SPSite.ValidateDomainCompatibility method (SPSite, SPSite)
Verifies that two URLs have compatible domains.
Assembly: Microsoft.SharePoint (in Microsoft.SharePoint.dll)
'Declaration Public Shared Function ValidateDomainCompatibility ( _ site1 As SPSite, _ site2 As SPSite _ ) As Boolean 'Usage Dim site1 As SPSite Dim site2 As SPSite Dim returnValue As Boolean returnValue = SPSite.ValidateDomainCompatibility(site1, _ site2)
public static bool ValidateDomainCompatibility( SPSite site1, SPSite site2 )
A URL that points to a first site collection.
A URL that points to a second site collection.
Only use this overload if you have two existing site collections and you know that site lookup has succeeded. If you only have strings and do not know if site lookup has succeeded, call the VisualUpgradeWebs() method, which does validation even if the URL does not point to a site collection.
Using this method helps to block cross-domain scripting attacks. For example, http://Server1 and http://Server2 are distinct domains, and you should not be able to update a site collection in one domain from the other domain. Consequently, this method allows you to verify that both site collections exist within compatible domains when code performs operations on other site collections.
Domains are compatible if they point to the same content. For example, https://domain1.com and http://domain2.com are compatible, as are http://intranet and http://extranet. Domains such as http://www.hostheadersites.com and http://www.hostheadersites.com/sites/team are also compatible. However, http://user1.hostheadersites.com and http://user2.hostheadersites.com are not compatible.
This method also accounts for the relationship between site collections. If two site collections are members of the same site subscription, then their domains are compatible. A simple string comparison of URL host headers is not sufficient, because such a check would fail to properly account for alternate access mappings. Features which use both http://intranet and http://extranet would fail. Even without alternate access mapping, a string comparison is not sufficient because features fail to work correctly in reverse proxy configurations that remap host headers or ports (for example, when https://mydomain.com becomes http://18.104.22.168 at the load balancer.