I would like to ask a theoritical question. Assuming that an application is using both ASP.NET and Linq, which approach to validation do you consider to be better, validation using the ASP Validation Controls, or validation through the Linq to SQL classes with any code additions that may be required?
The asp.net controls do validation client and server side whereas Linq (or code in general) are for doing validation server side only. Since is good practice to do validation on both sides, I wouldn't pick one or the other but maybe use both. As a matter of taste, I prefer JQUERY to perform validation on the client side and normal code to perform validation on the server side.
I dislike the asp.net validation controls because they require a lot of markup on the page.
Related
I am a long time webform developer. I am used to using the asp.net validator controls to validate user input.
While I like the fact that asp.net has the potential to validate the input on both the client and server side, I feel that the way the validators render isn't ideal. I'm constantly looking, with envy, at javascript validation libraries (like Parsley.js) and wishing asp.net validators would work like that. For instance, I'd like to be able to change the css class for fields that fail validation. Or I'd like to hide or display an img based on validation logic.
However, the problem with moving to a library like Parsley.js is I lose server side validation, which for security purposes, is the most important layer.
Is there a way to integration server side validation, with a client side framework? In a way that doesn't require a lot of duplicate effort?
In asp.net You can always trigger validation by the validator1.Validate() method, which will do the server-side comparison. Check Page.IsValid to see if server-side validation isn't being performed? I think you can invoke it via Page.Validate().Or the overloaded Page.Validate(string) to target one of your validation groups.
http://msdn.microsoft.com/en-us/library/aa479013.aspx
I create new page with lots of validation controls, such as RequiredValidation, RegexValidation and so on. I found out that when I create these validation controls, it seems like it render both client java-script and server validation for me automatically.
I want to know, do I understand correctly or not?
Yep. That is correct. The built-in controls do server side validation (for security) and client side validation (for performance and user experience) for you.
Tip: Don't add these validations to the mark-up, but add them through the code behind, as shown in this blog post, since it keeps your code DRY.
I would like to replace asp.net form validation with jQuery validation but not sure is this secure. ASP.NET validation use client side and server side validation to prevent hack post to server by disabling client side JS validation.
If I will use client side jQuery validation then it can be easily compromised, no? Maybe I am missing something?
You should not use ONLY client side validation. It can be easily avoided. People generally use client side validation for the User Experience. That way forms don't have to do a full post to catch mistakes. You want to do server side validation for security purposes.
jQuery validation is exactly the same as client side JS validation. jQuery is javascript framework.
ALWAYS use server side validation, and if you want to improve the user's experience then include your client side validation.
you should always write server-side validation code even if you validate the data on the client, otherwise your site will be unsafe and easily could be hacked. But the reason for writing client-side validation is to avoid the round-trip to the server that would otherwise be required to validate the data. In other words, if the user enters invalid data, it's much more efficient and user-friendly to trap the error before
sending the data to the server, where if the data is invalid you'll have to rebuild the page and maintain the page state as well so that the user can fix the invalid value.
Try using asp.net AJAX plus server control validators as your validation framework for the following reasons:
It's secure because your validation runs in the server side
It's easier to implement because you dont have to write the same code twice, both in the server and in the client (javascript)
Server side code it's by far much easier to maintain than client side code
Your website will look responsive, although you must take care on how to reduce the data traveling in every partial postback. Research on this.
You are tied to the asp.net sintax and your developers will love this too. You won't actually need more.
Recommendations:
focus is lost on every partial postback: the DOM portion of the form submitted inside the update panel is replaced, and the browser does nothing to set the focus for the user. So make sure to set the focus on the proper controls thinking the user is entering data using the TAB keystroke.
if you want to customize the appeareance of your server validator controls with css, try inheriting the main validators: Custom, Regex and requiredField, with your own classes, which basically set and unset the error css class and message you want every server roundtrip (set before rendering). then map those custom classes to the framework's classes in the web.config (use tagmapping), so you alway use the default markup for server side validations. You get this way the best of the two worlds.
Jquery.validate.js
https://github.com/jzaefferer/jquery-validation
You can set this up to run independently of your own client side validation/instead of/or in conjunction with.
Could you please tell me the difference between using asp.net validator controls vs JQuery for front end validation? What happens if the user turns off javascript on their browser?
Thank you..
The difference is that "front end" validation by itself has nothing to do with security or real validation. It's entirely a performance optimization — a client validation failure saves a round trip to your server, helping you scale and allowing you to reduce the response time for your users. But the real validation work must take place server-side.
ASP.Net validation controls help you automate the server-side validation and keep it in sync with the client, while jQuery still requires you to write the server-side logic separately.
The ASP.NET validators will also check server side. You can check a boolean value to see if any have been violated.
If JavaScript is disabled the jQuery will do nothing, but the ASP.NET will still be able to check.
You can of course combine the jQUery with your own server-side validation, but it isn't built-in.
The ASP.NET validator controls are a lot easier for the average asp.net developer to use. I think using jquery is probably a lot "cleaner" and more flexible.
For the ASP.NET validator controls, I want to use both client-side validation for the user experience and server-side validation to guard against hackers. ASP.NET documentation leads me to believe that if EnableClientScript="True" then there will be no server-side validation if client-side validation is possible for the user agent. To get server-side validation, the documentation says use EnableClientScript="False", which bypasses client-side validation altogether.
Am I misunderstanding how the validator controls work? I ask because it seems obvious that many developers would want both client and server side validation together, and I find it hard to believe both together is not possible with one of the standard validation controls.
If I am understanding the ASP.NET documentation correctly, then I can find only two options:
Use two validator controls exactly the same except for their ID and EnableClientScript properties. Obviously ugly for maintaining two controls almost the same.
Write some code behind to check if postback then invoke the Validate method on the validator group. Why write code behind if there a way to be automatic from the control?
Is there a way to do so using a single validator control with no code behind?
Thanks in advance for your input.
The server-side validation will always occur, so you don't have to worry about it. The only way around that would be to use the CustomValidator or create your own validator class from BaseValidator that don't do anything server-side.
By default, server-side validation occurs after Page_Load() and before any triggered events (e.g. button click). In your Page_Load(), however, you can force a Page.Validate(). After validation has occurred you can check the Page.IsValid property.
I recommend you read ASP.NET Validation in Depth. Also, it's not what you asked for, but it is fundamental that you understand the page lifecycle and ViewState (if you're not using MVC). Almost everything you will encounter makes use of it.
You are misunderstanding how the validators work. You always get server validation, bit client validation is optional. The only exception to this is the custom validator where you do not have to do anything server side if you don't want to.
use an asp validator in your markup, then on postback do the following:
Page.Validate()
if(Page.isValid)
{
// Validation passed
}
According to this Microsoft source, "the Web Forms page framework always performs validation on the server, even if the validation has already been performed on the client."
There is a lot more information there about how to implement the validation controls in ASP.Net 2.0. Presumably, the basic behavior has not changed in subsequent ASP.Net releases.