How to correct the security error on a custom SharePoint web page:
The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again.
Use SPUtility.ValidateFormDigest() and do not use AllowUnsafeUpdates.
A Less Desirable Solution (but more commonly used)
One way to get around this issue is to set the web’s (SPWeb) AllowUnsafeUpdates property to true. This is not ideal, especially when there is a more secure option.
A Better Solution
This method configures the web page to properly cache and revalidate the necessary credentials preventing the “security validation” error noted above. And, there is no need to set the AllowUnsafeUpdate spweb property to true.
Register the SharePoint web controls assembly in your aspx. Place this at the top of the .aspx file:
<%@ Register TagPrefix="SharePoint"
Assembly="Microsoft.SharePoint, Version=18.104.22.168, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
Place the FormDigest control on the .aspx page (I place it near the end of the page):
<SharePointWebControls:formdigest id="FormDigest1" runat="server" />
In your page code-behind, call the ValidateFormDigest() method during the page OnInit() event to revalidate the page security. It is important to call the ValidateFormDigest method as early as possible in the page cycle.
protected override void OnInit(EventArgs e)
That’s it. Your custom SharePoint page should now successfully pass the security validation. It is also important to remember that you will need to also add the FormDigest control and call the ValidateFormDigest method in any custom user controls that are performing updates to SharePoint data.