MOSS Forum

Ask Question   UnAnswered
Home » Forum » MOSS       RSS Feeds

Security validation error in ASPX page code behind

  Asked By: Tyrel    Date: Feb 07    Category: MOSS    Views: 1638

I'm working on developing a custom action which sets a custom site property and
the site theme (the combination is being used as kind of a visual security
marker for sites). I have developed the aspx page and code-behind. When I
initially created the code to change the site property it worked fine. I added
the call to set the theme, but I get the following error when it runs: {"The
security validation for this page is invalid. Click Back in your Web browser,
refresh the page, and try your operation again."}.

I've tried allowing unsafe updates and elevated privileges but can't get rid of
the error. Any ideas as to what is causing the problem? How can I get around
this? Below is a copy of the code-behind where the error occurs.

ThmxTheme.SetThemeUrlForWeb(this.Web, "/_catalogs/theme/esBlue1.thmx");



6 Answers Found

Answer #1    Answered By: Patrick Davis     Answered On: Feb 07

Are you creating a new SPWeb object after you allow unsafe updates and
elevate your privileges? I've had problems in the past where the old
security context seemed to be hanging around even after allowing unsafe
updates until I created a new SPWeb object after allowing unsafe
updates/elevating privileges.

Answer #2    Answered By: Alexander Rocha     Answered On: Feb 07

The ability to alter themes must be done by Design or higher privilege. What
security context is your testing account using?

Answer #3    Answered By: Maggie Benson     Answered On: Feb 07

The account is a site collection administrator and member of the Owners group
(Full Control permission level).

Answer #4    Answered By: Lane Trujillo     Answered On: Feb 07

Thanks for the tip. I completely missed that. Unfortunately it still
doesn't work.

I don't understand as I'm doing almost the same thing on a different project but
I'm using a feature to change the theme not an application page. I'm not the
only person trying this, but it seems like the recommendation in this forum
ad/f8837506-63d2-4fc9-b83c-e6a609865646) of turning off security validation for
the web app in central admin is a bad idea.

Answer #5    Answered By: Rafael Willis     Answered On: Feb 07

Try this setting

SPWebApplication webApp;
webApp.FormDigestSettings.Enabled = false;
........... (perform ur logic)
webApp.FormDigestSettings.Enabled = true;

Hope this helps.

Answer #6    Answered By: Richard Davis     Answered On: Feb 07

I've got the solution thanks to a friend and the support she received from her
Critical Path Training course (thanks to Andrew Connell for providing the
resources with the answer). The issue was related to FormDigest, which I did
have in the master page, however SharePoint wasn't calling ValidateFormDigest()
like it usually does automatically. I added SPUtility.ValidateFormDigest()
method at the beginning of my code-behind for the Post request and this cleared
up the error. See the following reference articles.


My thanks to everyone for their suggestions!

Didn't find what you were looking for? Find more on Security validation error in ASPX page code behind Or get search suggestion and latest updates.