MSDN Documentation

Microsoft Developer Network

ASP.NET Validation Concepts

This document provides a comprehensive overview of how to implement data validation in ASP.NET applications, ensuring data integrity and a better user experience.

Introduction to Validation in ASP.NET

Effective validation is crucial for building robust web applications. ASP.NET provides a rich set of built-in validation controls that simplify the process of checking user input before it is submitted to the server or processed further. This not only helps maintain data accuracy but also guides users to correct mistakes, improving usability.

The Validation Control Set

ASP.NET offers several server-side validation controls, each designed for a specific validation task:

  • RequiredFieldValidator: Ensures that a required data field is not left empty.
  • RangeValidator: Checks if a data field's value falls within a specified range (e.g., for numbers, dates, or characters).
  • RegularExpressionValidator: Validates input against a predefined pattern using regular expressions. Useful for formats like email addresses or phone numbers.
  • CompareValidator: Compares the value of a control with another control's value or a fixed value. Often used for password confirmation.
  • CustomValidator: Allows for custom validation logic implemented either on the client-side or server-side.
  • ValidationSummary: Aggregates error messages from all validation controls and displays them in a single location, typically at the top of the form.

How Validation Controls Work

Each validation control has several key properties:

  • ControlToValidate: The ID of the input control whose value needs to be validated.
  • ErrorMessage: The message displayed when validation fails.
  • Text: The message displayed for this specific validator (if not using ValidationSummary).
  • Display: Specifies how the error message should be displayed (e.g., Dynamic, Static, None).
  • SetFocusOnError: Determines if the focus should be set to the control that failed validation when an error occurs.

Implementing Validation

To implement validation:

  1. Add the ASP.NET input controls (e.g., TextBox, DropDownList) to your web form.
  2. Add the appropriate validation controls from the Toolbox (usually found under the "Validation" tab).
  3. Set the ControlToValidate property of each validation control to the ID of the input control it should validate.
  4. Configure the other properties like ErrorMessage and any specific validation criteria (e.g., MaximumValue, MinimumValue for RangeValidator, ValidationExpression for RegularExpressionValidator).
  5. Optionally, add a ValidationSummary control to display all validation errors together.
  6. Ensure that the CausesValidation property of your submit button (e.g., Button, LinkButton, ImageButton) is set to True. This property, by default, triggers validation when the button is clicked.

Example: Required Field and Range Validation

Consider a simple form for user registration:


<asp:TextBox ID="txtUserName" runat="server" />
<asp:RequiredFieldValidator ID="rfvUserName" runat="server"
    ControlToValidate="txtUserName"
    ErrorMessage="User name is required."
    ForeColor="Red"></asp:RequiredFieldValidator>

<asp:TextBox ID="txtAge" runat="server" />
<asp:RangeValidator ID="rngvAge" runat="server"
    ControlToValidate="txtAge"
    ErrorMessage="Age must be between 18 and 99."
    Type="Integer"
    MinimumValue="18"
    MaximumValue="99"
    ForeColor="Red"></asp:RangeValidator>

<asp:Button ID="btnSubmit" runat="server" Text="Register" OnClick="btnSubmit_Click" />
Client-Side vs. Server-Side Validation: ASP.NET validation controls perform both client-side (in the browser) and server-side validation by default. Client-side validation provides immediate feedback to the user, while server-side validation is essential for security and data integrity, as client-side scripts can be bypassed.

Custom Validation

For complex validation rules not covered by the built-in controls, use the CustomValidator. You can define server-side logic in a code-behind method or client-side JavaScript.

Server-Side Custom Validation

In your code-behind:


protected void cvCustomValidation_ServerValidate(object source, ServerValidateEventArgs args)
{
    // Your custom validation logic here
    if (txtSomeInput.Text.Length > 10)
    {
        args.IsValid = false; // Validation failed
    }
    else
    {
        args.IsValid = true; // Validation succeeded
    }
}

And in your ASP.NET markup:


<asp:CustomValidator ID="cvCustomValidation" runat="server"
    ControlToValidate="txtSomeInput"
    ErrorMessage="Input must be 10 characters or less."
    OnServerValidate="cvCustomValidation_ServerValidate"></asp:CustomValidator>

Client-Side Validation

You can write custom JavaScript functions for client-side validation. The CustomValidator's ClientValidationFunction property points to your JavaScript function.

JavaScript Example


<script type="text/javascript">
function ValidateMyInput(sender, args) {
    var inputValue = args.Value;
    if (inputValue.length > 10) {
        args.IsValid = false; // Validation failed
    } else {
        args.IsValid = true; // Validation succeeded
    }
}
</script>

And in your ASP.NET markup:


<asp:TextBox ID="txtSomeInput" runat="server" />
<asp:CustomValidator ID="cvCustomValidation" runat="server"
    ClientValidationFunction="ValidateMyInput"
    ErrorMessage="Input must be 10 characters or less."
    ValidateEmptyText="true"></asp:CustomValidator>

Best Practices

  • Always perform server-side validation, as client-side validation can be disabled or bypassed.
  • Provide clear and user-friendly error messages.
  • Use ValidationSummary to consolidate errors for a cleaner interface.
  • Consider accessibility by ensuring error messages are clearly associated with the fields and can be read by screen readers.
  • Keep validation logic concise and reusable where possible.