[SOLVED] Sitecore 8.2 ItemService api working in main website but not in microsites

Sitecore 8.2 ItemService api working in main website but not in microsites

I have a website that has a primary home node as well as several microsites (each of which is a different language), configured like so:

<sites>
    <site name="website-swedish" itemwebapi.mode="StandardSecurity" itemwebapi.access="ReadOnly" itemwebapi.allowanonymousaccess="true" patch:source="x.Sites.config" enableTracking="true" virtualFolder="/" physicalFolder="/" rootPath="/sitecore/content" startItem="/Swedish" hostName="se.mysite.com" language="sv" database="web" domain="extranet" allowDebug="true" cacheHtml="true" htmlCacheSize="50MB" registryCacheSize="0" viewStateCacheSize="0" xslCacheSize="25MB" filteredItemsCacheSize="10MB" enablePreview="true" enableWebEdit="true" enableDebugger="true" disableClientData="false" cacheRenderingParameters="true" renderingParametersCacheSize="10MB"/>
    <site name="website" enableTracking="true" virtualFolder="/" physicalFolder="/" rootPath="/sitecore/content" startItem="/home" domain="extranet" allowDebug="true" cacheHtml="true" htmlCacheSize="50MB" registryCacheSize="0" viewStateCacheSize="0" xslCacheSize="25MB" filteredItemsCacheSize="10MB" enablePreview="true" enableWebEdit="true" enableDebugger="true" disableClientData="false" cacheRenderingParameters="true" renderingParametersCacheSize="10MB" language="en" patch:source="x.Sites.config" formsRoot="{F1F7AAB6-C8CE-422F-A214-F610C109FA63}" enableItemLanguageFallback="false" enableFieldLanguageFallback="false" itemwebapi.mode="StandardSecurity" itemwebapi.access="ReadOnly" itemwebapi.allowanonymousaccess="true" database="web"/>
</sites>

InSitecore.Services.Client.config I changed SecurityPolicy to ServicesOnPolicy:

<setting name="Sitecore.Services.SecurityPolicy" value="Sitecore.Services.Infrastructure.Web.Http.Security.ServicesOnPolicy, Sitecore.Services.Infrastructure" />

When I make a call to the ItemService on my main website, such as mysite.com/sitecore/api/ssc/item/0CF2CD64-2A60-47AE-A2F2-7FD1B599EE04, it works as expected. However, when I make a call on the microsite, e.g. se.mysite.com/sitecore/api/ssc/item/0CF2CD64-2A60-47AE-A2F2-7FD1B599EE04, I get a 403 error.

Solution

In addition to the SecurityPolicy setting I also had to change the AllowAnonymousUser setting to true:

<setting name="Sitecore.Services.AllowAnonymousUser" value="true" />