Can somebody please explain the relationship (or lack of one) between anonymous access on the portal Web Application and anonymous access to portal items through the SDK?
If I disable anonymous access on our private portal instance then via the web browser, I always get redirected to the login page and cannot access anything without logging on first. That is obviously expected behaviour.
With the same setting (anonymous access disabled), when using the SDK I seem to be able to retrieve any portal item that is marked as public, without providing any credentials. The PortalInfo.Access property returns the expected values i.e Private when anonymous access is disabled and Public when anonymous access is enabled, but this doesn't seem to have any bearing on whether I can retrieve portal items or not.
The Portal is configured to use the internal identity store with ArcGISToken based authentication and there are definitely no credentials added to the AuthenticationManager or supplied when creating the portal instance. My assumption is that this makes me an anonymous SDK user and therefore I shouldn't have access to any content.
I'm using ArcGIS Portal 10.4.1 and the new Quartz SDK. I've tested against Portal 10.3.1 too and get the same behaviour there. Am I misunderstanging something or is there a bug in the SDK? If it's a bug, does anyone know if it's fixed in Portal 10.5?