So when you deploy your page and try to run some code on the Post Back of the page you get the following error: “The Security validation for this page is invalid”. Microsoft has an Knowledge Base article but does not cover all the situations.
I have checked on the internet for the best solution to this problem and found many posts that recommends to manually set the following:
site.AllowUnsafeUpdates = true;
web.AllowUnsafeUpdates = true;
However I did not liked this solution so I looked a little bit harder and thanks to the Hristo Pavlov’s detailed investigation on the issue the best practice is:
If your code is processing a POST request then make sure you call SPUtility.ValidateFormDigest() before you do anything else. This will ensure that the post request is validated (that it is not a cross-site scripting attack) and after that you will not have to worry about AllowUnsafeUpdates, because its default value will be “true” after the form digest is validated.
To find out more about this read the two posts below:
- What you need to know about AllowUnsafeUpdates (Part 1)
- What you need to know about AllowUnsafeUpdates (Part 2)