SOLVED

SharePoint 2019 - Embed w/ Anonymous access causes authentication popups.

Copper Contributor

Hello, everyone.

 

I would like a solution I have to a problem regarding the OOB Embed webpart for SP 2019 Modern Site Pages. Currently, when you have anonymous access turned on, and you go to a page with an embedded video, it will try and get the user to authenticate in order to perform a POST request to _api/SP.Publishing.EmbedService/DataEmbed. The video still loads up as normal, but the authentication prompt is intrusive to the User Experience.

 

Any advise would be helpful.

 

Thanks,

 

AS

6 Replies

@Chris Webb The source is a standard YouTube link that is publicly accessible.

EDIT: I put https://www.youtube.com/watch?v=xxxxxxxxxxx in the "Website address or embed code" field.

best response confirmed by AS911 (Copper Contributor)
Solution

Just as a follow-up to anyone reading that has run into the same issue, I have given up on waiting for a solution. I have recreated the Embed webpart using SPFx. Once I applied my webpart and used it on my Modern pages, it no longer gives me an authentication prompt because it's no longer making a POST request to the service.

Until a proper solution is released or mentioned, I will continue to use my webpart.

@AS911 I know this i kind of an old thread, but as I have the same experience in my environment:

 

How did you get your modern page to use anonymous authentication? We are experiencing the issue that we get an "access denied" on accessing the page. We have anonymous access configured on web application level, site level and we have an anonymous policy in place.

Did you do anything special?

 

Thanks!

@UrsWedershoven I ended up having to recreate a bunch of WebParts. For the embed issue I was having, it was relatively straight forward to "fix" by creating a Web Part with a property pane that can contain the iframe html, then simply rendering it to the this.domElement.innerHTML.

 

As for the Anonymous Access issue, we had to do some PowerShell things, like ensuring the Anonymous access is enabled for specific libraries, and resetting inheritance. At one point, we had to perform some Anonymous masking for the Video items by enabling the anonymous user to "Open Item". At another point, we had to turn off a few site features like favoriting.

 

No doubt you will run into a bunch of 404 errors and Access denied. Some of them can be ignored, while others you have to figure out by trial and error. I wish I could give you more information, but I was only one of a few people that worked on our project. 

 

In short:

  • Check your site collection features and site features. You may not need all that are enabled by default.
    • Side Note: If you have approvals turned on, approve all your items.
  • Ensure that lists have appropriate permissions. You may need to break and reset inheritance (or have unique permissions, like Video content types).
  • Make use of PowerShell to permit certain items through the use of Anonymous Masking.
  • Until Microsoft comes out with a solution, create your own WebParts / Application Customizers to get around the anonymous access issue.

 

And above all, the Oracle is your friend.

 

Best of luck in your endevours.

 

AS.

@AS911 Thanks a lot for the insights into your journey!

 

It seems we finally got what we need by removing the "Require Use Remote Interface permission" and by assuring that the "following feature" is disabled by all means. Those api-calls all come back with an http 200 now.

 

As we already created most of the webparts ourselves, we already did what you supposed.

 

Let's see, how far we will come with this approch.

 

Thanks again

1 best response

Accepted Solutions
best response confirmed by AS911 (Copper Contributor)
Solution

Just as a follow-up to anyone reading that has run into the same issue, I have given up on waiting for a solution. I have recreated the Embed webpart using SPFx. Once I applied my webpart and used it on my Modern pages, it no longer gives me an authentication prompt because it's no longer making a POST request to the service.

Until a proper solution is released or mentioned, I will continue to use my webpart.

View solution in original post