SharePoint 2013 introduces MDS, or Minimal Download Strategy, as a way to increase performance of various types of SharePoint sites (basically, non-publishing sites.) It’s turned on for quite a few site templates out of the box so it’s important to understand how it works. I won’t go into it here since others cover it well, but review the links at the bottom of this post if you’re interested.
When developing a custom master page, there’s a new control that you’ll need to be concerned with due to MDS called AjaxDelta. This control is used to tell MDS which controls or content that call into SharePoint require the user to be authenticated and authorized. Any content outside of an AjaxDelta control is treated anonymously. This may bite you if you forget and start moving controls around. An example of that can be found here.
If you haven’t put two and two together yet based on the title of this post, you’ll need to also wrap your client side REST calls with an AjaxDelta control. Well, maybe. I was getting pretty good results without the AjaxDelta wrapper, until I did some testing using Windows XP and IE 8. On that platform, my REST calls were resulting in “Access is Denied” entries in ULS logs in an unauthenticated server call (as shown by a “Authentication Authorization” entry where IsAuthenticated=false.) Once I put the script inside an AjaxDelta control, the problem went away.
As mentioned, this was only for WinXP and IE8 so perhaps there is a client setting that can be changed to fix the issue as well.
Here’s a good link on MDS, if you’re interested (if you read this far, you’re interested ):