Adding Items to a SharePoint List

4 05 2009

Ok, a low-tech post this time. I’ve wasted the better part of my last few days battling Share Point permissions. My goal was to write a web part that lets users add an entry to a Share Point list. So, in case you (or me) need users to add items to a list, this could save us a lot of time…

At first everything worked well, since I used a system account for testing. As expected, when switching to a regular user I started getting errors:

  1. Access Denied – At first I received SharePoint’s Access Denied page. I soon remembered I had to elevate the permissions (lambda style).
  2. Another Access Denied – Even after using RunWithElevatedPrivileges, we have to reopen our SPSite and SPWeb, we can’t use SPContext (it has the old permissions). Which is a shame, because we also have to close them later (here this is done with using, but in the real code I manage it on another class).
  3. Security Validation Exception – This one took me a few hours. When searching for the answer I saw someone suggesting to use AllowUnsafeUpdates (which a colleague said I should use on a different project). That means setting “web.AllowUnsafeUpdates = true;” before I make any updates, and setting it back to false later.
    Microsoft.SharePoint.SPException:
    The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again. --->
    System.Runtime.InteropServices.COMException (0x8102006D): The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again.
  4. ValidateFormDigest – While commenting the code I realized I don’t fully understand what AllowUnsafeUpdates does and why I use it. I came across a very detailed article, that explained I could use ValidateFormDigest instead of this little hack.

Sample code for users adding or updating an item:

//A user cannot add items, needs elevated permissions.
SPSecurity.RunWithElevatedPrivileges(() =>
{
  //when using RunWithElevatedPrivileges we cannot use
  // SPContext.Current - These SP objects have the old
  // privileges. We need to open a new SPSite and SPWeb.
  using (SPSite site = new SPSite(SPContext.Current.Site.ID))
  {
    using (SPWeb web = site.OpenWeb("/training"))
    {
      //Validate form POST data.
      SPUtility.ValidateFormDigest();

      //demo code for adding or editing an item
      SPList registrations = web.Lists["Registrations"];
      SPItem newItem = registrations.Items.Add();
      newItem["Title"] = "Added new Item";
      newItem.Update();
      //end of demo code.
    }
  }
});

Second option – stronger but more hacky:

//A user cannot add items, needs elevated permissions.
SPSecurity.RunWithElevatedPrivileges(() =>
{
  //when using RunWithElevatedPrivileges we cannot use
  // SPContext.Current - These SP objects have the old
  // privileges. We need to open a new SPSite and SPWeb.
  using (SPSite site = new SPSite(SPContext.Current.Site.ID))
  {
    using (SPWeb web = site.OpenWeb("/training"))
    {
      web.AllowUnsafeUpdates = true;

      //code for adding or editing an item...

      web.AllowUnsafeUpdates = false;
    }
  }
});

Possibly related posts: (automatically generated)

«


Actions

Information

2 responses

10 09 2009
Joshi (15:18:10) :

Hi
it is excellent, it worked very well for me.
it worked in the first try it self.
I had done a lot of search for this code, but it is the only site it gives

Reply
10 09 2009
Kobi (15:23:28) :

Thanks Joshi.

Reply

Leave a comment