Develop Reference

Server side validation

I am having an issue with the requiredfieldvalidator control not working on an ASP.net page. I have completed the attributes of that field properly, but when I test it, the postback is allowed to happen even if the field in question is blank.
So I want to do server side validation instead. What is the best way to do that? In the event that caused the postback? Also, if I find out the field is blank, how do I get the user back to the screen with all other values they placed on other fields intact and a message saying "This field cannot be blank".
EDIT:
This is the code:
<asp:TextBox ID="fName" TabIndex="1" runat="server" Width="221px" CausesValidation="True"></asp:TextBox>
<asp:RequiredFieldValidator ID="FNameRequiredFieldValidator" runat="server" ControlToValidate="fName" InitialValue="" ErrorMessage="Filter Name cannot be blank." ToolTip="Filter Name cannot be blank.">*</asp:RequiredFieldValidator>

You need to provide the markup for your Button / Link control as well.
The 'CausesValidation' attribute is not supposed to be used on TextBox controls.
The button you click needs to have that attribute set to "True".
Please provide that markup and then I can advise on the alternate server side validation.

To enable Client-side Validation, set the EnableClientScript="true" on the RequiredFieldValidator.
You should also always validate on the server side too. But the RequiredFieldValidator doesn't let you do any special-handling server-side. Just check if Page.IsValid(). This will return false if the field is not supplied.
If you want to do custom validation, use a CustomValidator.

how to check a particular asp.net validation control is valid?

In a web form there are different asp.net validation controls. Is it possible to check a particular validation control is valid ? For example on leaving focus of textbox, first I will check requiredFieldValidatorUserName is valid ? If it is valid then I will check on server using ajax that this user name is not booked already.
Edit:
Explaination: I want to check validity (that input was valid) of a validation control on client side.
Please guide.

All validator controls implement IValidator which contains the IsValid property.
myValidatorControl.IsValid

The best way would be to use a CustomValidator with client side code, as this will display all the error messages, block form submission and also ensure that the validation is repeated at the server side - remember, just because you have client-side validation available, doesn't mean the user's seen it: Always validate your input at the server as well.
Your CustomValidator would then be coded to call the Ajax methods, and would show the error messages correctly to the client:
<asp:Label ID="UserNameLabel" AssociatedControlID="UserName" runat="server">
UserName *:</asp:Label>
<asp:TextBox ID="UserName" runat="server" />
<asp:RequiredFieldValidator ID="UserNameRequired" runat="server"
ControlToValidate="UserName" EnableClientScript="true"
ErrorMessage="You must supply a username!" />
<asp:CustomValidator ID="UserNameCustom" runat="server"
ControlToValidate="UserName"
ClientValidationFunction="CheckExisting"
OnServerValidate="UserNameCustomValidate"
ErrorMessage="Username already taken" />
And your ClientValidationFunction should look something like:
<script type="text/javascript">
function CheckExisting(source, arguments) {
// Pass the arguments.Value to your AJAX call:
if (ajaxCallUserNameTaken(arguments.Value)) {
arguments.IsValid = false;
}
}
</script>
(Obviously, you'll need to write the ajaxCallUserNameTaken method to call your page method/web service/etc.)
Doing it this way will ensure that the validation methods happen as expected; this will get called whenever the user tabs out of the textbox leaving a value (it won't get called if the textbox is empty), and will ensure that the user can't submit the page until they supply a unique value. You'll also want to create the method referenced in OnServerValidate to ensure that the value's good once it hits the server too - this should call the same code that the AJAX endpoint uses to reduce duplication of code, etc.
I was originally going to suggest that you could use the Page_Validators object on the client-side to do some checking in the onBlur event, but I don't really think this is suitable here as it results in more pain:
It assumes that although there might be more than one validator on the page, there's only the RequiredFieldValidator on the control we're checking
The RequiredFieldValidator isn't fired during OnBlur if a user moves out of a control without setting a value - only if they set and clear the value, so even if isvalid is true, you need to check for an empty string!

You could do this by setting the ValidationGroup for the Validator control that you want to treat as separate from the others. Make sure it matches the ValidationGroup of the control it's validating (your username field).

I have just faced the same issue and I Set CausesValidation="true" to the textbox control and it worked. Just give it a try :)

I have been messing around with this around for a bit and found a rather easy (not so efficient) solution to handle this using jQuery.
Use this function to check the validity of your control:
function validateControl() {
return $('#YOUR_VALIDATOR_ID').css("visibility") == "visible"
if you're using Display="Dynamic" on your validator then the function is like so:
function validateControl() {
return return $('#YOUR_VALIDATOR_ID').css("display") == "inline"
Be sure to check the true ID of your validator if you're using a Masterpage, as it will be different than the one in your IDE. Do so by viewing the page source in your browser.
The best solution will be of course to validate your form in some other way, using JavaScript or a CustomValidator that lets you write your own code.

How can I encrypt my ValidationExpression in VB.net?

I'm very new to asp and vb.net, I've just learned about regular expression validation but one thing is bugging me: How can I hide my expression from being viewed on my source code?
The plan is to make a very simple 'login' type of page. I know this goes against all that is holy in this kind of operations, but it's just something I'd like to try out.
Also, after the expression has been validated, I want to load another page, I was thinking of achieving this with:
<asp:TextBox ID="txtcp" runat="server"></asp:TextBox>
<asp:RegularExpressionValidator ID="RegularExpressionValidator1" runat="server" ErrorMessage="CP Errada"
Display="Dynamic" ControlToValidate="txtcp" ValidationExpression="admin"></asp:RegularExpressionValidator>
and in vb:
If txtcp is validated then
Response.Redirect("mypage.aspx")
end if
But the syntax on this IF is obviously not right, any help would be great.

You can shrink the size of your Regex Validator by using the following.
<asp:TextBox ID="txtcp" runat="server" />
<asp:RegularExpressionValidator ID="RegularExpressionValidator1" runat="server" />
And then in your Code behind
Function Page_Load()
With RegularExpressionValidator1
.ErrorMessage="CP Errada"
.Display="Dynamic"
.ControlToValidate="txtcp"
.ValidationExpression="admin"
End With
End Function
Function SubmitButton_Clicked()
If Page.IsValid Then
Response.Redirect("mypage.aspx")
End If
End Function
Unfortunately you can't encrypt it since the whole point of validation is to use Client Side Javascript. It is bad (in fact VERY BAD) to use a regular expression to validate a username in the way that I 'think' you're doing it in your example. The right thing to do for you, honestly, is to just use the build in ASP.NET Membership Provider. It is seriously easy to learn, it's mostly secure by default, and best of all... it's "no Fuss, no Muss".

asp.net sanitizing user input

Does asp.net have a built in mechanism that can sanitize all textbox input instead of redirecting to the error page?
I have a textbox input where a user can enter a name, but if they try to enter and <> tags the page automatically throws an error. I just want to handle this error in a user friendly way.

You'll want to look at the AntiXSS library for that. It's a dll so it's easy to drop in and start using it.
The download is at CodePlex.

You can use the ASP.NET RegularExpressionValidator control with a pattern like: ^[^<>]*$
<asp:RegularExpressionValidator ID="rev" runat="server"
ControlToValidate="txtBox"
ErrorMessage="The <> tags are not allowed!"
ValidationExpression="[^<>]*" />
<asp:RequiredFieldValidator ID="rfv" runat="server" ControlToValidate="txtBox"
ErrorMessage="Value can't be empty" />
The RequiredFieldValidator is used in conjunction with the RegularExpressionValidator to prevent blank entries. If that textbox is optional, and only needs to be validated when something is entered, then you don't have to use the RequiredFieldValidator.
The benefit of doing it this way is that the error can be handled gracefully and the user can be notified on the same page.
However, if you need to do this for many textboxes and you just want to present something nicer than the error page, you could handle the ValidateRequest error to provide a friendlier message and keep the user on the same page (not just replace it with a custom error page). For more info, check out Kirk Evans' post: Handling ValidateRequest errors within a Page (refer to the section titled Overriding the OnError Method).

Read this for a step-by-step: http://yourtahir.wordpress.com/2008/03/28/aspnet-not-allow-html-in-text-boxserver-error-in-application-a-potentialy-dangerous-requestform-value-was-detected/
You have to do some web.config work.

ASP.net has validation controls
[http://msdn.microsoft.com/en-us/library/7kh55542.aspx][1]
Also there is Mark Down Editor which is a control that strips out html tags etc.

Validator in <noscript> causes JavaScript error

The following .NET 3.5 code, placed in an aspx file, will trigger a JavaScript error when the page is loaded (for users who have JavaScript enabled):
<noscript>
<asp:TextBox ID="txt" runat="server"></asp:TextBox>
<asp:RequiredFieldValidator ID="txt_RequiredFieldValidator" runat="server"
ControlToValidate="txt"></asp:RequiredFieldValidator>
<asp:Button ID="btn" runat="server" Text="Button" />
</noscript>
The error happens because the JavaScript generated by the ASP.NET validator control does not contain a null check on before the second code line below:
var ctl00_body_txt_RequiredFieldValidator =
document.all ?
document.all["ctl00_body_txt_RequiredFieldValidator"] :
document.getElementById("ctl00_body_txt_RequiredFieldValidator");
ctl00_body_txt_RequiredFieldValidator.controltovalidate = "ctl00_body_txt";
Can anyone suggest a workaround to this?
Footnote: Why am I doing this? For my non-JavaScript users I am replacing some AJAX functionality with some different UI components, which need validation.

You should add the following to the RequiredFieldValidator:
enableclientscript="false"
Seeing as you are using these in <noscript> tags, there is no point in supplying client side vaildation of the controls - they are only going to display if JS is turned off.
This will force the validation to happen (automatically) on the server side for you.
Just make sure you call "Page.IsValid" before you process the response.
See BaseValidator.EnableClientScript for more details.

The javascript is looking for an element contained in the noscript? AFAIK there's no clean way to detect script support from the server side.
I think you'll need to build in a redirect (I've seen this done with a meta-refresh in a header noscript if you don't mind a validation failure) to push noscript users to a "please turnscript on page" or do some surgery to loosen up the validation/control binding which may take some amount of wheel reinventing. This is one of those areas where asp.net's tight coupling between controller and view really punishes.