Team blog of MCS @ Middle East and Africa

This blog is created by Microsoft MEA HQ near shoring team, and it aims to share knowledge with the IT community.With its infrastructure and development sides,It brings to you the proven best practices and real world experiences from Subject Matter Experts
Follow Us On Twitter! Subscribe To Our Blog! Contact Us

Troubleshooting SharePoint Error: The security validation for this page is invalid

Troubleshooting SharePoint Error: The security validation for this page is invalid

  • Comments 1
  • Likes

While doing custom development on SharePoint using Visual Studio, it is common to get "The security validation for this page is invalid". I give 2 simple steps to troubleshoot this issue, I assume that you did not yet go into playing with the Web Application security settings (And please do not!!)...

Step 1: In the master page, ensure that the Form Digest control is there, put it at the end of your master page. This should look like ...

<asp:ContentPlaceHolder id=”PlaceHolderFormDigest” runat=”server”>
        <SharePoint:FormDigest runat=”server”/>
</asp:ContentPlaceHolder>

Refer to this MSDN article: http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.webcontrols.formdigest.aspx

Step 2: Your code might be running with Elevated privilege using SPSecurity.RunWithElevatedPrivileges. If your code is performing updates to the web application, you will get this security error or "Access Denied" error. To avoid this, use the SPUtility.ValidateFormDigest() before running your elevated code. This should be something like...

SPUtility.ValidateFormDigest();
SPSecurity.RunWithElevatedPrivileges(delegate()
{....

 Refer to this MSDN article: http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.utilities.sputility.validateformdigest.aspx

What not to do:

Never, Never, play with the Farm or WebApplication security settings. I have seen many blogs that will ask you to web.AllowUnsafeUpdates=true; or ValidateFormDigest.Enabled=false; if you do this, you open security threats to your web application. People can submit incorrect data and bypass ASP .Net security. When trouble happens or you web site is attacked, it should not be your code to blame.

Happy coding:)

Comments
  • The second step worked brilliantly for me. I am running in elevated scope. Thank you

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment