下面的例子里先deny了匿名用户对于_layouts和_vti_bin目录下的所有页面, 然后允许匿名用户访问四个指定的页面.
其中的问号(?)代表着匿名用户.
=================
<configuration>
<location path="_layouts">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
<location path="_vti_bin">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
<location path="_layouts/login.aspx">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
<location path="_layouts/error.aspx">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
<location path="_layouts/accessdenied.aspx">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
</configuration>
参考资料
================
Locking down Office SharePoint Server sites
http://technet.microsoft.com/en-us/library/ee191479(office.12).aspx