SharePoint Dragons

Nikander & Margriet on SharePoint

Tag Archives: security

Setting the SharePoint context to null

We came across an interesting, what shall we call it, hack we guess. Suppose you have a scenario where you execute an HTTP POST and try to change something in the SharePoint content database. If you don’t have a valid FormDigest control, you’re in trouble. Apparently, there’s a hack available. If you set the HTTP context to null, the code will be treated as running from outside the Sharepoint context (e.g. from a timer job or a console application) which makes SharePoint refrain from doing a FormDigest check (http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.webcontrols.formdigest.aspx).

var ctx = HttpContext.Current;

try { HttpContext.Current = null; siteCollection.Add(…); }

finally { HttpContext.Current = ctx; }

The hack is described here: http://social.technet.microsoft.com/Forums/en-US/sharepoint2010programming/thread/4f710dda-e5a4-4a56-8570-267aceff8d11

Advertisements