SharePoint Dragons

Nikander & Margriet on SharePoint

Tag Archives: security

Setting the SharePoint context to null

We came across an interesting, what shall we call it, hack we guess. Suppose you have a scenario where you execute an HTTP POST and try to change something in the SharePoint content database. If you don’t have a valid FormDigest control, you’re in trouble. Apparently, there’s a hack available. If you set the HTTP context to null, the code will be treated as running from outside the Sharepoint context (e.g. from a timer job or a console application) which makes SharePoint refrain from doing a FormDigest check (

var ctx = HttpContext.Current;

try { HttpContext.Current = null; siteCollection.Add(…); }

finally { HttpContext.Current = ctx; }

The hack is described here: