Write to list with anonymous access

May 3, 2012 at 1:29 PM
Edited May 3, 2012 at 1:33 PM

I've been looking for a straight answer for this but have come up empty. Are you able to write to a List that has View/Edit Anonymous access with SPServices using UpdateListItems? I'm able to create a new item when I'm logged in but get the login dialog when I'm anonymous.

I have no issues with GetListItems with Lists.

Here is my example code that I'm using:

It is executed with a button in a jQuery .click function


$('#btnSave').click(function()  {

var Title = $("input[title='Title']").val();       
operation: "UpdateListItems",       
async: false,       
batchCmd: "New",       
webURL: siteURL,       
listName: "Test Workflow",       
valuepairs: [["Title", Title]],       
completefunc: function(xData, Status) {


Thank you!

May 3, 2012 at 2:38 PM

I believe Marc addressed this in his post that can be found here

May 3, 2012 at 2:53 PM

I've never been successful however and I've tried a lot of stuff.  Marc must have an ace up his sleeve like he always does and I must be missing something real basic with my setup.  I would love to see a working example.




May 3, 2012 at 3:16 PM
Edited May 3, 2012 at 3:17 PM
spevilgenius wrote:

I believe Marc addressed this in his post that can be found here

I've read this article as well and it's several years old now, but it addressed the issue with GetListItems, which Marc was able to solve. I'm just wondering if the same is true for "write" to lists. I'm starting to think not.

May 3, 2012 at 3:19 PM

Perhaps I'll start looking into event handlers to take care of this issue. Any suggestions of a good resource?

May 3, 2012 at 3:51 PM

Yes, you should be able to write to lists as well, if you've allowed anonymous write permissions.

Frankly, the way I figured out how to enable anonymous access, as outlined in that article, has never been vetted, confirmed, or denied by anyone at Microsoft. I've never been able to find anyone who can talk about it - or who has the interest to do so.


May 3, 2012 at 5:33 PM
sympmarc wrote:

Yes, you should be able to write to lists as well, if you've allowed anonymous write permissions.

Frankly, the way I figured out how to enable anonymous access, as outlined in that article, has never been vetted, confirmed, or denied by anyone at Microsoft. I've never been able to find anyone who can talk about it - or who has the interest to do so.


I've allowed anonymous Edit/View permissions on the list itself, but I still get the login dialog. Perhaps I'll look into it more and see if I've missed anything. I'll also read the article a little closer too for more information.

Thank you for your reply!

May 3, 2012 at 6:55 PM

Let me do a test to prove that I'm telling you the truth. I could swear that I've done this before, but I don't want to send you on a wild goose chase.


May 3, 2012 at 7:26 PM

I have definitely tried Marc, so if you prove it possible, that's awesome/fantastic/WOOOHOOOO/Awesomesauce...

Will you let us know either way and possibly some info about your environment setup?




Feb 4, 2013 at 4:49 PM

Dying to know what you found in your experiment
Feb 4, 2013 at 6:26 PM
Edited Feb 4, 2013 at 6:26 PM
I forgot all about it. :-(

I remember that the first place I went was this demo page to see if it worked, and it doesn't.

Feb 5, 2013 at 1:35 PM
The funny thing is that the action seems to work on the demo page you pointed us to. After the action works, I get challenged.
  • Marcel
Feb 5, 2013 at 3:02 PM
FWIW, I've never been able to write to a list anonymously using the Web Services( You can using a DVWP ). I'm able to read, but that's it. The demo page appears to work b/c it simply updates the DOM which doesn't necessarily reflect what is actually stored under the hood.

Feb 5, 2013 at 3:05 PM
The demo page works, actually. It's updating the underlying list. However, it doesn't work unless you log in as the demo user.

Feb 5, 2013 at 4:05 PM
I meant explicitly when anonymous. I wasn't implying the demo didn't work out right. ;-)

Feb 5, 2013 at 5:58 PM
You could create a user that only has permissions to that list and then pass the credentials with the ajax call when you write to the list. Then any item you create/update will have as it's author/editor this "anonymous" user.
Feb 5, 2013 at 6:10 PM
Generally speaking, I discourage passing credentials of any kind from the client. Even if the user you use is specifically set up for that purpose, it opens the possibility of a security problem down the road. But, yes, that would work.

Feb 5, 2013 at 7:22 PM
I'm thinking a setInterval( useWebServicesAndCreateUpdateDelete, 5); would quickly change your opinion of adding user credentials within a script.

Feb 5, 2013 at 9:42 PM
Obviously it's not pretty or safe, depends on your environment I guess anyway. It's probably the closest thing to writing anonymously to a list though...
Feb 6, 2013 at 12:06 PM
For some reason, I believe I have done this, but trying to remember the context. One question that I always forget is to be sure that the javascript files are also in a library that has anonymous access and that they are checked in and published if required. This has bitten me too many times! Not saying it is the solution, but this should work and I think I have done it before. (I will not swear to it!)
Feb 6, 2013 at 12:41 PM
Edited Feb 6, 2013 at 12:41 PM
That's why I assert you should use a DVWP to write to a list anonymously. It's free and more secure. :-)

Et all:
If anyone has written to a list anonymously using Javascript ONLY and can produce a working demo, I'll personally send them $100.00 USD. This demo must use an OOTB SharePoint API and easily reproducible. e.g. Copy your script into my farm, press go and it works. No hackery setup or solution packaging...

Apr 23, 2013 at 9:27 AM

Did anyone get this to work?

I have a SPO public site running the Wsp365.Anonymous solution and a feedback list for visitors to leave a message. I would like to build a form using spservices to leave the comment but calling the web service results in access denied. When I go to the newform directly (mysite/lists/feedback/newform.aspx) it works perfectly and the item gets inserted into the list.

Any updates would be greatly appreciated

Thanks, Xavier
Apr 23, 2013 at 2:57 PM

Nobody has replied b/c it's impossible. I've been told it's possible, it has even been blogged about: "SPServices supports anonymous access to read and write to lists", however, it's impossible. My offer still stands though. If you get it to work, I'll send you $100.00 USD the very next day.

Apr 23, 2013 at 3:48 PM
I retract that statement (I'll update the post) and agree with Matt.

Apr 24, 2013 at 7:06 AM
After spending a day investigating the possibilities we have come to the same conclusion that using the web services to update items with anonymous access is not possible. Something Msft should resolve as you would expect that web service would inherit permissions you set in the site. We however are determined to get it to work and will be looking further into it through custom development. We are waiting to be upgraded to the next wave and will re-engineer our public website design to fit into the new publishing features including using jquery to update items and work around all the silly stuff msft has thought up.

Keep you posted or send me direct mail for more info.

Apr 24, 2013 at 12:43 PM
Hey Matt!

You know I could be evil and point out that you did not specify that your bet was restricted to web services! It is quite simple to do this in javascript with the CSOM. I know it works because I tested it to work fine with anonymous access. I understand that this is not the best answer for the web services crowd, but it does work!

Apr 24, 2013 at 2:15 PM
Edited Apr 24, 2013 at 2:18 PM

There was a reason I said: "demo must use an OOTB SharePoint API and easily reproducible". I don't really care what you use other than Javascript and an OOTB SharePoint API. With that said, if you can get it to work in JSOM/CSOM whatever it's called, PROVE IT. ;-)

Where's my demo script or better yet a demo page?

Apr 24, 2013 at 2:41 PM
Edited Apr 24, 2013 at 2:55 PM
iOnline247 wrote:

There was a reason I said: "demo must use an OOTB SharePoint API and easily reproducible". I don't really care what you use other than Javascript and an OOTB SharePoint API. With that said, if you can get it to work in JSOM/CSOM whatever it's called, PROVE IT. ;-)

Where's my demo script or better yet a demo page?

Since I was the one who started this discussion, I figured I'd contribute to what I've recently discovered in the past few weeks. I would have posted this sooner, but completely forgot about this post.

Spevilgenius is correct you can create, update, delete a list item with anonymous access through the Javascript Client Side Object Model and it is OOTB. As long as the anonymous user has rights to create, edit and delete to the list, it works. The only thing that does not work, for some strange reason is to View list items (getItems();). Although I've used SPServices GetListItems function to get around this with conjunction with a CSOM update function.

Below are a few links that I've referenced to get this to work.

How to: Create, Update, and Delete List Items Using JavaScript

Using SharePoint CSOM in HTML5 apps

This is an example that I've used on my site to test it out. Just replace the site, list and internal names and it should be good to go. This is the basic code to get this working:
<<!DOCTYPE html>
<%@ Page language="C#" %>
<%@ Register Tagprefix="SharePoint" 
     Assembly="Microsoft.SharePoint, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ Import Namespace="Microsoft.SharePoint" %>
<html xmlns:mso="urn:schemas-microsoft-com:office:office" xmlns:msdt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882">

<!-- the following 5 js files are required to use CSOM -->
    <script src="/_layouts/1033/init.js"></script>
    <script src="/_layouts/MicrosoftAjax.js"></script>
    <script src="/_layouts/sp.core.js"></script>
    <script src="/_layouts/sp.runtime.js"></script>
    <script src="/_layouts/sp.js"></script>

    <!-- include your app code -->
    <SharePoint:FormDigest ID="FormDigest1" runat="server">
<script type="text/javascript">

  // define a ClientContext for the specified SP site
var ctx = new SP.ClientContext("/alumni/");
// attach a onRequestFailed function to the client context.
ctx.add_requestFailed(function (sender, args) {
    alert('Request failed: ' + args.get_message());
function example () {

    var web = ctx.get_web();
    ctx.executeQueryAsync(function () {
        alert("Title: " + web.get_title());
        alert("Description: " + web.get_description());

    /*  var items = ctx
            .getByTitle('Ad Content')
    var contacts = ctx.loadQuery(items);
    ctx.executeQueryAsync(function () {
        contacts.forEach(function (contact) {
       console.log("Pages: ", contact.get_fieldValues())
    var list = ctx
            .getByTitle('Ad Content');
      // create a new item on the list
    var contact = list.addItem(new SP.ListItemCreationInformation());
    // You may even leave out the ListItemCreationInformation, 
    // if you don't set any of its properties:
    // var contact = list.addItem();
    contact.set_item("Title", "TestAnon"); // 'Title' is the internal name for 'Last Name'
    contact.set_item("Ad_x0020_Order", "4");
    // ensure that contact is saved during the query
    ctx.executeQueryAsync(function () {
        console.log("Id of new contact: ", contact.get_id()); 

     var id = 15,
        item = ctx
            .getByTitle('Ad Content')
    // Change business phone number.
    // Internal name is WorkPhone
    item.set_item("Ad_x0020_Order", "1");
    // ensure that contact is saved during the query
    ctx.executeQueryAsync(function () {
        console.log("New value: ", item.get_item("Ad_x0020_Order"));

window.onload = example;

Apr 24, 2013 at 2:50 PM
So.. Matt, let me know if it's PROVEN. I have my eye on a few things that's about around $100. ;)
Apr 24, 2013 at 3:19 PM

I'll test this ASAP!

Apr 24, 2013 at 3:24 PM
<script type="text/javascript" src="http://wtch02112013002/SiteAssets/js/jquery.min.js"></script>
<script type="text/javascript" src="http://wtch02112013002/SiteAssets/js/spservices.min.js"></script>
<input type="button" value="Add Item" id="AddItem"/>
TITLE:<input type="text" id="txtTitle" />
BODY:<input type="text" id="txtBody" />
<script type="text/javascript">
    var ctx, list, item;
    $("#AddItem").click(function () {

        ctx = new SP.ClientContext("/");
        list = ctx.get_web().get_lists().getByTitle("Announcements");
        item = list.addItem();
        alert($("input[id*='txtTitle']").val() + ", " + $("input[id*='txtBody']").val());
        item.set_item('Title', $("input[id*='txtTitle']").val());
        item.set_item('Body', $("input[id*='txtBody']").val());


        ctx.executeQueryAsync(onQuerySucceeded, onQueryFailed);

    function onQuerySucceeded() {
        alert('Item created: ');

    function onQueryFailed(sender, args) {
        alert('Request failed. ');
And clark1eh, you can get that View list to work if you run some powershell script to change the Web Application blocked types. You can do a search for that. I ran into that in an earlier search.

Apr 24, 2013 at 3:30 PM
Edited Apr 24, 2013 at 3:31 PM
Dan, I did come across that when I was searching CSOM with Anonumous access. Since we were discussing only OOTB solutions I didn't mention it. Doesn't sound like to many people have that kind of access.

Since my employer is looking into upgrading to SP 2013 very soon, the CSOM capabilities have been expanded, including dealing with documents and folders. Plus the REST functionality is also getting more robust which looks very exciting as well. Can't wait!
Apr 24, 2013 at 7:19 PM
Edited Apr 26, 2013 at 2:37 PM

Apr 24, 2013 at 7:29 PM
Thanks for posting back and taking on Matt's challenge. I have been keeping my eye on this thread and will now bookmark it for future reference.
Good Stuff.

Matt: (@iOnline247 ) - Kudos for not shying away from the bounty.

Paul T

Apr 24, 2013 at 7:58 PM
It's not a problem. I'm just glad I was able to find something that worked OOTB and fairly simple to utilize. Happy to share the find with everyone. I just wish I found it sooner.
Apr 26, 2013 at 11:22 AM
Doesn't work on SharePoint ONLINE, Error message is "Error: Unable to get property 'requestUnexpectedResponseWithStatus' of undefined or null reference". As you can't tingle with the security on webapp level I am guessing this will never work.

Any ideas?

Feb 27, 2015 at 4:28 AM
I was able to get Dan's CSOM code example working on my SharePoint Online Public Facing site. It wasn't working at first, I was getting an access denied. After a lot of research, I finally stumbled on this article: http://sharepointtaproom.com/2014/08/28/anonymous-api-access-for-office-365-public-sites/. Dan's code, combined with this article finally got me up and working.
Mar 1, 2016 at 3:58 PM
Dear friends!

After spent alot of days trying to insert anonymously with SPServices, I found a way using Javascript Object Model.

It comes with sharepoint, you don't even need to reference it.

I try to insert anonymously and work it!

Hope it works for u all.

Link \/