Tuesday, June 4, 2013

The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again.

The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again.

The above error will be thrown at the time of updating Library or Lists items due to authentication problem, or We didn’t have the rights to update the items.
By using the following code, We can overcome this issue,

Web.AllowUnsafeUpdates = true;
item["Title"]=”ConfigList”;
item.Update();


or we can also use the following code to overcome the above error, this will affect the WebApplication. This will change the Security settings of a Web Application to allow the anonymous user to update item.

web.Site.WebApplication.FormDigestSettings.Enabled = false;
item["Title"]=”
ConfigList”;
item.Update();
web.Site.WebApplication.FormDigestSettings.Enabled = true;


or we can change the settings in Central Administration to anonymously update the items. But this method will be dangerous.

  • Central Administration > Application Management > Web Application General Settings
  • Choose the WebApplication to overwrite the settings
  • Select the option Off in Web Page Security Validation as follows,
securitysettings1

Other possible ways you can try:

1. Set AllowUnsafeUpdates property of SPWeb / SPSite to true
2. Set web.Site.WebApplication.FormDigestSettings.Enabled to false
3. writing code inside SPSecurity.RunWithElevatedPrivileges()
4. using WindowsImpersonationContext wic = WindowsIdentity.GetCurrent().Impersonate()
5. Changing authentication provider in Central Administration
Central Administration > Application Management > Authentication Providers
 Select “Zone”
 Check “Enable Anonymous Access”
6. Turn off Web Page Security Validation in Central Administration
Central Administration > Application Management > Web Application General Settings
 Select the option Off in Web Page Security Validation

But turn off the security validation from Central Administration is not the safe way to do it.

Monday, June 3, 2013

The security validation for this page is invalid" error when updating objects through SharePoint object model

This error is often encountered when SharePoint OM is used to update site/web/list objects from within a web context.  Some thing so basic as the code below could fail:

using (SPSite site = new SPSite("http://hydpc1129"))
{
    using (SPWeb web = site.OpenWeb())
    {
        SPList list = web.Lists["ConfigList"];
        list.Title = "Admin";
        list.Update();
        web.Update();
    }
}

Setting the "AllowUnsafeUpdates" properties of both the SPSite and SPWeb objects to "true", mostly will resolve this issue out if you are using a code similar to above within a webpart or an ASP.NET web application.  When you are running from the context of a separate web application make sure the application pool identity running your ASP.NET web application is the same as the one that's running SharePoint's site.  Below is a code that fixes the "security validation for this page is invalid" error.

using (SPSite site = new SPSite("http://hydpc1129"))
{
    site.AllowUnsafeUpdates = true;
    using (SPWeb web = site.OpenWeb())
    {
        web.AllowUnsafeUpdates = true;
        SPList list = web.Lists["ConfigList"];
        list.Title = "Admin";
        list.Update();
        web.Update();
    }
}

Adding Authenticated Users to Sharepoint Group


SPWeb grpWeb = properties.Parent as SPWeb;
string strPermissionLevel = "Read";
grpWeb .SiteGroups.Add("PMOGroup", owner, owner, "PMOUsers");
SPRoleAssignment roleAssignment = new SPRoleAssignment(grpWeb .SiteGroups["PMOGroup"]);
roleAssignment.RoleDefinitionBindings.Add(grpWeb .RoleDefinitions[strPermissionLevel]);
grpWeb .RoleAssignments.Add(roleAssignment);
grpWeb .Update();

// "c:0(.s|true" = All authenticated users

grpWeb .SiteGroups["PMOGroup"].AddUser("c:0(.s|true", string.Empty, string.Empty, string.Empty)