Troubleshooting SharePoint Error: The security validation for this page is invalid


While doing custom development on SharePoint using Visual Studio, it is common to get “The security validation for this page is invalid”. I give 2 simple steps to troubleshoot this issue, I assume that you did not yet go into playing with the Web Application security settings (And please do not!!)…

Step 1: In the master page, ensure that the Form Digest control is there, put it at the end of your master page. This should look like …

<asp:ContentPlaceHolder id=”PlaceHolderFormDigest” runat=”server”>
        <SharePoint:FormDigest runat=”server”/>
</asp:ContentPlaceHolder>

Refer to this MSDN article: http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.webcontrols.formdigest.aspx

Step 2: Your code might be running with Elevated privilege using SPSecurity.RunWithElevatedPrivileges. If your code is performing updates to the web application, you will get this security error or “Access Denied” error. To avoid this, use the SPUtility.ValidateFormDigest() before running your elevated code. This should be something like…

SPUtility.ValidateFormDigest();
SPSecurity.RunWithElevatedPrivileges(delegate()
{….

 Refer to this MSDN article: http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.utilities.sputility.validateformdigest.aspx

What not to do:

Never, Never, play with the Farm or WebApplication security settings. I have seen many blogs that will ask you to web.AllowUnsafeUpdates=true; or ValidateFormDigest.Enabled=false; if you do this, you open security threats to your web application. People can submit incorrect data and bypass ASP .Net security. When trouble happens or you web site is attacked, it should not be your code to blame.

Happy coding:)

Comments (6)

  1. Wing Chan says:

    The second step worked brilliantly for me. I am running in elevated scope. Thank you

  2. Bishwadeb says:

    Thanks Thanks Thanks . Its really good and helpfull .

  3. TryingIt says:

    SPUtility.ValidateFormDigest(); was the key. Thank you !

  4. Farhan says:

    Thank you. It is helpful.

  5. Tommy says:

    Holy crap, I am using a custom master page and someone on my team deleted the SharePoint:FormDigest tag. THANK YOU THANK YOU

  6. Vishal Srivastava says:

    Thank you.