SharePoint 2010: The security validation for this page is invalid


Deploying a new subsite into a SharePoint 2010 site collection, using a custom master page we started seeing the following error message when trying to add users to groups and changing settings of document libraries/lists:

The security validation for this page is invalid.

 

Reverting the master page back to the default one, the operations worked just fine. So it seemed the master page was missing something. Searching on Google about it I found 3 interesting articles about this subject:

http://www.simple-talk.com/community/blogs/charleslee/archive/2010/01/05/85440.aspx

http://snahta.blogspot.com/2008/11/security-validation-for-this-page-is.html

http://techtrainingnotes.blogspot.com/2009/12/sharepoint-security-validation-for-this.html

 

Basically, they explain this error is caused by a lack of validation on pages which change the content database. It can be solved in 2 ways:

-Adding the AllowUnsafeUpdates to your custom code.

SPWeb web = SPContext.Current.Web;
web.AllowUnsafeUpdates = true;

-Adding the FormDigest Sharepoint control to your master page.

From the MSDN article:

“To make posts from a Web application that modify the contents of the database, you must include the FormDigest control in the form making the post. The FormDigest control generates a security validation, or message digest, to help prevent the type of attack whereby a user is tricked into posting data to the server without knowing it. The security validation is specific to a user, site, and time period and expires after a configurable amount of time. When the user requests a page, the server returns the page with security validation inserted. When the user then submits the form, the server verifies that the security validation has not changed.”

 

The second solution solved our issues and the pages worked fine!!!

 

See you,

Amadeu.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: