Hi,
we use SPS 2013 with claims based authentication. Appearently Sharepoint now configures our websites with anonymous access enabled. this is, according to following blog, by design:
http://shpt2010.wordpress.com/2011/11/10/multiple-authentication
But all our wcf services (bound to sharepoint factory) and all default artifacts (like default SharePoint js files in the _layouts folder) are accessible for any user. This cannot be the right way it should be configured.... but what happens if we disable anonymous access on IIS?? I always learned, let SPS do the configuration....
I need advice asap....
Saaffy