SharePoint PublishingWeb change under elevated security context fails, why?
-
26-09-2019 - |
Question
I'm having trouble updating a SharePoint publishingWeb attribute under RunWithElevatedPrivileges. it fails with the exception "The security validation for this page is invalid" at this line : "pubWeb.IncludeInCurrentNavigation = false;". Below is the code i'm trying to run. Normally you can set AllowUnsafeUpdates = true, but publishingWeb's don't have this special property.
My question is what is the proper way to update publishingWeb attributes in an elevated context?
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite siteCollection = new SPSite(parentSiteUrl))
{
//siteCollection.AllowUnsafeUpdates = true;
using (SPWeb web = siteCollection.OpenWeb(subSiteUrl))
{
//web.AllowUnsafeUpdates = true;
if (PublishingWeb.IsPublishingWeb(web))
{
// hide new sub-site from navigation elements.
PublishingWeb pubWeb = PublishingWeb.GetPublishingWeb(web);
pubWeb.IncludeInCurrentNavigation = false;
pubWeb.IncludeInGlobalNavigation = false;
pubWeb.Update();
}
}
}
});
Solution
If this change occurs on a postback (a POST), you should be calling SPSecurity.ValidateFormDigest()
before you make the change. AllowUnsafeUpdates is only used for http GET requests.
If it is a GET request, I would have expected the commented-out line to have worked, but since it's commented I presume it didn't. I would suggest you to use:
pubWeb.Web.AllowUnsafeUpdates = true
as a PublishingWeb
is a wrapper for an SPWeb
instance, which is accessible via the Web
property. It's strange though, I would have expected the supplied SPWeb
to have been the same instance (and as such your commented line should have worked.)
OTHER TIPS
Was reading a bit about using this property
pubWeb.Navigation.ExcludeFromNavigation(true, web.ID);
instead of
pubWeb.IncludeInCurrentNavigation = false;
pubWeb.IncludeInGlobalNavigation = false;
Not sure if that is relevant to what your trying to accomplish.
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite siteCollection = new SPSite(parentSiteUrl))
{
//siteCollection.AllowUnsafeUpdates = true;
using (SPWeb web = siteCollection.OpenWeb(subSiteUrl))
{
//web.AllowUnsafeUpdates = true;
if (PublishingWeb.IsPublishingWeb(web))
{
// hide new sub-site from navigation elements.
PublishingWeb pubWeb = PublishingWeb.GetPublishingWeb(web);
pubWeb.Navigation.ExcludeFromNavigation(true, web.ID);
pubWeb.Update();
}
}
}
});