Wednesday, January 19, 2011

Security Validation for this page is invalid......

I was working with SharePoint 2010 Modal dialogs for first time and was showing my custom application page in modal dialog
My application page was using custom master page and there were some buttons on my custom application page which were causing post back and doing some changes in user profile (basically accessing SharePoint site)
After everything was set up and I was ready to test.. and guess what .. After clicking on those buttons I was getting error like .. Security Validation of this page are invalid.. after some google I quickly got some results about this error and some post were quite useful
Firstly I got some posts which were describing about this error like, we should add web.allowunsafeupdates = true; in the code but this was not the case in my situation
After some more results I found that we should have to have <SharePoint:FormDigestControl> included on our page layout / master page and error was solved
You need to register assembly like this
<%@ Register
   Tagprefix="SharePoint"
   Namespace="Microsoft.SharePoint.WebControls"
   Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
And then add control
There is already placeholder for this control in SharePoint master page by default, but If you are using your own master page then you should make sure that you add this control
<SharePoint:FormDigest ID="MyFormDigest" runat="server"/>
What this control is all about?
Well.. msdn says that,
The FormDigest control generates a security validation, or message digest, to help prevent the type of attack whereby a user is tricked into posting data to the server without knowing it. The security validation is specific to a user, site, and time period and expires after a configurable amount of time. When the user requests a page, the server returns the page with security validation inserted. When the user then submits the form, the server verifies that the security validation has not changed.
For more Information: Here

No comments:

Post a Comment