Validations in ASP.NET and C#

Which is best — client-side v开发者_运维知识库alidation or server-side validation?

Server side validation is a must since client side validation can be tampered. However, client side validation usually provides a better user experience, since it requires less post backs. So I would recommend using both.

You MUST do server side validation. Otherwise anyone can send anything they like (consider browser with JavaScript disabled, or a custom fake browser).

Client site validation can be used to provide a better user experience, but you should operate correctly if it is not available.

For security:

Server side validation.

A savvy client can remove the validation.

For best GUI experience:

Client side validation.

For the validation purpose in ASP.NET both are good, but it depends on the application. For the security purpose the server side validation is best, but it increases the overhead on the server, so we generally avoid to use the server side validation whenever it is not necessary.

The client-side validation is generally best for checking the input type parameter and its check on the client side means at your browser, so it does not puts a load on the server and less time taken and insecure.

In my point of view client-side validation is best.

I suggest server-side validation with AJAX only.

As others have pointed out, server-side validation is a must since client-side validation can be tampered with.

I've worked on projects where we've used client-side in addition to server-side validation believing this would be easier on the server and provide a better user experience. While it worked just fine, it came at the expense of violating the DRY (Don't Repeat Yourself) principle and risking inconsistent server/client side validation implementations (note: I gave up on the built in ASP.NET validators a long time ago).

Since then, I've found that in practice you can achieve very nearly just as good a user experience by performing all POSTS using Ajax: if validation on server succeeds, proceed with main purpose of the POST (saving data or something), and return a success JSON response and call a success callback to navigate to another page or something. If the validation fails, return a JSON response containing the failed fields and messages and call a failure callback to display them.

Assuming you take care to slim down your POSTs (a deliberate practice in ASP.NET I know), this strategy will be kind enough to your server in general.