While doing custom development on SharePoint using Visual Studio, it is common to get “The security validation for this page is invalid”. I give 2 simple steps to troubleshoot this issue, I assume that you did not yet go into playing with the Web Application security settings (And please do not!!)…
Step 1: In the master page, ensure that the Form Digest control is there, put it at the end of your master page. This should look like …
<asp:ContentPlaceHolder id=”PlaceHolderFormDigest” runat=”server”>
<SharePoint:FormDigest runat=”server”/>
</asp:ContentPlaceHolder>
Refer to this MSDN article: http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.webcontrols.formdigest.aspx
Step 2: Your code might be running with Elevated privilege using SPSecurity.RunWithElevatedPrivileges. If your code is performing updates to the web application, you will get this security error or “Access Denied” error. To avoid this, use the SPUtility.ValidateFormDigest() before running your elevated code. This should be something like…
SPUtility.ValidateFormDigest();
SPSecurity.RunWithElevatedPrivileges(delegate()
{….
Refer to this MSDN article: http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.utilities.sputility.validateformdigest.aspx
What not to do:
Never, Never, play with the Farm or WebApplication security settings. I have seen many blogs that will ask you to web.AllowUnsafeUpdates=true; or ValidateFormDigest.Enabled=false; if you do this, you open security threats to your web application. People can submit incorrect data and bypass ASP .Net security. When trouble happens or you web site is attacked, it should not be your code to blame.
Happy coding:)
You must log in to post a comment.