0

Could someone please explain the differences between using the ASP.Net Validation controls and javascript for client side validation? My job is to analyse code created by the developers/I have gone through few articles but in real time the developers prefer javascript than using the validation controls. Hence would like to understand the need for using javascript instead of validation controls.

Improve this question

2 Answers 2

Reset to default
3

The difference is that the ASP.NET client controls perform validation on the server which is something you should always do. Client side javascript validation is optional. It allows for more responsive UIs, less roundtrips to the server but it doesn't provide any level of security because users can simply turn javascript off in their browsers. ASP.NET controls have the possibility for generating client side validation in addition to server side as well.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks @Darin. I have seen in many instances where even for email validation the senior developers opted javascript instead of using the the existing validator. If it is more secure to use the validation controls available instead of using a javascript , then why do developers prefer javascript?
Senior developers use both. They never replace server side validation with javascript only. If they do, their seniority as developers is debatable.
@DarinDimitrov how come the asp.net client controls perform validation on the server!!!!! what do you mean by that, shouldn't those controls generate client-side javascript code that validate user input on his side??
2

Client Side

You want to validate input on the client side first because you can give better feedback to the average user. For example, if they enter an invalid email address and move to the next field, you can show an error message immediately. That way the user can correct every field before they submit the form.

If you only validate on the server, they have to submit the form, get an error message, and try to hunt down the problem.

(This pain can be eased by making "sticky" forms where the server remembers what was entered in each field and fills it back in, but client-side validation is still faster.)

ASP.Net controls Validation (Server Side)

You want to validate on the server side because you can protect against the malicious user, who can easily bypass your JavaScript and submit dangerous input to the server.

It is very dangerous to trust your UI. Not only can they abuse your UI, but they may not be using your UI at all, or even a browser. What if the user manually edits the URL, or runs their own Javascript, or tweaks their HTTP requests with another tool? What if they send custom HTTP requests from curl, for example?

Not allowing for that is not only naive from a security standpoint, but also non-standard: a client should be allowed to send HTTP by whatever means they wish, and you should respond correctly. That includes validation.

Server side validation is also important for compatibility - not all users will have JavaScript enabled.

Improve this answer

1 Comment

Just in case its not clear, you should do BOTH client side and server side. If you have to choose one, choose server side.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.