错误:此网页的安全性验证无效并且可能损坏。请单击 Web 浏览器中的“后退”,刷新网页,再重试操作
此网页的安全性验证无效并且可能损坏。请单击 Web 浏览器中的“后退”,刷新网页,再重试操作。(中文)
System.Exception: Microsoft.SharePoint.SPException: The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again(英文)
【问题描述】
提升权限后:
在启动工作流时,出现了标题上的错误;
在对SPListItem更新时,也会遇到这样的错误;
基本上这个错误出现在:权限提升后,对MOSS进行更新操作时出现。
错误代码如下:
SPSite site = null;
SPWeb web = null;
try
{
SPSecurity.RunWithElevatedPrivileges(delegate
{
site = new SPSite(siteCollectionUrl);
web = site.RootWeb;
});
if (site == null || web == null)
{
return;
}
// 启动工作流
bool flag= CommonMethods.StartWorkFlow("UserRegisterSequentialWorkflow01", item, strXml);
}
catch (Exception ex)
{
LogHelper.WriteException(ex);
}
finally
{
if (web != null)
{
web.Dispose();
}
if (site != null)
{
site.Dispose();
}
}
/// <summary>
/// 通过工作流模板名来启动工作流
/// </summary>
/// <param name="baseTemplateName">模板名</param>
/// <param name="ListItem">要启动的工作流的项(SPListItem)</param>
/// <param name="assiciationData">初始数据</param>
/// <returns>返回是否成功的指示值</returns>
public static bool StartWorkFlow(string baseTemplateName, SPListItem listItem, string assiciationData)
{
try
{
if (string.IsNullOrEmpty(baseTemplateName) || listItem == null)
{
return false;
}
SPList list = listItem.ParentList;
string templateName = string.Empty;
for (int i = 0; i < listItem.Workflows.Count; i++)
{
templateName = listItem.Workflows[i].ParentAssociation.BaseTemplate.Name;
if (templateName.Equals(baseTemplateName))
{
//已经被启动就返回
return true;
}
}
//在当前list的WorkflowAssociations中找到要启动的工作流 SPWorkflowAssociation
templateName = string.Empty;
foreach (SPWorkflowAssociation wfAssoc in list.WorkflowAssociations)
{
//找到SPWorkflowAssociation通过名字
templateName = wfAssoc.BaseTemplate.Name;
if ((templateName.Equals(baseTemplateName)))
{
//启动工作流
string tempAssociation = wfAssoc.AssociationData;
if (!string.IsNullOrEmpty(assiciationData))
{
tempAssociation = assiciationData;
}
listItem.Web.Site.WorkflowManager.StartWorkflow(listItem, wfAssoc, tempAssociation, true);
break;
}
}
}
catch (SPException ex)
{
LogHelper.WriteException(ex);
return false;
}
return true;
}
【解决办法】
1、允许SPSite、SPWeb进行不安全更新
SPSite.AllowUnsafeUpdate =true
SPWeb.AllowUnSafeUpdate =true
SPSite site = null;
SPWeb web = null;
try
{
SPSecurity.RunWithElevatedPrivileges(delegate
{
site = new SPSite(siteCollectionUrl);
web = site.RootWeb;
});
// 启动工作流
site.AllowUnsafeUpdates = true;
web.AllowUnsafeUpdates = true;
bool flag= CommonMethods.StartWorkFlow("UserRegisterSequentialWorkflow01", item, strXml);
// 即可能早的恢复不安全更新设置
site.AllowUnsafeUpdates = false;
web.AllowUnsafeUpdates = false;
}
catch (Exception ex)
{
LogHelper.WriteException(ex);
}
finally
{
if (web != null)
{
web.Dispose();
}
if (site != null)
{
site.Dispose();
}
}
2、禁用相关的web应用的安全验证状态
This error is caused due to security validation. So there should be a way out to turn it off. One method to turn off security is:
Central Administration
—>application management
—->web application general settings
–>turn security validation off
But, if we always keep it on there might be danger of malicious code.
So, we should handle this through coding, turn off security validation for our code to execute and then again turn it on.
SPWeb ospWeb = SPContext.Current.Web;
Microsoft.SharePoint.Administration.SPWebApplication webApp = ospWeb.Site.WebApplication;
webApp.FormDigestSettings.Enabled = false;
// our code should be inserted here
webApp.FormDigestSettings.Enabled = true;
禁用 web安全设置 是在国外网站上找到的
