Tip 26: Separation of Authentication
This tip is for Windows SharePoint Services 3.0, Microsoft Office SharePoint Server 2007 and may apply to SharePoint Foundation 2010 and SharePoint Server 2010.
Take the following example. You have a SharePoint web application with both NTLM and anonymous authentication enabled. You leave the default permissions on the root site collection for the web application. You create a new subweb under the root site collection and enable anonymous access. The site hierarchy would be similar to the one below:
· Web Application
·Site collection with NTLM and Anonymous
·Site with Anonymous
While it may be possible to shoehorn this configuration and get it working; I don’t advise doing so, a host of issues may occur depending on what type of site template and configuration the sites contain. One being, if the root site collection site is a publishing portal, the Anon subweb will not be able to search with the root site’s search center. Another being issues with the master page and style library files for the root site collection are not usually set to allow anonymous if the root site is NTLM. This can cause HTTP 401 Unauthorized issues on the anonymous site.
So to make your SharePoint administration life easier, try to keep anonymous sites in their own web application whenever possible unless there is a very good reason not to.