Friday, February 13, 2009

The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again.

I was working with SharePoint webservices when I ran into this very cryptic error message, considering especially the fact that I was accessing this through Java client code (using JiBX) and not through a browser. Even more interestingly, I had successfully invoked and accessed the Query operation from the Search service and the GetItem operation from the Copy service. This message started showing up in the XML Response to the CopyIntoItems operation call. Add to it the fact that I had no issues accessing the operation through SoapUI. Here are the request and response XMLS:

Request:
<?xml version="1.0"?>
<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/">
<Body>
<tns:CopyIntoItems xmlns:tns="http://schemas.microsoft.com/sharepoint/soap/">
<tns:SourceUrl>http://host.name.com/PATH/Template.txt</tns:SourceUrl>
<tns:DestinationUrls>
<tns:string>http://host.name.com/PATH/File.txt</tns:string>
</tns:DestinationUrls>
<tns:Fields>
<tns:FieldInformation Type="Text" DisplayName="mykeyword" Value="test value.." />
</tns:Fields>
<tns:Stream>b3VyY2UgdGV4dCBkYXRhIGZyb20gc2V2ZXJhbCBjb2RlIHBhZ2VzIGFuZCBlbmNvZGUgdGg=</tns:Stream>
</tns:CopyIntoItems>
</Body>
</Envelope>



Response:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<CopyIntoItemsResponse xmlns="http://schemas.microsoft.com/sharepoint/soap/">
<CopyIntoItemsResult>0</CopyIntoItemsResult>
<Results>
<CopyResult ErrorCode="Unknown"
ErrorMessage="The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again."
DestinationUrl="http://host.name.com/PATH/File.txt" />
</Results>
</CopyIntoItemsResponse>
</soap:Body>
</soap:Envelope>



So I was finally reduced to comparing the HTTP packets over the wire by my code and SoapUI. My inital guess was that this could be due to the way cookies were handled or something else with the NTLM authentication. But the real culprit was found to be the
SOAPAction: "http://schemas.microsoft.com/sharepoint/soap/CopyIntoItems. Since I had to use a custom webservice client, this header field was not set by the code. Setting this in the header solved the issue. There are details on the SOAPAction header here. What I do not understand is why does SharePoint take into consideration the SOAPAction header for only this operation and not the others?