The Validation Framework | Developing Microsoft ASP.NET Server Controls and Components (Pro-Developer)

The validation framework in ASP.NET provides a set of standard validator controls and a simple model for page developers to incorporate validation into their Web applications.

Validator Controls Provided by ASP.NET

ASP.NET provides a set of validator controls in the System.Web.UI.WebControls namespace. Table 14-1 lists this set of validator controls along with the validation rules they encapsulate.

Table 14-1. Built-In Validators in ASP.NET

Validator	Validation Rule
RequiredFieldValidator	Ensures that the user enters a non-empty value.
RangeValidator	Ensures that the user's entry lies within a specific range of values.
CompareValidator	Ensures the validity of the user's entry by comparing it to a reference value. The reference value can be either a constant value or the value of another validation target. The comparison can be one of several operators, such as equality, greater than, and so on. In addition, the validator can check that the entered value matches a specified data type.
RegularExpressionValidator	Ensures that the user's entry matches the specified regular expression pattern.
CustomValidator	Allows the page developer to supply custom validation logic to perform validation of the user's entry.

The built-in set of validator controls provides an implementation of some of the commonly used validation rules. However, this set is by no means exhaustive. The extensibility of the validation framework allows you to create new validator controls that encapsulate additional validation rules.

Using Validation in a Page

The validation framework is geared toward simplicity. The page developer does not need to implement any validation logic to use the validation framework. Instead, he or she simply needs to add one or more validator controls to the page and associate them with validation targets declaratively in the .aspx file. Once the page developer has included validator controls on his or her page, he or she can examine the IsValid property that is exposed by the Page class. The page aggregates the valid or invalid state of all the validators it contains in this property. This allows the page developer to check the value of a single property in order to skip the processing of data if any value is invalid.

How the Page Performs Validation

The Page class contains a Validators collection that contains references to all the validators that exist on the page. Each validator control registers itself with its page by overriding its OnInit method and adding itself to the Validators collection. The Page class also exposes a Validate method that in turn invokes the Validate method of each registered validator. If the validator is visible and enabled, it executes its validation logic to update the value of its own IsValid property. The validator does so by retrieving the user entry to be validated from the validation target and checking the value against a set of validation rules.

A page developer can invoke the Validate method of the page to trigger validation. However, it is rare to see an explicit call to Validate . Rather, various controls that cause postback ”the Button , LinkButton , and ImageButton controls ”invoke the Validate method on behalf of the page developer. Each of these controls contains a Boolean CausesValidation property, which is set to true by default. When this property is true , these controls automatically trigger validation by invoking the Validate method of the page before raising their Click event. Thus, these controls ensure that the IsValid property of the Page is updated before any event handler is invoked. The logic in an event handler can inspect this page property to determine whether to process the user's data or to allow the user to fix any errors before resubmitting the page.

Note

In ASP.NET, various controls other than buttons can cause the page to be submitted and raise change events. For example, the TextBox control submits the page when its AutoPostBack property is set to true and the user changes its text. However, the TextBox control does not trigger validation. If user code processes the TextBox data in a Text Changed event handler, it might process data that has not been validated. Therefore, we recommend that if you implement a control that supports AutoPostBack , you should implement a CausesValidation property on that control, even though ASP.NET controls such as the TextBox do not offer this property. Unlike buttons that cause action events, controls that cause change events should have their CausesValidation property default set to false . When this property is set to true by the page developer, your control should trigger validation before raising its change event. It is expected that ASP.NET will follow this recommendation in the future.

Client-Side Validation

In Chapter 13, "Client-Side Behavior," we described how server controls can take advantage of the client-side functionality available in a Web browser to provide an enhanced user experience. We also mentioned that server controls can encapsulate the logic needed to determine the level of client-side functionality that is available and can render accordingly so that they can degrade gracefully rather than cease to function.

The ASP.NET validation framework makes use of this capability to implement a client-side validation framework in addition to the server-side validation framework we have seen. Client-side validation allows the validation that takes place on the server to also take place in the Web browser before the page is submitted to the server. If the page contains invalid user entries, the submission process is interrupted and the user is prompted to fix the errors before continuing. This reduces the number of wasteful or bad requests that a server has to process, validate, and return to the user for corrections. Client-side validation also improves the user experience by immediately alerting the user about errors on the page without requiring the user to wait for the server to process the data and generate a response.

Enabling client-side validation without any additional complexity for the page developer is a valuable feature of Web Forms. Validators automatically check for the JavaScript and DHTML capabilities of the target Web browser before rendering their client script and script file references. The client-side validation framework and the client-side validation logic for the ASP.NET validator controls are implemented in WebUIValidation.js, which is included in the page when client-side behavior of validators is enabled. On typical installations of version 1.0 of the .NET Framework, this script file exists in the c:\inetpub\ wwwroot \aspnet_client\system_web\1_0_3705_0 directory.

Validators never disable their server-side validation logic. Server-side validation rules are always executed. This is to ensure the validity of data in all scenarios and provides an additional level of checking. Server-side validation also provides a level of security by ensuring that validation always takes place, even when the request is made from a non “Web browser application that bypasses client-side validation (such as a request handcrafted by a malicious user).

The ValidationSummary Control

In addition to the validator controls, ASP.NET includes the ValidationSummary control. A page developer can use this control to collect error messages from all validators that have detected invalid user entries and to display the combined set of errors in one location and format. The ValidationSummary control simply enumerates the contents of the Validators collection of the page and extracts the error messages from each validator in an invalid state. The control can be used either to generate a list of errors in the page or to generate a message box when the user attempts to submit a page with errors. The ValidationSummary control works with all validators ”meaning that it works with both built-in validators and any custom validators that you might implement.