I have one simple question (doubt).
Ajax is a server side technology so it hits the server asynchronously but when we use ajax toolkit's text-box validations then even if internet is disconnected , text-box gets validated how?? is it client side?
Actually, AjaxToolkit generates javascript codes in pages. all validations are done in Client side.
The AJAXToolkit is basically a helper that implements some client-side functionality for you. The user story in WebForms is all about rapid application development. The entire WebForms infrastructure is in place in order to wrap server-side + client-side functionality in a way that allows you to create web applications like you would WinForms applications. WebForms was developed by Microsoft to allow WinForms developers to use the same techniques when developing for the web.
That being said, all asp.net validators are both client-side and server-side. Doing client-side validation without server-side validation is pointless. Client-side validation (AJAX or not) is only used to give users a more responsive UI and maybe save some server round-trips for input that can be easily detected as invalid. The true validation is done server-side when the form is POSTed. If there were only client-side validation in place, a user with malicious intent could just circumvent the validation by posting the form from a tool like Fiddler. Also, what about clients which do not support JavaScript at all? (Rare as they might be these days...)
Related
I am confused about client side and server side validation in ASP.net.
I know that client side validations validate on the client side, and asp.net validation controls are server side controls. But if I am applying it on any server side control like <asp:textbox> and apply RequiredFieldValidator, it validates immediately like a client side control. All other asp validation controls validate immediately without post back to server.
So how does it work without posting back to the server?
Even though the ASP.NET server theoretically validate on the server, they will also validate on the client. From Microsoft's documentation:
If the user is working with a browser that supports dynamic HTML
(DHTML), ASP.NET validation controls can perform validation using
client script. Because the controls can provide immediate feedback
without a round trip to the server, the user experience with the page
is enhanced.
Under most circumstances, you do not have to make any
changes to your page or to the validation controls to use client-side
validation. The controls automatically detect if the browser supports
DHTML and perform their checking accordingly. Client-side validation
uses the same error display mechanism as server-side validation.
If you use HTMLHelper in the views it will automatically insert javascript validation from e.g. the DataAnnotation of the model. Things like Required, MaxLength etc. are checked on the client-side (and on the server-side again).
How can I capture key events in ASP using C# code?
for example, I want to press the left key and a text box will pronounce "Left Pressed".
You misunderstand how web applications and ASP.NET work. Keys are pressed by the user on the client side, in the browser that shows HTML pages. ASP.NET and the C# code that makes up the web application run on the server side. You cannot really capture key events on the server side. Even if you could, you shouldn't - every time the user would press a key, you'd have to send it over to the server side, evaluate it and then render the page again and send it back to the browser. This would generate a lot of traffic and force page reloads very frequently, making the pages very hard to use. Even AJAX calls wouldn't help much with this.
Instead, you should handle key presses on the client side, in JavaScript code that runs inside the browser and when you encounter something that the server needs to handle, you can then perform a server call.
This site (among a bunch of others) has code samples that show how to implement key detection in JavaScript:
http://www.alessandrolacava.com/using-javascript-to-detect-the-key-pressed/
Edit:
Alternatively, you can try using Silverlight, which is a programmable browser plugin similar to Flash. Silverlight hosts the .NET Framework and can be programmed using C#. Even in this case, though, you'll handle keys on the client side, not on the server.
I'm working on an asp.net project based on asp.net AJAX but we get more and more client side calls using jquery ($.ajax) and get json or html return. I'm wondering what is the best way to handle these calls on the server side, in the same webform, or use a specific http handler, or even web service? can somebody share the experience or best practice?
thanks.
I'd recommend you an http handler. Normally it's the best and simplest option.
There is no problem on managing the ajax call using a page method (marked as WebMethod and static), the only drawback is that can be only be called from that page. The http handler is independent and can be called from any page.
The web service is normally suitable for calling third party API, I don't see that you need to create one for ajax calls on your own web site.
What's the best way to validate controls, client-side JavaScript validation or server-side validation?
As others have said, you should do both. Here's why:
Client Side
You want to validate input on the client side first because you can give better feedback to the average user. For example, if they enter an invalid email address and move to the next field, you can show an error message immediately. That way the user can correct every field before they submit the form.
If you only validate on the server, they have to submit the form, get an error message, and try to hunt down the problem.
Server Side
You want to validate on the server side because you can protect against the malicious user, who will probably know how to bypass your JavaScript and submit dangerous input to the server. The server should never trust input from the user, no matter what validation you've tried to do on the client side.
Server side validation is also important for compatibility - not all users will have JavaScript enabled.
Source JavaScript ClientSide vs. ServerSide Validation
The .NET validators work both client side and server side.
This is best practice, as you want the responsiveness of the client side, but the security of the server side (as you should never trust the client - always validate on the server as well).
For example - with tools like firebug, javascript may be active, but the script can be easily tampered with (so it "passes" validation on the client, even if it shouldn't). Your server side code is not exposed to the client, so you should always also validate on the server side.
both
javascript validation helps you to save serverside traffic and the user doesn't have to wait, because he gets immediate feedback. but users can deactivate javascript, so you need serverside validation as a backup.
Both. Client-side for quick feedback to the user without needing to postback. Then again on the server-side, because client-side validation is easily bypassed.
I'm using jquery ajax to fetch data from an asp.net webservice. I'm wondering how I can secure it and have it work with jquery ajax. The service is part of my web application and to access it you have to be logged in to the application. However I'd like to further secure it. For example a consultant looking up all their customers in an autocomplete box is good, but they can instead send in some other consultant's id. What's the best way to secure this?
I've looked at this article here http://msdn.microsoft.com/en-us/library/w67h0dw7%28VS.71,classic%29.aspx . However, I don't know how to make this work with jquery ajax. Any help would be appreciated.
As far as I understand you want to make sure that you know the identity of the person using your service. If the web service is part of your application this should not be a problem by using cookies (assuming the web service is on the same domain as the site). See this e-book for some ideas.
Otherwise you could hand out temporary identifiers to the logged in members of your site which would be used in the webservice calls - this way even if the identifier is stolen, it can only be used for a limited time.
I made it more secure by using encryption. I encrypt the consultant's id when passing it via ajax, and decrypt it on the server side. Obviously I do the encryption on server side and pass it to client when rendering the page. And then ajax makes the call using that encrypted id.