SPSite.ValidateDomainCompatibility method (SPSite, SPSite)

Verifies that two URLs have compatible domains.

Namespace:  Microsoft.SharePoint
Assembly:  Microsoft.SharePoint (in Microsoft.SharePoint.dll)


Public Shared Function ValidateDomainCompatibility ( _
    site1 As SPSite, _
    site2 As SPSite _
) As Boolean
Dim site1 As SPSite
Dim site2 As SPSite
Dim returnValue As Boolean

returnValue = SPSite.ValidateDomainCompatibility(site1, _
public static bool ValidateDomainCompatibility(
    SPSite site1,
    SPSite site2


Return value

Type: System.Boolean
true if the domains are compatible; otherwise, false.


Only use this overload if you have two existing site collections and you know that site lookup has succeeded. If you only have strings and do not know if site lookup has succeeded, call the VisualUpgradeWebs() method, which does validation even if the URL does not point to a site collection.

Using this method helps to block cross-domain scripting attacks. For example, http://Server1 and http://Server2 are distinct domains, and you should not be able to update a site collection in one domain from the other domain. Consequently, this method allows you to verify that both site collections exist within compatible domains when code performs operations on other site collections.

Domains are compatible if they point to the same content. For example, https://domain1.com and http://domain2.com are compatible, as are http://intranet and http://extranet. Domains such as http://www.hostheadersites.com and http://www.hostheadersites.com/sites/team are also compatible. However, http://user1.hostheadersites.com and http://user2.hostheadersites.com are not compatible.

This method also accounts for the relationship between site collections. If two site collections are members of the same site subscription, then their domains are compatible. A simple string comparison of URL host headers is not sufficient, because such a check would fail to properly account for alternate access mappings. Features which use both http://intranet and http://extranet would fail. Even without alternate access mapping, a string comparison is not sufficient because features fail to work correctly in reverse proxy configurations that remap host headers or ports (for example, when https://mydomain.com becomes at the load balancer.

See also


SPSite class

SPSite members

ValidateDomainCompatibility overload

Microsoft.SharePoint namespace