Automatically Duplicating Business Logic on Web Client

Question

Last week I implemented a date validation in our front end, a combination of ASP.NET and heavily dependent on lots of JavaScript code to avoid server round-trips until a form is actually saved. I felt it clumsy that this rule check is not done on the server, but our current architecture and performance requirements prevent this. It's out of my hands for now.

Ideally, this check should be done in both places, but then the server side check would be done with neat, typed, C#, and immediately visible to developers working on that BO, and the client side check is actually done by not even a copy, which is dodgy, but completely different code.

What ways could there be to actually duplicate the server side check on the client side? Using a rule engine, and having an identical rule applied by two trusted rule engines on each side, actually delegating the server check to be done by JavaScript, which is then registered in the rendered client seems like another option, but seems challenging.

Any ideas on this rather academic versus practical question?

Answer 1

ASP.NET's Validation Controls can do this.

ASP.NET validation controls also provide two ways of validation: Server-side or Client-side. The nice thing about these Validation controls is that it will preform client-side validation when it detects the browser is able (unless client-side validation has been disabled). Thus reducing roundtrips. And it will preform server-side where necessary. This client-side/server-side detection and validation is done without extra work by the developer!

http://www.devhood.com/Tutorials/tutorial_details.aspx?tutorial_id=46

Otherwise, you would have to follow the same model. Create set rules, then implement each of them on both sides (in controls, if you can). Then, allow the developer to select which rule to apply to which html controls.

Answer 2

Well, you'll never be able to automatically duplicate server side validation code in the client, because

1. the languages (javascript vs. C#) are too different
2. the server side code often will have data available that is not present in the client

However, it's perfectly feasible to delegete the validation code to the server altogether. Certainly, for exactly the same two reasons, that's the best place for such code. Using Ajax techniques, and the WebRequest object, a short validation stub in the client can quite easily call a server-side validation function with no need for a postback.

Answer 3

I've never done this, but it seems like you could write your validation code in one place on the server, then have your web application access the validation code directly while each client page accesses the same web-service-exposed code using AJAX.

In the .NET world, this could be done simply by writing the validation code as a web service. The AJAX-clients and the server app itself would call methods in this web service to do validation (note: this might be a bad idea from a security perspective - I don't know).

Answer 4

I think a simple rule engine is your best option. Depending on the validation you want to perform it needn't be too complex.

Anything else will involve additional round trips to the server (to perform all validation in C#) or getting the server to execute the JavaScript (which is much harder, I believe, than implementing a rules engine).

The only alternative is duplicating the code (just as Microsoft does).