Interview Questions administrator

Best SharePoint administrator Interview Questions and Answers with topic wise:


Recycle Bin | MMS | ManagedVsCrawledProperties |

Sunday, March 4, 2012

The security validation for this page is invalid: SharePoint

Scenario:
You have created a new ASPX page and trying to run it under SharePoint context. If the page Post back you get the following error “The security validation for this page is invalid.”
Reason: SharePoint uses Form validation digest to stop attacks.

Where the SharePoint team used/placed the “FormDigest” control? 

By default, default.master [v4.master in SharePoint 2010] has a “FormDigest” control. Need of it is to prevent pages from the cross-site scripting attacks. Refer to get more details here.

The Reason is we can’t do manipulations directly to the SharePoint data because of security validation in SharePoint.
But, some situation we should do manipulations to the SharePoint data even the data is not safe. So, how can we do manipulations and how we can avoid from above exception? Don’t worry here also, b’se SharePoint thought about it already. The solution is “AllowUnsafeUpdate”. 

As per msdn articleAllowUnsafeUpdates is set to true when you are trying to update the database as a result of the GET request”.  You can do manipulation to the SharePoint data by setting the “AllowUnsafeUpdates = true”. 
Simply add the below in master page “<SharePoint: FormDigest runat=”server” />”

Inserting this control on an ASPX page generates a security validation, or message digest, to help prevent an attack wherein a user is tricked into posting data to the server. The security validation is specific to a user, site, and time period and expires after a configurable amount of time. When the user requests a page, the server returns the page with security validation inserted. When the user then submits the form, the server verifies that the security validation has not changed. For more information about this control, see the FormDigestclass on msdn.

That’s the reason; we should set AllowUnsafeUpdates as false once done all the changes.

As per client object model: While using ECMAScript Client OM, if your code modifies SharePoint content, you need to add a “FormDigest” control inside your page.

No comments:

Post a Comment