MOSS Forum

Ask Question   UnAnswered
Home » Forum » MOSS       RSS Feeds

can't set AllowUnsafeUpdates to true in a web part

  Asked By: Roman    Date: Feb 08    Category: MOSS    Views: 4069

I'm trying to add an entry to a list from a web part. When I execute:

SPContext.Current.Web.AllowUnsafeUpdates = true;

I get:

Request for the permission of type
Microsoft.SharePoint.Security, Version=, Culture=neutral,
PublicKeyToken=71e9bce111e9429c' failed.

I don't understand why I don't have permission. In the web.config, I
set the trust level to WSS_Medium. As I understand it, this should
give my web part access to the SharePoint Object Model. What am I
missing? I'm using MOSS 2007.



5 Answers Found

Answer #1    Answered By: Cassandra Cooper     Answered On: Feb 08

If your webpart will be on a page in the site collection where the list
is you shouldn't need AllowUnsafeUpdates set  to true. The FormDigest
control on the masterpage will take care of the security  session for
you. If you really want to use it then don't try to set it directly.
Instead use code like this.

SPWeb website = SPContext.Current.Web;

Website.AllowUnsafeUpdates = true;


Answer #2    Answered By: Elaina Suarez     Answered On: Feb 08

If I don't set  AllowUnsafeUpdates to
true, I get this error:

Updates are currently disallowed on GET requests. To allow updates on
a GET, set the 'AllowUnsafeUpdates' property on SPWeb.

The web  part is running on an extranet version. Does that explain why
I need to set AllowUnsafeUpdates to true?

In addition, it seems like I cannot make this call without setting the
trust level  to Full in the web.config.

Answer #3    Answered By: Kacey Russo     Answered On: Feb 08

By extranet do you mean a zone using a pluggable Forms based
authentication? If so, then that is the problem. The easiest way to
fix that would probably be to run the update using elevated priveledges.
Can you pass a short code snip of what you are trying to accomplish.
Then I'll see if I can troubleshoot it for you.

Answer #4    Answered By: Rebecca Lewis     Answered On: Feb 08

Yes, the extranet uses Forms based authentication. I'm not sure
what you mean by pluggable, however. Here's the code I'm using to add
a new entry  to the list:

SPWeb web  = SPContext.Current.Web;
web.AllowUnsafeUpdates = true;
//SPContext.Current.Web.AllowUnsafeUpdates = true;
SPListItem newAttendee = attendList.Items.Add();
// userProfile is a PropertyValueCollection
newAttendee["Title"] =
userProfile["FirstName"].PropertyValue.ToString() + " " +
newAttendee["Attending"] = "maybe";
newAttendee["UserId"] = HttpContext.Current.User.Identity.Name;

If it matters, I'm executing this code inside CreateChildControls().

Answer #5    Answered By: Emily Clark     Answered On: Feb 08

I finally got things working w/o running with Full Trust. I had to set
Impersonate and UnsafeSaveOnGet to true for SharePointPermission in a
custom permission set  and run the whole block of code with elevated

The learning curve for SharePoint is steeper than I imagined.

Didn't find what you were looking for? Find more on can't set AllowUnsafeUpdates to true in a web part Or get search suggestion and latest updates.