There are six validation controls included with ASP.NET as well as a summary control. Data validation with the ASP.NET validation controls is always processed on the Web server and can also optionally be processed on the user's computer.
by Shannon Horn
Aug 7, 2003
Page 1 of 8
alidating the information entered by users is an essential part of developing a professional Web-based user interface. Data validation over the Web is performed in one of two locations: on the user's computer, or on the Web server.
There are six controls included with ASP.NET that simplify data validation.
Most applications perform their data validation on the user's local computer. In this scenario, if an error occurs while performing validation on the user's computer, the application can directly display the error message on the page that the user is viewing without the page making a round trip to the Web server and then back to the user. This increases performance and reduces traffic over the Web.
In addition, malicious users can subvert the validation process. Users with harmful intent may easily modify the validation script because it is contained in the source of the page that is sent to the user's computer. The malicious user can then submit the modified script to the Web server with results that are different than what you, the developer, intended.
The alternative to processing data validation on the user's computer is to process it on the Web server. The opposite pros and cons that applied to processing data validation on the user's computer apply to processing data validation on the Web server. For instance, since the validation occurs on the Web server, your application must post the Web page that the user is viewing back to the Web server for validation to occur. This decreases performance since the page must make a round trip to the Web server and back to the user's computer if data validation fails. However, when you validate a process on the Web server, you can use any scripting language because the user's Web browser doesn't process the scripting language. Furthermore, the data validation scripts are protected inside the Web server so they are not vulnerable to malicious user modifications.