How to by-pass ASP.NET client-side validation to verify server-side validation

I’m interested in identifying a means to verify the server-side validation is performing as expected, but need to bypass the client-side validation being done using ASP.NET validation controls. To test this, I’ve tried using the form Poster add-on to Firefox that allowed me to get/modify the page contents and post it, but the .NET framework interpreted the submission as harmful and threw an application error (“A potentially dangerous Request.Form value was detected from the client”).

I’ve created a WinForm that includes a WebBrowser control and I’m able to manipulate the contents of the web page a开发者_JAVA百科nd invoke the button click, but am interested in seeing how to allow a postback with invalid input values. I don’t want to assume the server-side validation works (even though I do check if Page.IsValid on the server on postback). Any suggestions would be appreciated.

This submits the web form in the WebBrowseer control and the expected client-side validation fires: extendedWebBrowser1.Document.GetElementById(formButtonName).InvokeMember("click");

This is how I’ve manipulated some of the page contents (this just prevents submission): mshtml.IHTMLDocument2 doc = extendedWebBrowser1.Document.DomDocument as mshtml.IHTMLDocument2; string html = doc.body.innerHTML; html.Replace("Page_ValidationActive = false", "Page_ValidationActive = true"); doc.body.innerHTML = html.ToString(); extendedWebBrowser1.Document.GetElementById(formButtonName).InvokeMember("click");

Just switch off Javascript in your browser of choice. This will force server side validation to be called.

All of the validation Web controls have an EnableClientScript property. This is set to True by default, but if you set it to False then your validation controls will not emit client-side validation script.

Another option is to set the Page's ClientTarget property to "downlevel". This will force the page to render as if it was being visited by a downlevel browser. In this case, the validation controls will not render JavaScript for client-side validation.

As Sean Hunter pointed out, another option is to simply disable JavaScript in the browser. If you go this route I recommend using Firefox's free NoScript extension, as it makes it easy to turn script on (or off) for particular sites.

Set

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Services.aspx.cs" Inherits="SomeClass"
    MasterPageFile="~/Master/Main.Master" Title="Title" ViewStateMode="Disabled" EnableEventValidation="false" %>

EnableEventValidation="false" <-- this is what you need