473,735 Members | 2,121 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

ASP.NET Web Forms Validation Controls are Server-Side or Client-Side Validation?

I want to know if ASP.NET Web Forms Validation Controls are Server-Side or
Client-Side form validation? Since I think each validator control can select
either 1) JavaScript based error dialog or 2) show the error message next to
the control. For example, if the text field is empty with RequiredField
Validator control, it can show the value in ControlToValida te property in
two ways as I mentioned.

Please advise. Thanks!
Nov 18 '05 #1
14 6308
All the validation controls perform their respective validations BOTH client
and server side. The validation is first done client side to prevent a
wastefull trip to the server when the data is know to violate the validation
rules. Assuming the data is good (or seems to be), the validation is again
performed on the server to catch any spoofing attempts by the client.

Validation controls have an "EnableClientSc ript" property (which defaults to
true) to indicate if the client side validation should, in fact, take place
(this is presumably for situations when the client might have scripting
turned off). Even if this setting is false, the server side validation will
still occur.

Now to your specific question, in VS.NET 2002, there is only 1 way that a
validator will show its error message and that is to show the error message
on the page where the validation control is placed. There is no setting for
the message to come up in a JavaScript "alert()" dialog. The exception to
this is the ValidationSumma ry control which does have a "ShowMessageBox "
property where the summary results from all validations that have failed
will show in a JavaScript "alert()" dialog.
"Matt" <ma*******@hotm ail.com> wrote in message
news:OZ******** ******@TK2MSFTN GP11.phx.gbl...
I want to know if ASP.NET Web Forms Validation Controls are Server-Side or
Client-Side form validation? Since I think each validator control can select either 1) JavaScript based error dialog or 2) show the error message next to the control. For example, if the text field is empty with RequiredField
Validator control, it can show the value in ControlToValida te property in
two ways as I mentioned.

Please advise. Thanks!

Nov 18 '05 #2
Thanks Scott.

For the server side validation you mentioned: "the validation is again
performed on the server to catch any spoofing attempts by the client." What
does it mean "spoofing attempts by the client?" Can you give some concrete
examples?

thanks!

"Scott M." <s-***@BADSPAMsnet .net> wrote in message
news:#q******** *****@TK2MSFTNG P12.phx.gbl...
All the validation controls perform their respective validations BOTH client and server side. The validation is first done client side to prevent a
wastefull trip to the server when the data is know to violate the validation rules. Assuming the data is good (or seems to be), the validation is again performed on the server to catch any spoofing attempts by the client.

Validation controls have an "EnableClientSc ript" property (which defaults to true) to indicate if the client side validation should, in fact, take place (this is presumably for situations when the client might have scripting
turned off). Even if this setting is false, the server side validation will still occur.

Now to your specific question, in VS.NET 2002, there is only 1 way that a
validator will show its error message and that is to show the error message on the page where the validation control is placed. There is no setting for the message to come up in a JavaScript "alert()" dialog. The exception to
this is the ValidationSumma ry control which does have a "ShowMessageBox "
property where the summary results from all validations that have failed
will show in a JavaScript "alert()" dialog.
"Matt" <ma*******@hotm ail.com> wrote in message
news:OZ******** ******@TK2MSFTN GP11.phx.gbl...
I want to know if ASP.NET Web Forms Validation Controls are Server-Side or Client-Side form validation? Since I think each validator control can select
either 1) JavaScript based error dialog or 2) show the error message next to
the control. For example, if the text field is empty with RequiredField
Validator control, it can show the value in ControlToValida te property

in two ways as I mentioned.

Please advise. Thanks!


Nov 18 '05 #3
"Spoofing" is one of the oldest problems on the web...

Let's say I run a business and have a form on my web site abc.com that
requires that you fill in certain information and enforces this by including
some client side code to check that you have filled that data in before the
form will submit data back to me (abc.com).

Now, let's say you view my source code once the page has been delivered to
your browser (client) and save that source code to a local file on your hard
drive. You have now, made a copy of my web page and saved it on your own
machine. You go into my code and remove all my JavaScript that was
enforcing the required data and save your copy of my page without all that
stuff.

Now, you bring up YOUR MODIFIED VERSION of my web page and fill in the form
(or don't fill in the form) and hit submit...Since the form will still send
the data back to me (abc.com), I will now recieve whatever you sent (or
didn't send). The form no longer checks you. This is spoofing.

Because .NET validation controls will do their check on the server as well
as the client, in the example I just described (spoofing), your mal-formed
data submission will be caught not by the client (you removed that remember)
by the server. So, in .NET, spoofing is not a problem.

Hope this helps!

Scott M.

"Matt" <ma*******@hotm ail.com> wrote in message
news:e3******** ******@TK2MSFTN GP12.phx.gbl...
Thanks Scott.

For the server side validation you mentioned: "the validation is again
performed on the server to catch any spoofing attempts by the client." What does it mean "spoofing attempts by the client?" Can you give some concrete
examples?

thanks!

"Scott M." <s-***@BADSPAMsnet .net> wrote in message
news:#q******** *****@TK2MSFTNG P12.phx.gbl...
All the validation controls perform their respective validations BOTH client
and server side. The validation is first done client side to prevent a
wastefull trip to the server when the data is know to violate the

validation
rules. Assuming the data is good (or seems to be), the validation is

again
performed on the server to catch any spoofing attempts by the client.

Validation controls have an "EnableClientSc ript" property (which defaults to
true) to indicate if the client side validation should, in fact, take place
(this is presumably for situations when the client might have scripting
turned off). Even if this setting is false, the server side validation

will
still occur.

Now to your specific question, in VS.NET 2002, there is only 1 way that a validator will show its error message and that is to show the error

message
on the page where the validation control is placed. There is no setting

for
the message to come up in a JavaScript "alert()" dialog. The exception to this is the ValidationSumma ry control which does have a "ShowMessageBox "
property where the summary results from all validations that have failed
will show in a JavaScript "alert()" dialog.
"Matt" <ma*******@hotm ail.com> wrote in message
news:OZ******** ******@TK2MSFTN GP11.phx.gbl...
I want to know if ASP.NET Web Forms Validation Controls are Server-Side or Client-Side form validation? Since I think each validator control can

select
either 1) JavaScript based error dialog or 2) show the error message next
to
the control. For example, if the text field is empty with

RequiredField Validator control, it can show the value in ControlToValida te property

in two ways as I mentioned.

Please advise. Thanks!



Nov 18 '05 #4
Thanks Scott.

As you mentioned, ASP.NET has server-side validation to prevent "Spoofing".
But how ASP to handle that situation?

Thanks!
"Scott M." <s-***@BADSPAMsnet .net> wrote in message
news:eC******** ******@TK2MSFTN GP09.phx.gbl...
"Spoofing" is one of the oldest problems on the web...

Let's say I run a business and have a form on my web site abc.com that
requires that you fill in certain information and enforces this by including some client side code to check that you have filled that data in before the form will submit data back to me (abc.com).

Now, let's say you view my source code once the page has been delivered to
your browser (client) and save that source code to a local file on your hard drive. You have now, made a copy of my web page and saved it on your own
machine. You go into my code and remove all my JavaScript that was
enforcing the required data and save your copy of my page without all that
stuff.

Now, you bring up YOUR MODIFIED VERSION of my web page and fill in the form (or don't fill in the form) and hit submit...Since the form will still send the data back to me (abc.com), I will now recieve whatever you sent (or
didn't send). The form no longer checks you. This is spoofing.

Because .NET validation controls will do their check on the server as well
as the client, in the example I just described (spoofing), your mal-formed
data submission will be caught not by the client (you removed that remember) by the server. So, in .NET, spoofing is not a problem.

Hope this helps!

Scott M.

"Matt" <ma*******@hotm ail.com> wrote in message
news:e3******** ******@TK2MSFTN GP12.phx.gbl...
Thanks Scott.

For the server side validation you mentioned: "the validation is again
performed on the server to catch any spoofing attempts by the client." What
does it mean "spoofing attempts by the client?" Can you give some concrete
examples?

thanks!

"Scott M." <s-***@BADSPAMsnet .net> wrote in message
news:#q******** *****@TK2MSFTNG P12.phx.gbl...
All the validation controls perform their respective validations BOTH

client
and server side. The validation is first done client side to prevent a wastefull trip to the server when the data is know to violate the

validation
rules. Assuming the data is good (or seems to be), the validation is

again
performed on the server to catch any spoofing attempts by the client.

Validation controls have an "EnableClientSc ript" property (which defaults
to
true) to indicate if the client side validation should, in fact, take

place
(this is presumably for situations when the client might have scripting turned off). Even if this setting is false, the server side validation will
still occur.

Now to your specific question, in VS.NET 2002, there is only 1 way
that a validator will show its error message and that is to show the error message
on the page where the validation control is placed. There is no
setting for
the message to come up in a JavaScript "alert()" dialog. The
exception to this is the ValidationSumma ry control which does have a
"ShowMessageBox " property where the summary results from all validations that have failed will show in a JavaScript "alert()" dialog.
"Matt" <ma*******@hotm ail.com> wrote in message
news:OZ******** ******@TK2MSFTN GP11.phx.gbl...
> I want to know if ASP.NET Web Forms Validation Controls are

Server-Side
or
> Client-Side form validation? Since I think each validator control can select
> either 1) JavaScript based error dialog or 2) show the error message

next
to
> the control. For example, if the text field is empty with

RequiredField > Validator control, it can show the value in ControlToValida te

property in
> two ways as I mentioned.
>
> Please advise. Thanks!
>
>



Nov 18 '05 #5
It doesn't! Developers has to write thier own server side code to double
check the data coming in from a form.
"Matt" <ma*******@hotm ail.com> wrote in message
news:Ov******** *****@TK2MSFTNG P12.phx.gbl...
Thanks Scott.

As you mentioned, ASP.NET has server-side validation to prevent "Spoofing". But how ASP to handle that situation?

Thanks!
"Scott M." <s-***@BADSPAMsnet .net> wrote in message
news:eC******** ******@TK2MSFTN GP09.phx.gbl...
"Spoofing" is one of the oldest problems on the web...

Let's say I run a business and have a form on my web site abc.com that
requires that you fill in certain information and enforces this by including
some client side code to check that you have filled that data in before

the
form will submit data back to me (abc.com).

Now, let's say you view my source code once the page has been delivered to
your browser (client) and save that source code to a local file on your

hard
drive. You have now, made a copy of my web page and saved it on your own machine. You go into my code and remove all my JavaScript that was
enforcing the required data and save your copy of my page without all that stuff.

Now, you bring up YOUR MODIFIED VERSION of my web page and fill in the

form
(or don't fill in the form) and hit submit...Since the form will still

send
the data back to me (abc.com), I will now recieve whatever you sent (or
didn't send). The form no longer checks you. This is spoofing.

Because .NET validation controls will do their check on the server as well as the client, in the example I just described (spoofing), your mal-formed data submission will be caught not by the client (you removed that

remember)
by the server. So, in .NET, spoofing is not a problem.

Hope this helps!

Scott M.

"Matt" <ma*******@hotm ail.com> wrote in message
news:e3******** ******@TK2MSFTN GP12.phx.gbl...
Thanks Scott.

For the server side validation you mentioned: "the validation is again
performed on the server to catch any spoofing attempts by the client."

What
does it mean "spoofing attempts by the client?" Can you give some

concrete examples?

thanks!

"Scott M." <s-***@BADSPAMsnet .net> wrote in message
news:#q******** *****@TK2MSFTNG P12.phx.gbl...
> All the validation controls perform their respective validations BOTH client
> and server side. The validation is first done client side to prevent a
> wastefull trip to the server when the data is know to violate the
validation
> rules. Assuming the data is good (or seems to be), the validation
is again
> performed on the server to catch any spoofing attempts by the client. >
> Validation controls have an "EnableClientSc ript" property (which

defaults
to
> true) to indicate if the client side validation should, in fact, take place
> (this is presumably for situations when the client might have

scripting > turned off). Even if this setting is false, the server side validation will
> still occur.
>
> Now to your specific question, in VS.NET 2002, there is only 1 way that
a
> validator will show its error message and that is to show the error
message
> on the page where the validation control is placed. There is no

setting for
> the message to come up in a JavaScript "alert()" dialog. The exception
to
> this is the ValidationSumma ry control which does have a

"ShowMessageBox " > property where the summary results from all validations that have failed > will show in a JavaScript "alert()" dialog.
>
>
> "Matt" <ma*******@hotm ail.com> wrote in message
> news:OZ******** ******@TK2MSFTN GP11.phx.gbl...
> > I want to know if ASP.NET Web Forms Validation Controls are

Server-Side
or
> > Client-Side form validation? Since I think each validator control can > select
> > either 1) JavaScript based error dialog or 2) show the error message next
> to
> > the control. For example, if the text field is empty with

RequiredField
> > Validator control, it can show the value in ControlToValida te property in
> > two ways as I mentioned.
> >
> > Please advise. Thanks!
> >
> >
>
>



Nov 18 '05 #6
Here's a slightly different perspective on Microsoft's client-side
validation: it only works on IE and IE/Mac browsers. For other browsers, it
uses that server side validation to catch errors. I have a commercial
solution that replaces Microsoft's validators with 22 validator controls
that support IE, IE/Mac, Netscape/Mozilla, Opera 7 and Safari with
client-side validation. Its called "Profession al Validation And More" at
http://www.peterblum.com/vam/home.aspx.

--- Peter Blum
www.PeterBlum.com
Email: PL****@PeterBlu m.com

"Matt" <ma*******@hotm ail.com> wrote in message
news:OZ******** ******@TK2MSFTN GP11.phx.gbl...
I want to know if ASP.NET Web Forms Validation Controls are Server-Side or
Client-Side form validation? Since I think each validator control can select either 1) JavaScript based error dialog or 2) show the error message next to the control. For example, if the text field is empty with RequiredField
Validator control, it can show the value in ControlToValida te property in
two ways as I mentioned.

Please advise. Thanks!

Nov 18 '05 #7
Actually, the validation controls will work client-side on any browser that
supports JavaScript. This includes IE, Netscape, Mozilla, Opera & Mosaic.
"Peter Blum" <PL****@Blum.in fo> wrote in message
news:OC******** ********@TK2MSF TNGP12.phx.gbl. ..
Here's a slightly different perspective on Microsoft's client-side
validation: it only works on IE and IE/Mac browsers. For other browsers, it uses that server side validation to catch errors. I have a commercial
solution that replaces Microsoft's validators with 22 validator controls
that support IE, IE/Mac, Netscape/Mozilla, Opera 7 and Safari with
client-side validation. Its called "Profession al Validation And More" at
http://www.peterblum.com/vam/home.aspx.

--- Peter Blum
www.PeterBlum.com
Email: PL****@PeterBlu m.com

"Matt" <ma*******@hotm ail.com> wrote in message
news:OZ******** ******@TK2MSFTN GP11.phx.gbl...
I want to know if ASP.NET Web Forms Validation Controls are Server-Side or Client-Side form validation? Since I think each validator control can select
either 1) JavaScript based error dialog or 2) show the error message next to
the control. For example, if the text field is empty with RequiredField
Validator control, it can show the value in ControlToValida te property

in two ways as I mentioned.

Please advise. Thanks!


Nov 18 '05 #8
"Scott M." <s-***@BADSPAMsnet .net> wrote in news:ehg5XFi4DH A.2756
@TK2MSFTNGP09.p hx.gbl:
Actually, the validation controls will work client-side on any browser
supports JavaScript. This includes IE, Netscape, Mozilla, Opera &
What is Peter referncing then in his case? Why would he need to write
commercial replacements?
"Peter Blum" <PL****@Blum.in fo> wrote in message
news:OC******** ********@TK2MSF TNGP12.phx.gbl. ..
Here's a slightly different perspective on Microsoft's client-side
validation: it only works on IE and IE/Mac browsers. For other browsers,

it
uses that server side validation to catch errors. I have a commercial
solution that replaces Microsoft's validators with 22 validator controls
that support IE, IE/Mac, Netscape/Mozilla, Opera 7 and Safari with
client-side validation. Its called "Profession al Validation And More" at
http://www.peterblum.com/vam/home.aspx.

--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programmin g is an art form that fights back"
ELKNews - Get your free copy at http://www.atozedsoftware.com

Nov 18 '05 #9
I supect he has custom validators that go beyond the 6 that MS provides.
I'm not saying his validators are/aren't useful, but his statement about the
MS validators only working in IE/Mac browsers is incorrect.
"Chad Z. Hower aka Kudzu" <cp**@hower.org > wrote in message
news:Xn******** **********@127. 0.0.1...
"Scott M." <s-***@BADSPAMsnet .net> wrote in news:ehg5XFi4DH A.2756
@TK2MSFTNGP09.p hx.gbl:
Actually, the validation controls will work client-side on any browser
supports JavaScript. This includes IE, Netscape, Mozilla, Opera &


What is Peter referncing then in his case? Why would he need to write
commercial replacements?
"Peter Blum" <PL****@Blum.in fo> wrote in message
news:OC******** ********@TK2MSF TNGP12.phx.gbl. ..
Here's a slightly different perspective on Microsoft's client-side
validation: it only works on IE and IE/Mac browsers. For other browsers,
it
uses that server side validation to catch errors. I have a commercial
solution that replaces Microsoft's validators with 22 validator

controls that support IE, IE/Mac, Netscape/Mozilla, Opera 7 and Safari with
client-side validation. Its called "Profession al Validation And More" at http://www.peterblum.com/vam/home.aspx.

--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programmin g is an art form that fights back"
ELKNews - Get your free copy at http://www.atozedsoftware.com

Nov 18 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
2287
by: Joshua Russell | last post by:
Hi, Both the methods below open up a windows form called MasterForm. However, one works better than the other. Method 1 opens the form correctly but I don't have any reference to the instance of master form. Method 2 opens the form but when I right click on the Notify Icon I don't get the context menu that I should be seeing. I can interact with the main form window but I cannot interact with the NotifyIcon. Method 2 gives a object reference...
2
2109
by: Jonathan Amend | last post by:
I want to make a page that has 2 forms on it but I can't use any runat=server controls because there can only be one runat=server form. Is there a way of having 2 forms with runat=server controls or do I have to resort to normal forms with submit burrons and processing the request manually when Page_Load fires?
3
4870
by: Kris van der Mast | last post by:
Hi, I've created a little site for my sports club. In the root folder there are pages that are viewable by every anonymous user but at a certain subfolder my administration pages should be protected by forms authentication. When I create forms authentication at root level it works but when I move my code up to the subfolder I get this error: Server Error in '/TestProjects/FormsAuthenticationTestingArea' Application.
5
5332
by: ~~~ .NET Ed ~~~ | last post by:
Hi, As you all know when an ASP.NET web form is created that will include web controls and such, it contains a FORM that that identifies the web form and its containing controls. Well, I have a web form who has several other (user & custom) controls, these are enclosed within the standard FORM tag. Additionally *some* of these user controls are actually forms as well. This results into nested Forms.
7
2474
by: Mike Bulava | last post by:
I have created a base form that I plan to use throughout my application let call the form form1. I have Built the project then add another form that inherits from form1, I add a few panel controls each with a couple of controls in them I then rebuilt my project and my new panels and all controls they contained are gone... I've looked through the Auto generated code but don't see anything that looks wrong Any body have any idea why this...
3
2374
by: Geraldine Hobley | last post by:
Hello, In my project I am inheriting several forms. However when I inherit from a form and add additional subroutines and methods to my inherited form I get all sorts of problems. e.g. I sometimes get MyVarialble is not declared errors when the variable is quite clearly declared, when I change it to public and then back again to private the error goes away!!! Also I get lots of member not found errors, these however don't stop me from...
14
3365
by: =?Utf-8?B?UHVjY2E=?= | last post by:
Hi, I'm using VS2005 and .net 2.0. I'm creating an application that has 3 forms. I want allow users to move forward and backward with the forms and retain the data users have entered. I thought I'll make the inactive forms invisible but this is creating a memory corruption problem when user close the form2 or form3 and not the formMain. My main form has a Next button which makes the main form invisible and starts a new form which I'll...
3
2117
by: MikeB | last post by:
Hello, I have a content page that is from a Master page which has 2 content panes. How do I add my forms to the content page? Each pane needs a form but you can not have multiple form tags nor can the form tages be outside of the content tags? Does this make since? Below is my source to the pages. Basically I need both content tags to have form tags.
5
1786
by: Reds | last post by:
HI, I have just started using Web Forms. It seems that I'm not able to do some things that Windows Forms allow me to do. For example, I tried to implement a counter using a module level declaration, but it would not increment using Web Forms. Also, some controls such as textboxes, which worked OK on the computer, did not work when I placed the project on the server and accesed it via the internet.
21
3376
by: Dan Tallent | last post by:
In my application I have a form (Customer) that I want to be able to open multiple copies at once. Within this form I have other forms that can be opened. Example: ZipCode. When the user enters a zipcode that is unknown this form will open. I don't want users to modify any of this customers data until they close the zipcode form. Normally this can accomplished using a modal form, however this prevents me from opening a new copy of...
0
8964
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
8786
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9466
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9327
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
9201
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
8202
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
6049
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4823
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
3277
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.