FB_init

Monday, November 21, 2011

My daily SharePoint frustration - XXI

Scenario: in a site with both forms and NTLM authentication, a user would add a List View Web Part to the page. The user would try to delete a document from it and an error appeared on the browser:



The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again.


What I tried:
  I tried to add this to the custom master page (just before the closing form tag):



        

It didn't work. I saw no difference in the source html. And I noticed that the form digest information was always there, regardless.
  I also tried to add to the existing code behind of the custom master page:

  protected override void OnInit(EventArgs e)
        {
            if (Page.IsPostBack) // custom stuff 
           {
                Microsoft.SharePoint.Utilities.SPUtility.ValidateFormDigest();
            }

It didn't work.

I tried to remove my customized master page and to use an out-of-the-box SharePoint master page. The problem was still there. I then tried to use an out-of-the-box page layout. The problem was still there. I tried to create a brand new out-of-the-box web application. The problem was not there. I then went back to web site where the problem was happening and began to comment out the http modules in web.config - trying different combinations to isolate the HTTP module. And I zoomed in to one module. I also changed the order of the http modules. Still, the same http module was the one.
Even after I found the faulty http module, it was not easy to isolate the problem.  I had to comment out the different conditions until I isolated SPContext.Current. 

Solution:

( It depends on your environment... It may not be applicable to you )  
Changing the HTTP module so that the evaluation of SPContext.Current only happens after the verification that the current handler is a Page. :

   public class MyMengaoModule : IHttpModule

        public void Init(HttpApplication context)
        {
            context.PreRequestHandlerExecute +=
            new EventHandler(ContextPreRequestHandlerExecute);
        }

        void ContextPreRequestHandlerExecute(object sender, EventArgs e)
        {
            Page page = HttpContext.Current.CurrentHandler as Page; // new stuff

            if (page == null)
            {
                return;
            }

            if (SPContext.Current != null && SPContext.Current.Site != null && SPContext.Current.Site.Zone == SPUrlZone.Internet) // as it was before
            ...

Time it took me to fix the problem: 3 days of work...


No comments: