spread the word! Below, you should find links to sharing this article on your favorite social media sites. I'm an attention junkie, so sharing is caring in my book!

Pin It

Published by

Bjørn Furuknap

I previously did SharePoint. These days, I try new things to see where I can find the passion. If you have great ideas, cool projects, or is in general an awesome person, get in touch and we might find out together.

18 thoughts on “Enabling Declarative Workflows for Anonymous Users in SP2010/2007”

  1. Bjorn, you wrote this in reference to allowing anonymous users to start workflows, but is it really only for starting workflows on email-enabled lists when an item is created via email? What about on regular lists where anonymous users are allowed to create items? Should this same command allow workflows to start? I ask this, because the property specifically mentions “onemailenabled,” and my anonymous items always start the workflow but never get beyond “In Progress” even though there is nothing more than a “log to history list” action. For authenticated users, the workflow runs normally. I’m using SP2010 Enterprise with an SPD workflow and custom list.

    1. Good question, Clayton.

      To be honest, I haven’t looked at this. Keep in mind, though, that if you grant permissions on a list level, you also need to grant permissions to the associated task and history lists.

      If that doens’t work, let me know, and I’ll investigate an blog :-)

      .b

  2. Interesting idea. The workflow isn’t using tasks, but it’s definitely writing to the Workflow History list. I already had my associated Tasks list set to allow anon Add/Edit, but I hadn’t modified the hidden WF History List. I used SPD to get to the WF History list permissions and changed them to allow Add/Edit for anon users, but it stills gets stuck in “In Progress,” which is abnormal. Usually, when something doesn’t work, it will say “Failed on Start,” “Stopped,” or something of that nature.

    One thing I can’t do is add perms to the Workflow library, because it’s a doc lib, and anything beyond View Items is disable. I don’t think anon users should need more than View anyway.

    1. Regardless of task usage, all workflows have an associated task list.

      That said, when a workflow starts, it will make changes to the item, including the status column. That means that somehow, users have access to edit the items, perhaps through an elevated privilege. I need to look into the reflected code to figure out and also replicate the issue.

      .b

    1. is there any good news for this issue. i have the same problem, been looking for a solution for past 2 days. Unfortunately no luck so far.

    2. Just trying to determine if there has become an accepted solution for this? I created a WSP that handles this when I could not find a good solution but I wanted to see if posting the details would still be relevant?

  3. You could use a custom membership provider/http module that enables an autologin guest account for SharePoint. Reza (http://blogs.devhorizon.com/reza/?p=498) came up with it, and we used it for a public facing site for user registration. After they fill out the form, workflow is started under the guest credentials.

  4. I am getting the same issue as we are using SP2010 and trying to fire off workflows from an email enabled list. Although we have run the PowerShell command successfully, our list is still NOT firing off workflows using the System Account … any ideas?

  5. Guys, what is the recommended way for enabling workflows to anonymous users? is the powershell command is a recommended one or better we can create a custom WF with elevated previlages?

  6. I’m having the same problem as Clayton as well as everyone else that seems to have sharepoint and how anonymous users cannot start workflows.

    I can’t believe that there isn’t a solution to this.

  7. I have created several workflows for a particular project I was doing and they all ran fine. Now I am trying to create a workflow for another project and it just doesn’t start. I have compared tewo and tey ook the e. I’m stumped!

  8. Pingback: How to Create Anonymous Contact Form with SharePoint 2010 | SharePointDevWiki.com

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>