Home > Work > Security Validation Issue – Form Services issue with SP1+June 2011 CU (Release 2) #in #SP2010 #SharePoint #MSProject #ProjectServer

Security Validation Issue – Form Services issue with SP1+June 2011 CU (Release 2) #in #SP2010 #SharePoint #MSProject #ProjectServer

We are testing Service Pack 1 heavily in my project that I have talked about on this blog many times.

One of the features of our implementation is a number of developed InfoPath forms.  We found one issue previously that required a hotfix and it looks like SP1 and June 2011 CU (Release 2) has introduced another.

My colleague Paul Busby has mentioned it here:

http://social.msdn.microsoft.com/Forums/en-US/sharepoint2010customization/thread/6d5ffcb6-7563-4234-9282-e767b56b97b2

and another user has also confirmed the issue.

I shall be sending the details below to Microsoft through our partner support and hopefully we can get a resolution.

 

Scenario:

  • Form Services
  • Administrator Approved Form
  • Server Version: 14.0.6106.5002 (Office 2010 SP1 + June 2011 CU – Release 2)
  • Client Version: 14.0.6023.1000 (Office 2010 SP1)
  • NB: June 2011 Cumulative Update does not include updates for InfoPath 2010
  • Microsoft June 2011 Cumulative Update for Office 2010 Client Applications – KB2259686: http://support.microsoft.com/kb/2259686/en-us

The form has two views:

  • View one has a people picker
  • View two is blank

The form is uploaded via Central Administration and activated to a site collection

A form library is created and the associated content type is attached

Upon creating a new form, the form loads

Screenshot 1

When the user switches views in the form, a Security Validation Error occurs:

Screenshot 2

Further Details:

  • We have discovered that it appears to happen when switching to or from a view that contains a people picker field.
  • Turning off security validation, allows the form to continue to work, but this is not something we want to go live with
  • This issue has been found on a client DEV and TEST environment as well as a newly installed RTM machine upgraded to SP1 + June 2011 CU Release 2

SharePoint 2010 Log Details (specific details in red):

07/20/2011 13:54:03.85           w3wp.exe (0x10CC)                           0x11BC           SharePoint Foundation                     Monitoring                               nasq     Medium            Entering monitored scope (Request (POST:http://vm482:80/_layouts/FormServer.aspx?XsnLocation=http://vm482/FormServerTemplates/SP1SecurityValidationTest_Published.xsn

&SaveLocation=http%3A%2F%2Fvm482%2FSP1SecurityValidationTest&ClientInstalled=true&Source=http%3A%2F%2Fvm482%2FSP1SecurityValidationTest%2FForms%2FAllItems%2Easpx&DefaultItemOpen=1))    

07/20/2011 13:54:03.85           w3wp.exe (0x10CC)                           0x11BC           SharePoint Foundation                     Logging Correlation Data          xmnv   Medium            Name=Request (POST:http://vm482:80/_layouts/FormServer.aspx?XsnLocation=http://vm482/FormServerTemplates/SP1SecurityValidationTest_Published.xsn

&SaveLocation=http%3A%2F%2Fvm482%2FSP1SecurityValidationTest&ClientInstalled=true&Source=http%3A%2F%2Fvm482%2FSP1SecurityValidationTest%2FForms%2FAllItems%2Easpx&DefaultItemOpen=1)      5c0ca3e0-a782-4691-9a79-b2e163e3f0e9

07/20/2011 13:54:03.85           w3wp.exe (0x10CC)                           0x11BC           SharePoint Foundation                     Logging Correlation Data          xmnv   Medium            Site=/   5c0ca3e0-a782-4691-9a79-b2e163e3f0e9

07/20/2011 13:54:03.91           w3wp.exe (0x10CC)                           0x11BC           SharePoint Foundation                     Web Controls                          cm8z    Medium            Failed to get SPGroupName from GroupID. Error Message: Group cannot be found.  Callstack:    at Microsoft.SharePoint.SPGroupCollection.GetByID(Int32 id)     at Microsoft.SharePoint.WebControls.PeopleEditor.set_SharePointGroupID(Int32 value).           5c0ca3e0-a782-4691-9a79-b2e163e3f0e9

07/20/2011 13:54:03.91           w3wp.exe (0x10CC)                           0x11BC           SharePoint Foundation                     General                        8kh7    High    The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again.           5c0ca3e0-a782-4691-9a79-b2e163e3f0e9

07/20/2011 13:54:03.91           w3wp.exe (0x10CC)                           0x11BC           SharePoint Foundation                     Runtime                                   tkau      Unexpected     System.Runtime.InteropServices.COMException: The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again.    at Microsoft.SharePoint.Library.SPRequestInternalClass.ValidateFormDigest(String bstrUrl, String bstrListName)     at Microsoft.SharePoint.Library.SPRequest.ValidateFormDigest(String bstrUrl, String bstrListName)          5c0ca3e0-a782-4691-9a79-b2e163e3f0e9

07/20/2011 13:54:03.91           w3wp.exe (0x10CC)                           0x11BC           SharePoint Foundation                     Monitoring                               b4ly      Medium            Leaving Monitored Scope (Request (POST:http://vm482:80/_layouts/FormServer.aspx?XsnLocation=http://vm482/FormServerTemplates/SP1SecurityValidationTest_Published.xsn

&SaveLocation=http%3A%2F%2Fvm482%2FSP1SecurityValidationTest&ClientInstalled=true&Source=http%3A%2F%2Fvm482%2FSP1SecurityValidationTest%2FForms%2FAllItems%2Easpx&DefaultItemOpen=1)). Execution Time=66.2620528586734            5c0ca3e0-a782-4691-9a79-b2e163e3f0e9

Advertisements
  1. July 21, 2011 at 05:57

    I’m also seeing this on a postback for an attachments field on an infopath form after upgrade to SP1 + June CU. Problem is, disable security validation and you’ve broken the silverlight page used to create sites/lists/etc.

    • July 21, 2011 at 06:05

      We have also seen this with the attachment postback. As well as the silverlight features breaking with security validation off.

  2. July 26, 2011 at 16:45

    We are also having this issue.
    Anyone got a solution or acceptable workaround for this.

    • July 26, 2011 at 17:17

      Due to political pressure for timesheet dataentry in Friefox (a feature of SP1 in Project Server) we have gone into production with security validation turned off.

      After testing it would appear that any expected issues with silverlight seem to be ok. So it is only the hacking risk for us. We are using an internal system that is not accessible from the outside world. We have also only released the solution to a key set of users.

      We are still pursuing a fix with Microsoft. I will let you know how we get on.

  3. August 1, 2011 at 04:49
  4. Dayna
    August 4, 2011 at 16:04

    I’ve just noticed the same issue during a demo… Our InfoPath form has a people picker so it came with this random error!

    I haven’t applied http://support.microsoft.com/kb/2259686/en-us as I don’t have any office applications installed on the box – would this fix the issue?

    • August 6, 2011 at 12:46

      Hi Dayna,

      The patch you specify if the June 2010 Cumulative Update. The issue we are discussing with this blog post is introduced with the June 2011 Cumulative Update for SharePoint Server 2010. As a result, it will not be fixed by this. We have had confirmation that this is indeed a bug and hopefully will be fixed. I will keep this post updated as and when I find out more details. Please be patient as these issues can take a while to be resolved, tested and released to the public.

  1. July 20, 2011 at 15:27
  2. September 9, 2011 at 17:48
  3. December 15, 2011 at 20:58

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: