Monday 15 April 2013

security - Creating an SPListItem in a WCF service deployed to SharePoint -


itemprop = "text">

I used the following method in a WCF service, that has been posted to SharePoint using Shell Malik's Guide: < / P> <> [OperationContract] public string addItem (using string itemTitle, Guid? IdOfListToUse) {using portal = new SPSite (SPContext.Current.Site.Url, SPContext.Current.Site.SystemAccount.UserToken )) Using pre ({var web = portal.OpenWeb ()) {Guide list ID; Web.AllowUnsafeUpdates = true; If (idOfListToUse = Null & amp;! IdOfListToUse.Value = New GUID ()) {ListId = idOfListToUse.Value; } Other {try {listId = new navigation (web properties [propertybusinesstsetslist]); } Hold (exception before) {new miectionation ("List list (default list) could not find a list id!", Prior); }} Var list = web.Lists [listId]; String title = ""; SPSecurity.RunWithElevatedPrivileges (Rep {var newItem = list.Items.Add (); newItem ["title"] = itemTitle; newItem.Update (); title = newItem.Title;}); Web.AllowUnsafeUpdates = false; Return title; }}}

The method goes from javascript when it is used (using Rick Straal's Best ServiceProxy.js) and it fails) ValidateFormDigest () because of newItem.Update (But it does not.

Here's the kicker, when I move through the code it works! There is no exception!

OK, got answer (here also 2: - D)

First of all, dirty one:

Set FormDigestValidatedProperty in context: 

  HttpContext.Current.Items ["FormDigestValidated Second, a little less dirty version (basically leaving the open path for XSS attacks, but it is an intranet anyway)

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)