How to correct: The security validation for this page is invalid (FormDigest)

How to correct the security error on a custom SharePoint web page:
The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again.

Short Answer:

Use SPUtility.ValidateFormDigest() and do not use AllowUnsafeUpdates.

A Less Desirable Solution (but more commonly used)

One way to get around this issue is to set the web’s (SPWeb) AllowUnsafeUpdates property to true. This is not ideal, especially when there is a more secure option.

A Better Solution

This method configures the web page to properly cache and revalidate the necessary credentials preventing the “security validation” error noted above. And, there is no need to set the AllowUnsafeUpdate spweb property to true.
Coding Steps:
Register the SharePoint web controls assembly in your aspx. Place this at the top of the .aspx file:
<%@ Register TagPrefix="SharePoint"
Namespace="Microsoft.SharePoint.WebControls"
Assembly="Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
Place the FormDigest control on the .aspx page (I place it near the end of the page):
<SharePointWebControls:formdigest id="FormDigest1" runat="server" />
In your page code-behind, call the ValidateFormDigest() method during the page OnInit() event to revalidate the page security. It is important to call the ValidateFormDigest method as early as possible in the page cycle.
using Microsoft.SharePoint.Utilities
protected override void OnInit(EventArgs&nbsp;e)
{
	if (Page.IsPostBack)
	{
		SPUtility.ValidateFormDigest();
		base.OnInit(e);
	}
}
That’s it. Your custom SharePoint page should now successfully pass the security validation. It is also important to remember that you will need to also add the FormDigest control and call the ValidateFormDigest method in any custom user controls that are performing updates to SharePoint data.

References:

Advertisements

3 thoughts on “How to correct: The security validation for this page is invalid (FormDigest)

  1. many thanks
    God bless you!
    this helped me a lot

    my error was due to an Add call the SPFolder instance

    doing this solved the issue which bothered me for days

  2. hi , i got this error :

    Updates are currently disallowed on GET requests. To allow updates on a GET, set the ‘AllowUnsafeUpdates’ property on SPWeb.

    a note: i’m using an Application page in Central Admin

    thanks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s