SharePoint get_IISAllowsAnonymous get_VirtualRootPath

I found a serious issue with a SharePoint implementation recently.  It turned out, there were actually 2 separate places in SharePoint where an error was occurring.  After searching extensively for a resolution, I never found an actual answer / solution.  Most posts said that although they didn’t know what was wrong, they made them go away by backing up the content database, recreating the web application, then restoring the content database.  Although I was tempted to do the same, I wanted to understand what was wrong first.


First things first, I needed to get a better detailed error message.  Error, wasn’t going to cut it here.  Please see my previous post on how to get detailed error messages in SharePoint: SharePoint Error Messages

The two errors:

1. Whenever I attempted to access the Advanced Permissions for a site, the following error was generated.


Object reference not set to an instance of an object. at Microsoft.SharePoint.SPSite.get_IISAllowsAnonymous()
at Microsoft.SharePoint.ApplicationPages.UserRoles.InitPage()
at Microsoft.SharePoint.ApplicationPages.CBaseAclPage.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

2.   Whenever I attempted to add a Web Part (through UI), the following error was generated.


Object reference not set to an instance of an object. at
at Microsoft.SharePoint.WebPartPages.VirtualServerWeb PartDataProvider..ctor(SPWeb web)
at Microsoft.SharePoint.WebControls.WebPartGalleryPicker.FindAllWebParts()
at Microsoft.SharePoint.WebControls.WebPartGalleryPicker.CreateChildControls()
at System.Web.UI.Control.EnsureChildControls()
at Microsoft.SharePoint.WebControls.WebPartGalleryPicker.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.AddedControl(Control control, Int32 index)
at Microsoft.SharePoint.ApplicationPages.WebPartGalleryPickerPage.CreateChildControls()
at System.Web.UI.Control.EnsureChildControls()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

Cause of Errors
It took a good bit of trail and error, and deductive logic to discover why these errors happened.  In the end, I was a little perplexed as to why this environment was even in the configuration that it was.  Theoretically, you should never find yourself in this situation.  And that’s why there probably isn’t too much information about these errors out on the internet.  Regardless, you are getting these two errors becauseyou do not have an Authentication Provider for an application in the Default zone .  

Example of Bad Configuration
I can’t think of a scenario where you wouldn’t have an app in the Default zone.  However, here’s how this particular implementation ended up this way.

  1. Application was created using Windows as Authentication provider in the Default zone.

  2. Application was extended into an application using Windows as Authentication provider in the Internet zone.  (site has 2 providers configured now, one for each zone)


  3. SharePoint was removed from IIS Website (the 1st one in Default zone)


    So now you are only left with an Authentication provider for the Application in the Internet zone.


  4. Alternate Access Mappings were configured for Default.  (although AAM says Default zone, the authentication provider is still for Internet because the app in the Default zone was removed in step 3)


Further Complication
You specify the zone and provider when creating / extending an application.  For an existing application, although you can change the authentication provider an application uses, you can not change the Zone that it is in.

Here is an image of the Authentication Provider listing. Notice this application is in the Internet zone, and the provider is Windows.


If I were to edit this application’s settings, I could change the provider, but NOT the zone.  In essence, there isn’t an easy fix.  :)



There are various resolutions to this problem, but in a true consultative manner… it depends (what port you need the app running on, etc…)  The end goal is this:  You need an Authentication Provider for the Default Zone!!!

Possible scenarios:

  1. Scenario: You just need the zone
    1. Extend the application using the Default zone
    2. Remove SharePoint from the erroneous configured app, deleting the app in IIS
  2. Scenario: You are okay with just starting over
    1. Delete the application without deleting content database
    2. Recreate the application and add content database to the app (via stsadm)
  3. Scenario: Your erroneous app is on a port it must run on (firewall rules configured, etc…)
    1. Extend the application to a temp app on a non-utilized port (i.e.: 8484)
    2. Remove SharePoint from the erroneous configured app, deleting the app in IIS
    3. Extend the application again to the Port that you need (i.e.: 80)
    4. Remove SharePoint from the temp app, deleting the app in IIS