Security Validation and Making Posts to Update Data
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
For reasons of security, Windows SharePoint Services by default does not allow you to make posts from a Web application to modify the contents of the database unless you include security validation on the page making the request.
You can update data for a single site or site collection by adding a page directive and a FormDigest control to the page that makes the request. The following directive registers the Microsoft.SharePoint.WebControls namespace:
<%@ Register Tagprefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=184.108.40.206, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
You can obtain the PublicKeyToken value for the current Windows SharePoint Services deployment from the default.aspx file in the Local_Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\SiteTemplates\sts folder, or from information provided for the Microsoft.SharePoint assembly at Local_Drive:\WINDOWS|WINNT\assembly in Windows Explorer.
Include a FormDigest control within the form as follows:
<form id="Form1" method="post" runat="server"> <SharePoint:FormDigest ID="MyFormDigest" runat="server"/> <asp:Button id="Button1" style="Z-INDEX: 101; LEFT: 282px; POSITION: absolute; TOP: 282px" runat="server" Text="Button"></asp:Button> </form>
Inserting this control on an ASPX page generates a security validation, or message digest, to help prevent an attack wherein a user is tricked into posting data to the server. The security validation is specific to a user, site, and time period and expires after a configurable amount of time. When the user requests a page, the server returns the page with security validation inserted. When the user then submits the form, the server verifies that the security validation has not changed. For more information about this control, see the FormDigest class.