Friday, June 25, 2010

How to Effectively Validate ASP.NET Page...when Javascript disabled in Browser ( When Validation controls become useless)

Consider a situation Like this .....
asp:TextBox ID="USERNAME" runat="server" asp:TextBox

asp:RequiredFieldValidator
ID="RequiredFieldValidator1" runat="server"
ErrorMessage="USER NAME CANNOT BE BLANK" ControlToValidate="USERNAME">asp:RequiredFieldValidator

asp:Button ID="submit" runat="server" Text="SUbmit" onclick="submit_Click"

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

protected void submit_Click(object sender, EventArgs e)
{
Response.Write("I am fired.........!!!");

}


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Since we have the required field validator over there "submit_Click " works only when it is not blank...



Try to disable JavaScript on your Browser and press button. You can see Post back happen also the validator message comes but the code goes to execution by printing "I am fired.........!!!" ... So a hacker can easily destroy your validation my disabling java script in browser...


So my Friends go for this code in Button Click

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

protected void submit_Click(object sender, EventArgs e)
{

if (Page.IsValid)
{
Response.Write("I am fired.........!!!");
}

}


The intelligent .net checks this in Server side. So code will execute only if page.Isvalid=true.....





Thanks for using System.Web.UI


:)

2 comments: