SharePoint 2010: The security validation for this page is invalid
June 2, 2012 Leave a comment
Deploying a new subsite into a SharePoint 2010 site collection, using a custom master page we started seeing the following error message when trying to add users to groups and changing settings of document libraries/lists:
The security validation for this page is invalid.
Reverting the master page back to the default one, the operations worked just fine. So it seemed the master page was missing something. Searching on Google about it I found 3 interesting articles about this subject:
Basically, they explain this error is caused by a lack of validation on pages which change the content database. It can be solved in 2 ways:
-Adding the AllowUnsafeUpdates to your custom code.
SPWeb web = SPContext.Current.Web; web.AllowUnsafeUpdates = true;
-Adding the FormDigest Sharepoint control to your master page.
From the MSDN article:
“To make posts from a Web application that modify the contents of the database, you must include the FormDigest control in the form making the post. The FormDigest control generates a security validation, or message digest, to help prevent the type of attack whereby a user is tricked into posting data to the server without knowing it. The security validation is specific to a user, site, and time period and expires after a configurable amount of time. When the user requests a page, the server returns the page with security validation inserted. When the user then submits the form, the server verifies that the security validation has not changed.”
The second solution solved our issues and the pages worked fine!!!