none
"Access Denied" App Part on Anonymous Public facing site RRS feed

  • Question

  • I am working on a SharePoint-Hosted App in Office 365 Dev Preview.  The App has an App Part that get's added to the Home Page of the site.  When I am logged into the site, the App part shows up just fine.  When I go to the site as Anonymous, I am getting an error of "Access Denied: You are not allowed to perform this operation".  This happens when the code is trying to run the Query.   The query is just pulling pictures from a Picture Library.  I can navigate to the pictures Anonymously just fine as well.  Am I missing something in permissions? 


    Robert Stark Aurora Sky Technology Partners www.auroraskytech.com robert@aurorskytech.com

    Update-----   I have tested this on a On Prem site and it's doing the same thing.  With the on Prem site I made the the "ClientCallableSettings.AnonymousRestrictedTypes" was not an issue as well as removing the "Require Use Remote Interfaces permission".  Still a no go. 

    Update -----  So went back and tested again on my On-Prem dev environment.  When I looked at it before the ClientCallableSettings.AnonymousRestrictedTypes came up as NULL.  I must have typed something wrong, because today I ran it and it showed the annoying problem of the GetItems method being blocked.  http://www.codefornuts.com/2010/05/anonymously-accessing-list-items.html

    So the question is, if Microsoft wants us to use Apps why is this still blocked for Anonymous users in Office365 using an App?  Anyone?  Microsoft?  Bueller?

    Wednesday, January 2, 2013 10:18 PM

Answers

All replies

  • You will need to open up the picture library for anonymous access to everyone so that they can be accessed by the user's principals.

    Please note the security implications of this approach. You should move it to some other library which does not have any other information and can be easily accessed by users online.


    Piyush T

    Monday, January 7, 2013 8:38 PM
  • Currently batting with the same issue on the Office 365 Public Site.

    I am successfully (non-anonymously) able to query the host site as instructed here:

    http://msdn.microsoft.com/en-us/library/fp179892.aspx

    When I am logged in, then also I am able to query with the app only policy user SHAREPOINT\app. 

    But when I try to access the app anonymously, it's giving me an error that the user does not have permissions on the *****.o365apps.net site or takes me to the login.microsoftonline.com page for loggin in.

    Same result when I use an App Part and place it on the home page of the office 365 public site.


    @vrdmn | Email | LinkedIn | Blog

    Thursday, January 17, 2013 10:00 AM
  • Hello

    I've pinged some folks that are looking into this issue. Thank you


    Program Manager, Office Developer Platform.

    Monday, February 18, 2013 9:16 PM
    Moderator
  • Hi all,

    Thank you for the report. This is an issue that has been fixed in recent builds and will soon be available in production.

    Thank you

    Yina

    Monday, February 18, 2013 10:30 PM
    Moderator
  • Yina,

    I am also working on an App Part that is intended to be deployed on the public facing web.  I just ran into the same access denied problem - will the new build be available in days, weeks, or months?

    Thanks,

    Joe Spadea

    Monday, February 18, 2013 11:25 PM
  • Hi Yina,

    Still no sign that it has been pushed into production.  Please update us on when one of these builds might make it to production.

    Thanks,

    Joe

    Wednesday, February 27, 2013 5:01 PM
  • Hi Yina,

    I just checked my app on the public site this morning and it is still getting:

    Request failed. Access denied. You do not have permission to perform this action or access this resource.

    Has the so-called fix been put into production yet?  If so, it is not working in my situation.

    I realize this is beta and bugs are to be expected, but why so long to push into production? (It's been 3 weeks since your comment.)

    Please check to see if the fix is in and if not, please give us some idea of when it might be put into production.

    Thanks,

    Joe

    Saturday, March 9, 2013 12:57 PM
  • Any news on this issue?
    I noticed that even Microsoft's own demo site have this problem.
    Have a look at the contact form on this site. http://www.contosobistro.com/contact-us
    According to my research it's not possible at all to use javascript to access lists in Apps or on the host web anonymously.  I'm talking about custom lists, not sure about other list types.
    The only way today is to use the Anonymous feature on CodePlex together with sandboxed C# code to render your pages.

    Thanks
    Göran

    Friday, April 12, 2013 8:41 AM
  • Yeah I'm seeing the same issue as well.  I'm unable to query a list anonymously.  I've tried various techniques to grant permissions to the list but nothing works.

    Corey Roth - SharePoint Server MVP blog: www.dotnetmafia.com twitter: @coreyroth | SP2 Apps

    Friday, April 19, 2013 8:34 PM
    Answerer
  • Hi Yina,

    Please update when the above build will got to production.

    Sunday, April 21, 2013 8:11 AM
  • hello friends,

    I am created share point hosted app.when  i add this app on public facing site with login it work properly.But i make site anonymous It getting Error:

    "Request failed: Access denied. You do not have permission to perform this action or access this resource".

    I want  filled data send to Document Library or Custom List.But it getting error.I write code in JavaScript.

    Provide solution to resolve this issue..

    Thursday, May 2, 2013 6:55 AM
  • Hi Siddhu!
    Today it's not possible to access custom lists anonymously on the public 365 site.
    Some says it will be fixed soon but so far nothing has happened.

    Anyway, until that's fixed you can use the Anonymous feature on CodePlex.
    http://anonymous365.codeplex.com/

    Just set the appropriate access rights on the list and everything should work fine.

    Thursday, May 9, 2013 10:15 AM
  • The fact that this is still a problem is becoming A MAJOR issue!   Is there anyone from Microsoft that can update us on what is going on?  Guess I will try the codeplex solution for now.


    Robert Stark MCTS - SharePoint Server 2010/2007 MCTS - SharePoint Foundation 2010/WSS 3.0 ---www.sharepointsolutioncenter.com ---

    Thursday, May 9, 2013 5:02 PM
  • Codeplex solution will not work.  No Sandbox solutions in public facing site on Office 365.

    Robert Stark MCTS - SharePoint Server 2010/2007 MCTS - SharePoint Foundation 2010/WSS 3.0 ---www.sharepointsolutioncenter.com ---

    Thursday, May 9, 2013 7:03 PM
  • Hi Robert,

    Yes, it works but I think you need an E1 or higher subscription.
    In Small Business subscription you can't set server resources for the public site.
    The Solution settings page is hidden in Office 365 (2013).
    Go to https://yoursite/_catalogs/solutions/Forms/AllItems.aspx and add the anonymous feature.

    I have just finished a Court Booking system for the Public 365 site and it will be released soon.

    I agree that Microsoft should fix this anonymous issue soon but until that, use my solution.

    Thursday, May 16, 2013 7:43 AM
  • Thanks.  I didn't realize that the solutions page was just hidden.  I got it working now.

    Robert Stark MCTS - SharePoint Server 2010/2007 MCTS - SharePoint Foundation 2010/WSS 3.0 ---www.sharepointsolutioncenter.com ---

    Thursday, May 16, 2013 4:36 PM
  • Goran,

    I too have this exact same problem with a web part on my home page.  I am on a Small business subscription so went to the URL above to add the anonymous feature.  I am not a techie :-(  Could you give me a bit more info on how I add the anonymous feature?  I have disabled the 'inherit from parent site' feature and can see 'Anonymous Users' right there at the top of the list with 'View Items' permission, but there is no tick box allowing me to select it.  I am in the Solutions Gallery.

    Thanks

    Nigel

    Sunday, May 26, 2013 2:58 AM
  • Robert,

    I too have this exact same problem with a web part on my home page.  I am on a Small business subscription so went to the URL above to add the anonymous feature.  I am not a techie :-(  Could you give me a bit more info on how I add the anonymous feature?  I have disabled the 'inherit from parent site' feature and can see 'Anonymous Users' right there at the top of the list with 'View Items' permission, but there is no tick box allowing me to select it.  I am in the Solutions Gallery.

    Thanks

    Nigel

    Sunday, May 26, 2013 3:00 AM
  • Hi,

    I tried the Small Business subscription a while ago and I couldn't set the Server resources for SharePoint public site. Therefore you can't activate a sandboxed solution (The Anonymous feature) as it demands server resources.

    I don't know if they have changed this today but the icon in the toolbar was disabled when I tried.

    E1 or E3 subscription should work fine. I have tried both.

    Please ask the support if this is a limitation or just a bug in Small Business.

    Tuesday, May 28, 2013 8:42 PM
  • Did you actually try it yourself, I mean not just setting the anonymous feature but -really- having the user add an item to a Custom List like siddhu's example above?

    I've been messing with this for over a week now and still not able to add list items to such a Custom List if not logged in (i.e. Anonymous). I do have a custom list, I was able to set the anonymous users on the list using Wsp365.Anonymous.wsp but it just does not seem to work in Anonymous mode on http://...-public.sharepoint.com sites. It keeps throwing the Access Denied error.

    If it really works, show it my uploading an .app or working zipped project.

    It is really frustrating to tell your end users they won't get a simple 'custom' dialog as the public (E3!) site blocked anonymous access to add items to a list ... :-S

    Regards,

    Maarten


    Software Engineer * MVP-Visual Developer-VSTO

    Monday, June 3, 2013 1:25 AM
    Moderator
  • Can you build us a tiny example App to show that interacting with a Custom List is in fact working in Anonymous mode? It seems there are mixed responses about getting it to work, and most don't seem to work so if you can show how you got it to work that would be a big help to many of us!

    Thanks,

    Maarten


    Software Engineer * MVP-Visual Developer-VSTO

    Monday, June 3, 2013 1:29 AM
    Moderator
  • Hi Maarten,

    I don't think Apps (or Javascript) will work at all.
    You will have to do all list handling in C# (Sandboxed solution).
    First you must set the appropriate access rights for the list using the Anonymous dialog.
    I have not done any add, edit or delete so far. Just reading.
    It should work manipulating data but I have not had the need to do that so far.
    Please tell if you can make it work.

    Regards
    Göran

    Monday, June 3, 2013 7:10 AM
  • I have same issue with the most Apps I installed form Office apps store, only few of them work with Anonymous users. "Bright Banner" & "Quote of The Day" these apps work on public sites.

    Why most of apps don’t work with Anonymous users and some of them works?! And how can I build apps work on public sites?  There is any article about that?


    • Edited by kevinsay Monday, June 3, 2013 8:34 AM
    Monday, June 3, 2013 8:32 AM
  • Apps that don't access list data can be built for the public site.
    If you want to access list data then develop a Sanboxed solution in C# and use the Anonymous feature.


    Monday, June 3, 2013 12:01 PM
  • Thank you for quick response.

    “Apps that don't access list data can be built for the public site.”, but some of these Office Store apps can access list items from public sites??!



    • Edited by kevinsay Monday, June 3, 2013 3:46 PM
    Monday, June 3, 2013 3:46 PM
  • Which Apps can access list data anonymously?
    When I checked it was only Microsofts Apps that could do it all the others failed.
    But even Microsoft has failed with some.
    Check their demo site http://www.contosobistro.com/contact-us.
    Monday, June 3, 2013 4:49 PM
  • I don't know why the Microsoft App fail (and this is my above  question). I tried this app: http://office.microsoft.com/en-us/store/bright-banner-WA104046813.aspx and it's work fine
    Monday, June 3, 2013 6:59 PM
  • kevinsay,

    I checked the code and documentation. https://brightbannerapp.codeplex.com/documentation
    T
    his is a nice workaround but it's not doing any query against the lists.
    You must enter the complete path to the images you want to show.

    Tuesday, June 4, 2013 7:24 AM
  • Hi Maarten,

    I don't think Apps (or Javascript) will work at all.

    This, blocking anonymous access to basic stored information on SP Online, really goes beyond my understanding as the Apps for SharePoint were (especially) targeted to be an 'always secure' situation. So in my opinion a huge hole in the design and blocking many customers from creating 'simple' solutions using the common accepted 'web standards' (used as -the- main argument to have implemented Apps for SharePoint in the first place).

    After spending lots, and lots, of hours just to find this glitch in the system I'll look at the C# route... but again, this should be opened up to anonymous useage using the JavaScript Apps for SharePoint solutions. :-(

    Maarten


    Software Engineer * MVP-Visual Developer-VSTO

    Tuesday, June 4, 2013 2:37 PM
    Moderator
  • we are working on App which hosted on Azure vm basic MVC App which have User-Info forms and we face similar Problem.  One thing which work in my case i  know its not a perfect solution in senior but hope so it will help other.

       anonymous User :

      public facing Site        SharePoint APP 

       LIst CRUD          < anonymous User  not allowed  >        sharePoint APP 

      In our App

     Pubic Facing Site  <allowed  anonymous >   external Proxy Web Service   <allowed dictated  SP-User >  sharePoint 2013 App

     Pubic Facing Site  Json Request+OAuth  >< xml/OData   WCF Service dictated  SP-User  CSOM Request><Odata/xml  sharePoint 2013 App


    Thursday, June 6, 2013 5:41 AM
  • authentication Office 365-and SharePoint Online

    http://www.wictorwilen.se/Post/How-to-do-active-authentication-to-Office-365-and-SharePoint-Online.aspx

    Thursday, June 6, 2013 5:53 AM
  • Hi all,

    The issue that was reported originally in this thread for the app part was fixed and the fix is part of the April CU. For SharePoint Online it went live a couple of weeks ago.

    That said, is up to the app implementation to handle the anonymous case in any app+user call.

    Any SharePoint resource that the app wants to access either needs to be anonymously accessible or the app has to have been granted app-only permissions to it and access the resource via an app-only call (where there is no user context), otherwise the call will not be authorized.

    Thank you,

    Yina

    Thursday, June 27, 2013 1:12 AM
    Moderator
  • Yina, in the case of a custom list (with no other columns added), what else is trying to be accessed that would display a log-in screen when trying to access any view or list item anonymously? Thanks.
    Thursday, June 27, 2013 2:22 PM
  • Yina,

    I am the original poster of this thread.  I just checked the list of hotfixes that were part of the April CU and found no reference to this issue.  Also,  can you please explain the following or provide a resource that you can point to that explains this better?

    "Any SharePoint resource that the app wants to access either needs to be anonymously accessible or the app has to have been granted app-only permissions to it and access the resource via an app-only call (where there is no user context), otherwise the call will not be authorized."

    The SharePoint resource that my app needs to access is in the app itself.   Please provide more detail. 


    Robert Stark MCTS - SharePoint Server 2010/2007 MCTS - SharePoint Foundation 2010/WSS 3.0 ---www.sharepointsolutioncenter.com ---

    Thursday, June 27, 2013 7:56 PM
  • Same problem at me on a SharePoint online

    I JUST need to insert an item in a custom list.

    In fact I need a ContactUs form (where is the 2010 gadget for doing that) where an anonymous user can write something, then my app insert that in that list (in app web) from where using an workflow or an alert to send an email to a site admin.

    What can be more simple like that.

    Another user from this thread siddhu_kohale has the same problem.

    Thank you


    Sorin Sandu

    Friday, June 28, 2013 4:10 PM
  • Hi all,

    There is an App already in the Office Store that is a Contact Us Form (http://office.microsoft.com/en-us/store/apps-for-sharepoint-FX102804987.aspx). As you can see, the App has been developed by Microsoft and Works perfectly...the data introduced in the form is a stored in a SharePoint list...what I would like to see is the code for doing that since my tests with App Only policy and App Only Access Token are not allowing me either read or write data to a list deployed as a part of an Application when accesing to the App in an anonymous SharePoint Online web site.

    Kind regards


    ------------------------------------------------------------
    Juan Carlos González Martín MVP de SharePoint Server
    Director revista CompartiMOSS: http://www.compartimoss.com
    Blog: http://geeks.ms/blogs/ciin
    Twitter: @jcgm1978
    ------------------------------------------------------------

    Saturday, July 6, 2013 3:10 PM
  • Great if they have a solution now but how do we get more info on how to implement this ourselves?

    Unfortunately I can't make this App work on a public site in Swedish. 
    Say's it's not available in my App list.
    Is it English only today?

    Tuesday, July 9, 2013 4:08 PM
  • Change the language for app store.

    I've installed, but I can't view the submissions list !

    I see some 404 errors in traffic

    /_catalogs/theme/Themed/2DE406/spintl-C9940797.themedpng?ctag=0 GET 404 
    /_catalogs/theme/Themed/2DE406/corev15app-DDE41C8D.themedcss?ctag=0 GET 404 

    I think it's not installed correct.

    Any ideas ?


    Sorin Sandu

    Wednesday, July 10, 2013 1:32 PM
  • I'd like to see how they managed to insert in a list with App only

    I see that the app starts in

    https://contactusform.publicsiteapps.com/publicsites/contactusformapp/Default.aspx?SPHostUrl=https%3A%2F%2..............


    Sorin Sandu

    Wednesday, July 10, 2013 1:36 PM
  • Hi Siddhu!
    Today it's not possible to access custom lists anonymously on the public 365 site.
    Some says it will be fixed soon but so far nothing has happened.

    Anyway, until that's fixed you can use the Anonymous feature on CodePlex.
    http://anonymous365.codeplex.com/

    Just set the appropriate access rights on the list and everything should work fine.

    Hi

    Please help me to make this code in the following thread work.I'm using the codeplex tool successfully but the app part I made fail with anonymous users: 

    http://social.msdn.microsoft.com/Forums/sharepoint/en-US/e310c990-35fe-4b54-b615-6d913a7ef351/sharepoint-online-2013-and-anonymous-users?forum=appsforsharepoint


    I am too late but i will never give up

    Wednesday, October 23, 2013 7:36 AM
  • Quick Update 13th December 2013 today and App cannot access custom list on public Sharepoint Online web site. All lists can be accessed anonymously.

    All I can say is "Sandbox is not dead"


    Drasko Popovic

    Friday, December 13, 2013 9:00 AM
  • I am still getting "Access Denied" on my App parts on  Anonymous Public facing site. Will Microsoft ever fix this?
    Tuesday, September 2, 2014 5:53 PM
  • Any progress on this problem?

    Any app parts that work as image sliders on Public facing site in Office 365?

    Wednesday, March 18, 2015 6:32 AM