Anonymous Acess in Client Model (Javascript in Office 365 in Master Page)

Question

I have the following code

function retrieveListItems() {

            var clientContext = new SP.ClientContext.get_current();

            var oList = clientContext.get_web().get_lists().getByTitle('Galeria');

            var camlQuery = new SP.CamlQuery();
            camlQuery.set_viewXml('<View><Query><Where><Eq><FieldRef Name="Url_x0020_de_x0020_Sele_x00e7__x00e3_o"></FieldRef><Value Type="Text">' + window.location + '</Value></Eq></Where></Query></View>');
            this.collListItem = oList.getItems(camlQuery);

            clientContext.load(collListItem, 'Include(FileLeafRef,FileDirRef,Title, Url_x0020_de_x0020_Sele_x00e7__x00e3_o)');

            clientContext.executeQueryAsync(Function.createDelegate(this, this.onQuerySucceeded), Function.createDelegate(this, this.onQueryFailed));

        }

He works with the logged user, but not with a anonymous user (Access Denied) and I have him in my master page (not in a app) of my public site in office 365.

Can somebody help me?

And I cannot put this code in a app.

Answer 1

In SharePoint 2013 was introduced new permission level Remote Interfaces Permission that in particular prevents anonymous users from accessing CSOM interface.

How to enable CSOM for Anonymous Users

• Go to Central Administration
• Go to Manage Web Application
• Select your Web App
• Click on Authentication Providers in the ribbon
• Click zone "Default".
• Uncheck "Require Use Remote Interfaces Permission"

That check box decouples use of CSOM from the Use Remote Interfaces permission. When checked, it simply means that the user must possess the Use Remote Interfaces permission which allows access to SOAP, Web DAV, the Client Object Model.

References

• Enable anonymous access for Javascript Client Object Model
• What Every Developer Needs to Know About SharePoint Apps, CSOM, and Anonymous Publishing Sites