Share via


FormDigest Class

Inserts a security validation within the form of an .aspx page.

Inheritance Hierarchy

System.Object
  System.Web.UI.Control
    Microsoft.SharePoint.WebControls.SPControl
      Microsoft.SharePoint.WebControls.FormDigest
        Microsoft.SharePoint.MobileControls.SPMobileFormDigest

Namespace:  Microsoft.SharePoint.WebControls
Assembly:  Microsoft.SharePoint (in Microsoft.SharePoint.dll)
Available in Sandboxed Solutions: No

Syntax

'Declaration
<AspNetHostingPermissionAttribute(SecurityAction.InheritanceDemand, Level := AspNetHostingPermissionLevel.Minimal)> _
<AspNetHostingPermissionAttribute(SecurityAction.LinkDemand, Level := AspNetHostingPermissionLevel.Minimal)> _
Public Class FormDigest _
    Inherits SPControl
'Usage
Dim instance As FormDigest
[AspNetHostingPermissionAttribute(SecurityAction.InheritanceDemand, Level = AspNetHostingPermissionLevel.Minimal)]
[AspNetHostingPermissionAttribute(SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)]
public class FormDigest : SPControl

Remarks

To make posts from a Web application that modify the contents of the database, you must include the FormDigest control in the form making the post. The FormDigest control generates a security validation, or message digest, to help prevent the type of attack whereby a user is tricked into posting data to the server without knowing it. The security validation is specific to a user, site, and time period and expires after a configurable amount of time. When the user requests a page, the server returns the page with security validation inserted. When the user then submits the form, the server verifies that the security validation has not changed.

For more information on security validation, see Security Validation and Making Posts to Update Data.

Examples

The following code example shows a form that contains the FormDigest control.

<form id="Form1" method="post" runat="server">
   <SharePoint:FormDigest runat="server"/>
   <asp:Button id="Button1" style="Z-INDEX: 101; LEFT: 282px; POSITION: absolute; 
      TOP: 282px" runat="server" Text="Button"></asp:Button>
</form>

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

See Also

Reference

FormDigest Members

Microsoft.SharePoint.WebControls Namespace