best practice for form submission

I'm currently planning a robust form for a client that involves a lot of input. And I am looking for some best practices or opinions regarding submission. I need to use asp.net and i work in jquery, c# and other .net frameworks.

So my question(s):

What is the best way to submit a form?

1. Should I validate using Javascript Client-side and server-side?
2. Whats the best way to validate server side? (asp.net C#)

   (edit: Whats the actual best practice for that, use the asp:requiredfieldvalidator etc or just write rules in the code behind? Throw errors? what do you think?)

3. Is it okay to use ajax to send the info to a public web method?
4. Are there security risks in using public web methods
5. What tactics do you use?
6. (edit) How do you def开发者_Python百科end against people pressing esc or the x in the url bar when saving? (Im under the influence that stops your request in its tracks

1. Yes, it makes a nicer user experience
2. Using ASP.NET validators http://msdn.microsoft.com/en-us/library/debza5t0.aspx
3. Generally yes, but ASP usually needs a postback for anything to work.
4. If your form is encrypted, the target should be encrypted too
5. Be careful to not make complex ASP forms do stuff async. Plain ASP forms work well.

Should I validate using Javascript Client-side and server-side? YES.

Whats the best way to validate server side? Make sure all the fields are valid, return a HTTP 400 error if not - Intercept that error w/ your AJAX handler and display an appropriate error. If you don't use AJAX, respond w/ a 200 that returns a complete error page

Is it okay to use ajax to send the info to a public web method? Sure, why not?

Are there security risks in using public web methods? YES. w/o SSL, data is subject to being intercepted and/or modified by malicious attackers

What tactics do you use? Huh?