SharePoint PublishingWeb change under elevated security context fails, why?

StackOverflow https://stackoverflow.com/questions/3612903

  •  26-09-2019
  •  | 
  •  

Question

I'm having trouble updating a SharePoint publishingWeb attribute under RunWithElevatedPrivileges. it fails with the exception "The security validation for this page is invalid" at this line : "pubWeb.IncludeInCurrentNavigation = false;". Below is the code i'm trying to run. Normally you can set AllowUnsafeUpdates = true, but publishingWeb's don't have this special property.

My question is what is the proper way to update publishingWeb attributes in an elevated context?

            SPSecurity.RunWithElevatedPrivileges(delegate()
            {
                using (SPSite siteCollection = new SPSite(parentSiteUrl))
                {
                    //siteCollection.AllowUnsafeUpdates = true;
                    using (SPWeb web = siteCollection.OpenWeb(subSiteUrl))
                    {
                        //web.AllowUnsafeUpdates = true;
                        if (PublishingWeb.IsPublishingWeb(web))
                        {
                            // hide new sub-site from navigation elements.
                            PublishingWeb pubWeb = PublishingWeb.GetPublishingWeb(web);
                            pubWeb.IncludeInCurrentNavigation = false;
                            pubWeb.IncludeInGlobalNavigation = false;
                            pubWeb.Update();
                        }
                    }
                }
            });
Was it helpful?

Solution

If this change occurs on a postback (a POST), you should be calling SPSecurity.ValidateFormDigest() before you make the change. AllowUnsafeUpdates is only used for http GET requests.

If it is a GET request, I would have expected the commented-out line to have worked, but since it's commented I presume it didn't. I would suggest you to use:

pubWeb.Web.AllowUnsafeUpdates = true

as a PublishingWeb is a wrapper for an SPWeb instance, which is accessible via the Web property. It's strange though, I would have expected the supplied SPWeb to have been the same instance (and as such your commented line should have worked.)

OTHER TIPS

Was reading a bit about using this property

pubWeb.Navigation.ExcludeFromNavigation(true, web.ID);

instead of

pubWeb.IncludeInCurrentNavigation = false;

pubWeb.IncludeInGlobalNavigation = false;

Not sure if that is relevant to what your trying to accomplish.

SPSecurity.RunWithElevatedPrivileges(delegate()
                {
                    using (SPSite siteCollection = new SPSite(parentSiteUrl))
                    {
                        //siteCollection.AllowUnsafeUpdates = true;
                        using (SPWeb web = siteCollection.OpenWeb(subSiteUrl))
                        {
                            //web.AllowUnsafeUpdates = true;
                            if (PublishingWeb.IsPublishingWeb(web))
                            {
                                // hide new sub-site from navigation elements.
                                PublishingWeb pubWeb = PublishingWeb.GetPublishingWeb(web);
                                pubWeb.Navigation.ExcludeFromNavigation(true, web.ID);
                                pubWeb.Update();
                            }
                        }
                    }
                });
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top