Security Validation Issue – Form Services issue with SP1+June 2011 CU (Release 2) #in #SP2010 #SharePoint #MSProject #ProjectServer
We are testing Service Pack 1 heavily in my project that I have talked about on this blog many times.
One of the features of our implementation is a number of developed InfoPath forms. We found one issue previously that required a hotfix and it looks like SP1 and June 2011 CU (Release 2) has introduced another.
My colleague Paul Busby has mentioned it here:
and another user has also confirmed the issue.
I shall be sending the details below to Microsoft through our partner support and hopefully we can get a resolution.
Scenario:
- Form Services
- Administrator Approved Form
- Server Version: 14.0.6106.5002 (Office 2010 SP1 + June 2011 CU – Release 2)
- Client Version: 14.0.6023.1000 (Office 2010 SP1)
- NB: June 2011 Cumulative Update does not include updates for InfoPath 2010
- Microsoft June 2011 Cumulative Update for Office 2010 Client Applications – KB2259686: http://support.microsoft.com/kb/2259686/en-us
The form has two views:
- View one has a people picker
- View two is blank
The form is uploaded via Central Administration and activated to a site collection
A form library is created and the associated content type is attached
Upon creating a new form, the form loads
When the user switches views in the form, a Security Validation Error occurs:
Further Details:
- We have discovered that it appears to happen when switching to or from a view that contains a people picker field.
- Turning off security validation, allows the form to continue to work, but this is not something we want to go live with
- This issue has been found on a client DEV and TEST environment as well as a newly installed RTM machine upgraded to SP1 + June 2011 CU Release 2
SharePoint 2010 Log Details (specific details in red):
07/20/2011 13:54:03.85 w3wp.exe (0x10CC) 0x11BC SharePoint Foundation Monitoring nasq Medium Entering monitored scope (Request (POST:http://vm482:80/_layouts/FormServer.aspx?XsnLocation=http://vm482/FormServerTemplates/SP1SecurityValidationTest_Published.xsn
&SaveLocation=http%3A%2F%2Fvm482%2FSP1SecurityValidationTest&ClientInstalled=true&Source=http%3A%2F%2Fvm482%2FSP1SecurityValidationTest%2FForms%2FAllItems%2Easpx&DefaultItemOpen=1))
07/20/2011 13:54:03.85 w3wp.exe (0x10CC) 0x11BC SharePoint Foundation Logging Correlation Data xmnv Medium Name=Request (POST:http://vm482:80/_layouts/FormServer.aspx?XsnLocation=http://vm482/FormServerTemplates/SP1SecurityValidationTest_Published.xsn
&SaveLocation=http%3A%2F%2Fvm482%2FSP1SecurityValidationTest&ClientInstalled=true&Source=http%3A%2F%2Fvm482%2FSP1SecurityValidationTest%2FForms%2FAllItems%2Easpx&DefaultItemOpen=1) 5c0ca3e0-a782-4691-9a79-b2e163e3f0e9
07/20/2011 13:54:03.85 w3wp.exe (0x10CC) 0x11BC SharePoint Foundation Logging Correlation Data xmnv Medium Site=/ 5c0ca3e0-a782-4691-9a79-b2e163e3f0e9
07/20/2011 13:54:03.91 w3wp.exe (0x10CC) 0x11BC SharePoint Foundation Web Controls cm8z Medium Failed to get SPGroupName from GroupID. Error Message: Group cannot be found. Callstack: at Microsoft.SharePoint.SPGroupCollection.GetByID(Int32 id) at Microsoft.SharePoint.WebControls.PeopleEditor.set_SharePointGroupID(Int32 value). 5c0ca3e0-a782-4691-9a79-b2e163e3f0e9
07/20/2011 13:54:03.91 w3wp.exe (0x10CC) 0x11BC SharePoint Foundation General 8kh7 High The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again. 5c0ca3e0-a782-4691-9a79-b2e163e3f0e9
07/20/2011 13:54:03.91 w3wp.exe (0x10CC) 0x11BC SharePoint Foundation Runtime tkau Unexpected System.Runtime.InteropServices.COMException: The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again. at Microsoft.SharePoint.Library.SPRequestInternalClass.ValidateFormDigest(String bstrUrl, String bstrListName) at Microsoft.SharePoint.Library.SPRequest.ValidateFormDigest(String bstrUrl, String bstrListName) 5c0ca3e0-a782-4691-9a79-b2e163e3f0e9
07/20/2011 13:54:03.91 w3wp.exe (0x10CC) 0x11BC SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Request (POST:http://vm482:80/_layouts/FormServer.aspx?XsnLocation=http://vm482/FormServerTemplates/SP1SecurityValidationTest_Published.xsn
&SaveLocation=http%3A%2F%2Fvm482%2FSP1SecurityValidationTest&ClientInstalled=true&Source=http%3A%2F%2Fvm482%2FSP1SecurityValidationTest%2FForms%2FAllItems%2Easpx&DefaultItemOpen=1)). Execution Time=66.2620528586734 5c0ca3e0-a782-4691-9a79-b2e163e3f0e9
SharePoint (and Project Server) Shenanigans 
I’m also seeing this on a postback for an attachments field on an infopath form after upgrade to SP1 + June CU. Problem is, disable security validation and you’ve broken the silverlight page used to create sites/lists/etc.
We have also seen this with the attachment postback. As well as the silverlight features breaking with security validation off.
We are also having this issue.
Anyone got a solution or acceptable workaround for this.
Due to political pressure for timesheet dataentry in Friefox (a feature of SP1 in Project Server) we have gone into production with security validation turned off.
After testing it would appear that any expected issues with silverlight seem to be ok. So it is only the hacking risk for us. We are using an internal system that is not accessible from the outside world. We have also only released the solution to a key set of users.
We are still pursuing a fix with Microsoft. I will let you know how we get on.
Cause is due to a new OnLoad event, see http://sharepoint.nauplius.net/2011/07/security-validation-issue-in-forms.html.
I’ve just noticed the same issue during a demo… Our InfoPath form has a people picker so it came with this random error!
I haven’t applied http://support.microsoft.com/kb/2259686/en-us as I don’t have any office applications installed on the box – would this fix the issue?
Hi Dayna,
The patch you specify if the June 2010 Cumulative Update. The issue we are discussing with this blog post is introduced with the June 2011 Cumulative Update for SharePoint Server 2010. As a result, it will not be fixed by this. We have had confirmation that this is indeed a bug and hopefully will be fixed. I will keep this post updated as and when I find out more details. Please be patient as these issues can take a while to be resolved, tested and released to the public.