Christophe asked a question about how to allow anonymous users to start workflows in SharePoint 2010. The question spread on both Twitter and SharePointOverflow before I had a chance to answer directly, so I’m posting the response here rather than trying to chase all the locations 
By default, anonymous access to run declarative workflows are disabled. This only affects anonymous users because a workflow started by an anonymous user would need to be assigned special credentials that would exceed the normal permissions of the anonymous user. For authenticated users, the workflows run with the credentials of that user, but there are no such credentials for anonymous users.
This situation occurs when you’re trying to email enable lists that have automatically launched workflows attached. In these scenarios, anonymous users can send emails to a list and have a workflow start, regardless of their permissions on the list.
It’s actually a very useful feature, and I’ve described such a scenario as part of a solution in an article I wrote several years ago on SharePoint Designer Workflows. Back then, anonymous access was enabled by default. In WSS3 SP1, Microsoft changed the behavior to not allow anonymous access at all, but allowed it if you set a special property in WSS SP2.
You can enable anonymous workflow access by setting the declarativeworkflowautostartonemailenabled property on the farm, either using SharePoint Manager 2010 or through PowerShell or STSADM:
stsadm -o setproperty -pn declarativeworkflowautostartonemailenabled -pv true
.b
RSS
Facebook
Twitter
Awesome post Bjorn! This I am sure will help out a lot of folks!
Twitter: Path2SharePoint
November 13, 2010 at 11:31 am #
Very helpful, thanks Bjørn! And as a bonus I even get the answer for SharePoint 2007. I am really impressed by the depth of your knowledge.
Bjorn, you wrote this in reference to allowing anonymous users to start workflows, but is it really only for starting workflows on email-enabled lists when an item is created via email? What about on regular lists where anonymous users are allowed to create items? Should this same command allow workflows to start? I ask this, because the property specifically mentions “onemailenabled,” and my anonymous items always start the workflow but never get beyond “In Progress” even though there is nothing more than a “log to history list” action. For authenticated users, the workflow runs normally. I’m using SP2010 Enterprise with an SPD workflow and custom list.
Twitter: furuknap
November 21, 2010 at 10:03 pm #
Good question, Clayton.
To be honest, I haven’t looked at this. Keep in mind, though, that if you grant permissions on a list level, you also need to grant permissions to the associated task and history lists.
If that doens’t work, let me know, and I’ll investigate an blog
.b
Interesting idea. The workflow isn’t using tasks, but it’s definitely writing to the Workflow History list. I already had my associated Tasks list set to allow anon Add/Edit, but I hadn’t modified the hidden WF History List. I used SPD to get to the WF History list permissions and changed them to allow Add/Edit for anon users, but it stills gets stuck in “In Progress,” which is abnormal. Usually, when something doesn’t work, it will say “Failed on Start,” “Stopped,” or something of that nature.
One thing I can’t do is add perms to the Workflow library, because it’s a doc lib, and anything beyond View Items is disable. I don’t think anon users should need more than View anyway.
Twitter: furuknap
November 21, 2010 at 10:20 pm #
Regardless of task usage, all workflows have an associated task list.
That said, when a workflow starts, it will make changes to the item, including the status column. That means that somehow, users have access to edit the items, perhaps through an elevated privilege. I need to look into the reflected code to figure out and also replicate the issue.
.b
I also tried an Impersonation Step as my only step just in case. AFter a while, the workflow status changes from “In Progress” to “Failed on Start (Retrying).”
is there any good news for this issue. i have the same problem, been looking for a solution for past 2 days. Unfortunately no luck so far.
Twitter: jyarnell
January 6, 2012 at 3:43 pm #
Just trying to determine if there has become an accepted solution for this? I created a WSP that handles this when I could not find a good solution but I wanted to see if posting the details would still be relevant?
I’m also looking for a solution to this problem.
Is there any solution found, regarding this issue??
You could use a custom membership provider/http module that enables an autologin guest account for SharePoint. Reza (http://blogs.devhorizon.com/reza/?p=498) came up with it, and we used it for a public facing site for user registration. After they fill out the form, workflow is started under the guest credentials.
I am getting the same issue as we are using SP2010 and trying to fire off workflows from an email enabled list. Although we have run the PowerShell command successfully, our list is still NOT firing off workflows using the System Account … any ideas?
Guys, what is the recommended way for enabling workflows to anonymous users? is the powershell command is a recommended one or better we can create a custom WF with elevated previlages?
I’m having the same problem as Clayton as well as everyone else that seems to have sharepoint and how anonymous users cannot start workflows.
I can’t believe that there isn’t a solution to this.