How to fix Security Validation errors in Sharepoint asp.net page
Problem: I got "The security validation for this page is invalid" when
submitting web form
For reasons of security, Microsoft Windows SharePoint Services by default
does not allow you to make posts from a Web application to modify the
contents of the database unless you include security validation on the page
making the request. Two kinds of security validation can be used, depending
on whether the code on the page applies globally to a virtual server or
Windows SharePoint Services deployment, or to a single site or site
collection within the deployment.
Security Validation Type 1:
Updating data for a site or site collection. Two steps to be performed.
Step 1:
Add a page directive and a FormDigest control to the page making the
request. The following directive registers the
Microsoft.SharePoint.WebControls namespace:
<%@ Register Tagprefix=”SharePoint”
Namespace=”Microsoft.SharePoint.WebControls”
Assembly=”Microsoft.SharePoint, Version=11.0.0.0, Culture=neutral,
PublicKeyToken=71e9bce111e9429c” %>
Step 2:
Include a FormDigest control within the form as follows:
<form id=”Form1″ method=”post” runat=”server”>
<SharePoint:FormDigest runat=”server”/>
<asp:Button id=”Button1″ style=”Z-INDEX: 101; LEFT: 282px; POSITION:
absolute;
TOP: 282px” runat=”server” Text=”Button”></asp:Button>
</form>
Inserting this control on an ASPX page generates a security validation, or
message digest, to help prevent the type of attack wherein a user is tricked
into posting data to the server without knowing it. The security validation
is specific to a user, site, and time period and expires after a
configurable amount of time. When the user requests a page, the server
returns the page with security validation inserted. When the user then
submits the form, the server verifies that the security validation has not
changed. For more information about this control, see the FormDigest class.
Security Validation Type 2:
Updating global data
Web applications that use methods of the Microsoft.SharePoint.Administration
namespace, such as for creating or deleting sites and for global
administrative customizations, require a different security validation. Add
the following code to the .vb r .cs file in an application:
SPGlobalAdmin globalAdmin = new SPGlobalAdmin();
Context.Items[SPGlobalAdmin.RequestFromAdminPort] = true;
Page.RegisterHiddenField(”__REQUESTDIGEST”, globalAdmin.AdminFormDigest);
This security validation uses the AdminFormDigest property of the
SPGlobalAdmin class to insert a message digest on the page in the browser,
registering the digest as a hidden field through the RegisterHiddenField
method of the System.Web.UI.Page class. In addition, the
RequestFromAdminPort field specifies that the context of the request is
through the administrative port
Problem: I got "The security validation for this page is invalid" when
submitting web form
For reasons of security, Microsoft Windows SharePoint Services by default
does not allow you to make posts from a Web application to modify the
contents of the database unless you include security validation on the page
making the request. Two kinds of security validation can be used, depending
on whether the code on the page applies globally to a virtual server or
Windows SharePoint Services deployment, or to a single site or site
collection within the deployment.
Security Validation Type 1:
Updating data for a site or site collection. Two steps to be performed.
Step 1:
Add a page directive and a FormDigest control to the page making the
request. The following directive registers the
Microsoft.SharePoint.WebControls namespace:
<%@ Register Tagprefix=”SharePoint”
Namespace=”Microsoft.SharePoint.WebControls”
Assembly=”Microsoft.SharePoint, Version=11.0.0.0, Culture=neutral,
PublicKeyToken=71e9bce111e9429c” %>
Step 2:
Include a FormDigest control within the form as follows:
<form id=”Form1″ method=”post” runat=”server”>
<SharePoint:FormDigest runat=”server”/>
<asp:Button id=”Button1″ style=”Z-INDEX: 101; LEFT: 282px; POSITION:
absolute;
TOP: 282px” runat=”server” Text=”Button”></asp:Button>
</form>
Inserting this control on an ASPX page generates a security validation, or
message digest, to help prevent the type of attack wherein a user is tricked
into posting data to the server without knowing it. The security validation
is specific to a user, site, and time period and expires after a
configurable amount of time. When the user requests a page, the server
returns the page with security validation inserted. When the user then
submits the form, the server verifies that the security validation has not
changed. For more information about this control, see the FormDigest class.
Security Validation Type 2:
Updating global data
Web applications that use methods of the Microsoft.SharePoint.Administration
namespace, such as for creating or deleting sites and for global
administrative customizations, require a different security validation. Add
the following code to the .vb r .cs file in an application:
SPGlobalAdmin globalAdmin = new SPGlobalAdmin();
Context.Items[SPGlobalAdmin.RequestFromAdminPort] = true;
Page.RegisterHiddenField(”__REQUESTDIGEST”, globalAdmin.AdminFormDigest);
This security validation uses the AdminFormDigest property of the
SPGlobalAdmin class to insert a message digest on the page in the browser,
registering the digest as a hidden field through the RegisterHiddenField
method of the System.Web.UI.Page class. In addition, the
RequestFromAdminPort field specifies that the context of the request is
through the administrative port
No comments:
Post a Comment