Enabling Declarative Workflows for Anonymous Users in SP2010/2007

Christophe asked a question about how to allow anonymous users to start workflows in SharePoint 2010. The question spread on both Twitter and SharePointOverflow before I had a chance to answer directly, so I’m posting the response here rather than trying to chase all the locations Smile

By default, anonymous access to run declarative workflows are disabled. This only affects anonymous users because a workflow started by an anonymous user would need to be assigned special credentials that would exceed the normal permissions of the anonymous user. For authenticated users, the workflows run with the credentials of that user, but there are no such credentials for anonymous users.

This situation occurs when you’re trying to email enable lists that have automatically launched workflows attached. In these scenarios, anonymous users can send emails to a list and have a workflow start, regardless of their permissions on the list.

It’s actually a very useful feature, and I’ve described such a scenario as part of a solution in an article I wrote several years ago on SharePoint Designer Workflows. Back then, anonymous access was enabled by default. In WSS3 SP1, Microsoft changed the behavior to not allow anonymous access at all, but allowed it if you set a special property in WSS SP2.

You can enable anonymous workflow access by setting the declarativeworkflowautostartonemailenabled property on the farm, either using SharePoint Manager 2010 or through PowerShell or STSADM:

stsadm -o setproperty -pn declarativeworkflowautostartonemailenabled -pv true
 
.b

Found this article valuable? Want to show your appreciation? Here are some options:

a) Click on the banners anywhere on the site to visit my blog's sponsors. They are all hand-picked and are selected based on providing great products and services to the SharePoint community.

b) Donate Bitcoins! I love Bitcoins, and you can donate if you'd like by clicking the button below.
Donate Bitcoins

c) Spread the word! Below, you should find links to sharing this article on your favorite social media sites. I'm an attention junkie, so sharing is caring in my book!

Tags: , ,

Post Author

This post was written by who has written 426 posts on Furuknap's SharePoint Corner.

I do SharePoint. When I'm not doing SharePoint, I sleep, and then I dream about SharePoint. Oh, and I dabble a bit in cryptocurrencies (Bitcoin, Litecoin, etc)

18 Responses to “Enabling Declarative Workflows for Anonymous Users in SP2010/2007”

  1. spevilgenius November 12, 2010 at 3:21 pm #

    Awesome post Bjorn! This I am sure will help out a lot of folks!

  2. Christophe
    Twitter: Path2SharePoint
    November 13, 2010 at 11:31 am #

    Very helpful, thanks Bjørn! And as a bonus I even get the answer for SharePoint 2007. I am really impressed by the depth of your knowledge.

  3. Clayton Cobb November 21, 2010 at 9:43 pm #

    Bjorn, you wrote this in reference to allowing anonymous users to start workflows, but is it really only for starting workflows on email-enabled lists when an item is created via email? What about on regular lists where anonymous users are allowed to create items? Should this same command allow workflows to start? I ask this, because the property specifically mentions “onemailenabled,” and my anonymous items always start the workflow but never get beyond “In Progress” even though there is nothing more than a “log to history list” action. For authenticated users, the workflow runs normally. I’m using SP2010 Enterprise with an SPD workflow and custom list.

    • Bjørn Furuknap
      Twitter: furuknap
      November 21, 2010 at 10:03 pm #

      Good question, Clayton.

      To be honest, I haven’t looked at this. Keep in mind, though, that if you grant permissions on a list level, you also need to grant permissions to the associated task and history lists.

      If that doens’t work, let me know, and I’ll investigate an blog :-)

      .b

  4. Clayton Cobb November 21, 2010 at 10:13 pm #

    Interesting idea. The workflow isn’t using tasks, but it’s definitely writing to the Workflow History list. I already had my associated Tasks list set to allow anon Add/Edit, but I hadn’t modified the hidden WF History List. I used SPD to get to the WF History list permissions and changed them to allow Add/Edit for anon users, but it stills gets stuck in “In Progress,” which is abnormal. Usually, when something doesn’t work, it will say “Failed on Start,” “Stopped,” or something of that nature.

    One thing I can’t do is add perms to the Workflow library, because it’s a doc lib, and anything beyond View Items is disable. I don’t think anon users should need more than View anyway.

    • Bjørn Furuknap
      Twitter: furuknap
      November 21, 2010 at 10:20 pm #

      Regardless of task usage, all workflows have an associated task list.

      That said, when a workflow starts, it will make changes to the item, including the status column. That means that somehow, users have access to edit the items, perhaps through an elevated privilege. I need to look into the reflected code to figure out and also replicate the issue.

      .b

  5. Clayton Cobb November 21, 2010 at 10:43 pm #

    I also tried an Impersonation Step as my only step just in case. AFter a while, the workflow status changes from “In Progress” to “Failed on Start (Retrying).”

    • Al Ismaili Ahmed March 2, 2011 at 9:39 am #

      is there any good news for this issue. i have the same problem, been looking for a solution for past 2 days. Unfortunately no luck so far.

    • James Yarnell
      Twitter: jyarnell
      January 6, 2012 at 3:43 pm #

      Just trying to determine if there has become an accepted solution for this? I created a WSP that handles this when I could not find a good solution but I wanted to see if posting the details would still be relevant?

  6. Dave December 17, 2010 at 3:53 pm #

    I’m also looking for a solution to this problem.

  7. Somenath January 10, 2011 at 11:09 am #

    Is there any solution found, regarding this issue??

  8. D March 2, 2011 at 11:00 pm #

    You could use a custom membership provider/http module that enables an autologin guest account for SharePoint. Reza (http://blogs.devhorizon.com/reza/?p=498) came up with it, and we used it for a public facing site for user registration. After they fill out the form, workflow is started under the guest credentials.

  9. Alex November 2, 2011 at 10:16 pm #

    I am getting the same issue as we are using SP2010 and trying to fire off workflows from an email enabled list. Although we have run the PowerShell command successfully, our list is still NOT firing off workflows using the System Account … any ideas?

  10. keetaya December 20, 2011 at 10:50 pm #

    Guys, what is the recommended way for enabling workflows to anonymous users? is the powershell command is a recommended one or better we can create a custom WF with elevated previlages?

  11. Michael January 4, 2012 at 9:49 pm #

    I’m having the same problem as Clayton as well as everyone else that seems to have sharepoint and how anonymous users cannot start workflows.

    I can’t believe that there isn’t a solution to this.

  12. Jane July 11, 2012 at 5:54 pm #

    I have created several workflows for a particular project I was doing and they all ran fine. Now I am trying to create a workflow for another project and it just doesn’t start. I have compared tewo and tey ook the e. I’m stumped!

    • Bjørn Furuknap
      Twitter: furuknap
      July 11, 2012 at 7:50 pm #

      Jane,

      It’s a bit difficult to debug from that alone. Is it related to anonymous usage?

      Regardless, I would recommend that if you have specific issues, you might want to try posting your question to SharePoint StackExchange at http://sharepoint.stackexchange.com/

      .b

Trackbacks/Pingbacks

  1. How to Create Anonymous Contact Form with SharePoint 2010 | SharePointDevWiki.com - September 26, 2013

    […] If during your search you come across this article at: http://blog.furuknap.net/enabling-declarative-workflows-for-anonymous-users-in-sp20102007; this will not work for items added from the UI but only email added items. Good resource for […]

Leave a Reply