Anonymous Users accessing a SharePoint List – An error has occurred. Access denied. You do not have permission to perform this action or access this resource

Right then. A custom web part is happily accessing a list using CSOM on a public facing SharePoint site. While setting up a copy of that environment I found that the web part began complaining with the error, “An error has occurred. Access denied. You do not have permission to perform this action or access this resource.” Now I’ve seen this before and recalled that there is a restriction by default when reading list items as an anonymous user when using the method getItems(camlQuery). That restriction can be removed through a few SharePoint PowerShell commands but there is additional step after allowing the method to be called. That is to check that the “Client Object Model Permission Requirement” is disabled. Let’s do this…

  1. Get a reference to the Web Application
  2. Check the restrictions on your web app and look for GetItems method
  3. Remove GetItems method from the restricted MethodsNames
  4. Update the Web Application
  5. Check again to ensure the method was removed.

Here are the PowerShell Commands for each step:

$webapp = Get-SPWebApplication -Identity http://www.externalfacingsite.com
$webapp.ClientCallableSettings.AnonymousRestrictedTypes
$webapp.ClientCallableSettings.AnonymousRestrictedTypes.Remove([Microsoft.SharePoint.SPList],”GetItems”)
$webapp.Update()
$webapp.ClientCallableSettings.AnonymousRestrictedTypes

At this point, The GetItems method has been successfully unlisted from the restricted methods list. However, you still may be getting the access denied error. That could be due to a Permissions Setting for Anonymous Users.

You can update permission settings at the Web Application level or at the Site Level. For the Web Application level, let’s go back to Central Admin -> Application Management -> Manage Web Applications and select your Web App. Open Authentication Providers and select Default. Scroll down to “Client Object Model Permission Requirement.”  As long as you agree not requiring “Use Remote Interfaces permission” go ahead and disable the permission.

To update the Site permissions, go to Site Settings and Site permissions. Look at the Anonymous Access in the Ribbon. Make sure that Require Use Remote Interfaces permission is disabled (see screenshot). Now anonymous users will be able to see data via the web part without an access denied error.

  1. Leave a comment

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: