locked
The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again.

    Question

  • Hi All, I am facing problem to update the list. I am getting below error. The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again. code: try { HiddenField itemID = (HiddenField)e.Item.FindControl("hdnID"); SPSite site = SPContext.Current.Site; Guid siteGuid = site.ID; SPWeb web = SPContext.Current.Web; Guid webGuid=web.ID; SPSecurity.RunWithElevatedPrivileges(delegate() { site= new SPSite(siteGuid); web=site.OpenWeb(webGuid); web.AllowUnsafeUpdates = true; SPList list = web.Lists["xxxx"]; SPQuery query = new SPQuery(); _queryFormat = new StringBuilder(); _queryFormat.Append("<Where><Eq><FieldRef Name='ID'/><Value Type='Counter'>"); _queryFormat.Append(itemID.Value); _queryFormat.Append("</Value></Eq></Where><OrderBy><FieldRef Name='ID'/></OrderBy>"); query.Query = _queryFormat.ToString(); SPListItemCollection itemsCollection = list.GetItems(query); foreach (SPListItem listitem in itemsCollection) { if (listitem["ID"] != null) { listitem["yyyy"] = "T"; listitem.Update(); list.Update(); web.Update(); } break; } }); } catch (Exception ex) { } Any help would be appreciated. Thanks in advance. By Nani
    Wednesday, November 30, 2011 4:59 PM

Answers

  • Nani,

     

    I think this issue is due to worng elevated context.

    Try to create elevated web context this way:

     

    Guid siteId = SPContext.Current.Site.ID;

    SPListItem objSPListItem = null;

    SPList objSPList;

     SPSecurity.RunWithElevatedPrivileges(delegate()

                      {

                          using (SPSite spSite = new SPSite(siteId))

                          {

                              using (SPWeb objSPWeb = spSite.RootWeb)

                              {

    objSPWeb.AllowUnsafeUpdates = true;

                                  objSPList = objSPWeb.Lists["XXXX"];

                                  objSPListItem = objSPList.GetItemById(ID);

    objSPListItem.Update();

                              }

                          }

                      });

     

    Thanks

     

    Friday, December 02, 2011 8:50 AM

All replies

  • Nani,

     

    I think this issue is due to worng elevated context.

    Try to create elevated web context this way:

     

    Guid siteId = SPContext.Current.Site.ID;

    SPListItem objSPListItem = null;

    SPList objSPList;

     SPSecurity.RunWithElevatedPrivileges(delegate()

                      {

                          using (SPSite spSite = new SPSite(siteId))

                          {

                              using (SPWeb objSPWeb = spSite.RootWeb)

                              {

    objSPWeb.AllowUnsafeUpdates = true;

                                  objSPList = objSPWeb.Lists["XXXX"];

                                  objSPListItem = objSPList.GetItemById(ID);

    objSPListItem.Update();

                              }

                          }

                      });

     

    Thanks

     

    Friday, December 02, 2011 8:50 AM
  • Hi Praveen,

    you should set the 'allowUnsafeUpdate' as 'false' after have done operations on database otherwise cross-site scripting issue will raise.

    Reference below posts to get clear idea on 'allowUnsafeUpdates'

    http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.allowunsafeupdates.aspx 

     

    Wednesday, February 01, 2012 11:02 AM