I'm having trouble updating a SharePoint publishingWeb attribute under RunWithElevatedPrivileges. it fails with the exception "The security validation for this page is invalid" at this line : "pubWeb.IncludeInCurrentNavigation = false;". Below is the code i'm trying to run. Normally you can set AllowUnsafeUpdates = true, but publishingWeb's don't have this special property.
My question is what is the proper way to update publishingWeb attributes in an elevated context?
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite siteCollection = new SPSite(parentSiteUrl))
{
//siteCollection.AllowUnsafeUpdates = true;
using (SPWeb web = siteCollection.OpenWeb(subSiteUrl))
{
//web.AllowUnsafeUpdates = true;
if (PublishingWeb.IsPublishingWeb(web))
{
// hide new sub-site from navigation elements.
PublishingWeb pubWeb = PublishingWeb.GetPublishingWeb(web);
pubWeb.IncludeInCurrentNavigation = false;
pubWeb.IncludeInGlobalNavigation = false;
pubWeb.Update();
}
}
}
});
If this change occurs on a postback (a POST), you should be calling SPSecurity.ValidateFormDigest() before you make the change. AllowUnsafeUpdates is only used for http GET requests.
If it is a GET request, I would have expected the commented-out line to have worked, but since it's commented I presume it didn't. I would suggest you to use:
pubWeb.Web.AllowUnsafeUpdates = true
as a PublishingWeb is a wrapper for an SPWeb instance, which is accessible via the Web property. It's strange though, I would have expected the supplied SPWeb to have been the same instance (and as such your commented line should have worked.)