SharePoint, HTTP Modules, and Page Validation

Posted by Damon Armstrong on Simple Talk See other posts from Simple Talk or by Damon Armstrong
Published on Sat, 20 Oct 2012 02:45:26 +0000 Indexed on 2012/10/20 5:16 UTC
Read the original article Hit count: 494

Filed under:

Sometimes I really believe that SharePoint actively thwarts my attempts to get it to do what I want.  First you look at something and say, wow, that should work.  Then you realize it doesn’t.  Then you have an epiphany and see a workaround.  And when you almost have that work around working… well then SharePoint says no again.  Then it’s off on another whirl-wind adventure to find a work around for the workaround.  I had one of those issues today, but I think I finally got past the last roadblock.

So, I was writing an HTTP module as a workaround for another problem.  Everything looked like it was working great because I had been slowly adding code into the HTTP module bit by bit in a prototyping effort.  Finally I put in the last bit of code in place… and I started to get an error:

“The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again.”

This is not an uncommon error – it normally occurs when you are updating an item on a GET request and you have not marked the web containing the item with AllowUnsafeUpdates.  One issue, however, is that I wasn’t updating anything in my code.  I was, however, getting an SPWeb object so I decided to set the AllowUnsafeUpdates property on it to true for good measure. Once that was in place, I ran it again…

“The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again.”

WTF?!?!  I really expected that setting the AllowUnsafeUpdates property on the SPWeb would fix the issue, but clearly that was not the case.  I have had occasion to disassemble some SharePoint code with .NET Reflector in the past, and one of the things SharePoint abuses a bit more than it should is the HttpContext.  One way to avoid this abuse is to clear out the HttpContext while your code runs and then set it back once you are done. 

I tried this next, and everything worked out just like I had expected.  So, if you are building an HTTP Module for SharePoint and some code that you are running ends up giving you a security validation error, remember to try running that code with AllowUnsafeUpdates turned on and try running the code with the HttpContext nulled out (just remember to set it back after your code runs or else you’ll really jack things up).

© Simple Talk or respective owner

Related posts about Uncategorized