views:

120

answers:

4

Hello,

For the ASP.NET validator controls, I want to use both client-side validation for the user experience and server-side validation to guard against hackers. ASP.NET documentation leads me to believe that if EnableClientScript="True" then there will be no server-side validation if client-side validation is possible for the user agent. To get server-side validation, the documentation says use EnableClientScript="False", which bypasses client-side validation altogether.

Am I misunderstanding how the validator controls work? I ask because it seems obvious that many developers would want both client and server side validation together, and I find it hard to believe both together is not possible with one of the standard validation controls.

If I am understanding the ASP.NET documentation correctly, then I can find only two options:

  1. Use two validator controls exactly the same except for their ID and EnableClientScript properties. Obviously ugly for maintaining two controls almost the same.

  2. Write some code behind to check if postback then invoke the Validate method on the validator group. Why write code behind if there a way to be automatic from the control?

Is there a way to do so using a single validator control with no code behind?

Thanks in advance for your input.

+3  A: 

The server-side validation will always occur, so you don't have to worry about it. The only way around that would be to use the CustomValidator or create your own validator class from BaseValidator that don't do anything server-side.

By default, server-side validation occurs after Page_Load() and before any triggered events (e.g. button click). In your Page_Load(), however, you can force a Page.Validate(). After validation has occurred you can check the Page.IsValid property.

I recommend you read ASP.NET Validation in Depth. Also, it's not what you asked for, but it is fundamental that you understand the page lifecycle and ViewState (if you're not using MVC). Almost everything you will encounter makes use of it.

Nelson
Thanks for the quick response. I was hoping that was the case.
harrije
@harrije ~ If Nelson's comment was the answer, don't forget to mark his question as the answer. This lets other people know that you are done with the question. Welcome!
drachenstern
@drachenstern: Thanks for helping out, but also remember you can't accept an answer immediately. :)
Nelson
@Nelson ~ Well I don't seem to recall that bit of information. You can't accept an answer immediately? Hmmm... I guess it's been awhile since I had to worry about too much of what I couldn't do around here...
drachenstern
marked as answered and thanks for the pointers
harrije
@drachenstern: I'm not sure what the rules are, but I have tried accepting an answer before and I think it said to wait something like 15 minutes. I'm guessing it's to give an opportunity for other/better questions, but I couldn't find it in the FAQs...
Nelson
@Nelson ~ intriguing. Thanks for that tidbit, I'll be on the lookout for it in the future. (PS: Mostly I _was_ talking to his `1` status tho ;-)
drachenstern
A: 

You are misunderstanding how the validators work. You always get server validation, bit client validation is optional. The only exception to this is the custom validator where you do not have to do anything server side if you don't want to.

Ben Robinson
A: 

use an asp validator in your markup, then on postback do the following:

Page.Validate()
if(Page.isValid)
{
     // Validation passed
}
derek
A: 

According to this Microsoft source, "the Web Forms page framework always performs validation on the server, even if the validation has already been performed on the client."

There is a lot more information there about how to implement the validation controls in ASP.Net 2.0. Presumably, the basic behavior has not changed in subsequent ASP.Net releases.

DOK