Input Validation in ASP.NET

Questions and Answers

Which of the following is a primary advantage of client-side validation in ASP.NET?

• Enhanced security for sensitive data.
• Elimination of the need for server-side validation.
• Reduced server load. (correct)
• Support for complex validation scenarios.

What is a key disadvantage of using client-side validation in ASP.NET applications?

• It increases server load.
• It requires more complex coding.
• It slows down user feedback.
• It can be bypassed by disabling Javascript. (correct)

Which ASP.NET validation control is best suited for ensuring that a user enters a value in a required field?

• CompareValidator
• RequiredFieldValidator (correct)
• RangeValidator
• RegularExpressionValidator

Which validation control would you use to verify that a user's age is within an acceptable range?

RangeValidator (B)

Which validation control would be most appropriate for ensuring a user enters a correctly formatted email address?

RegularExpressionValidator (C)

In ASP.NET validation controls, what property must be set to link the validator to a specific input control?

ControlToValidate (D)

Before using any validation server control, which of the following code needs to be added in the web.config file?

(D)

Which property of the RangeValidator control specifies the upper boundary of acceptable values?

MaxValue (D)

What is the primary purpose of the ASP.NET ValidationSummary control?

To provide a summary of all validation errors on a page. (B)

What type of file is commonly used to specify the list of banner graphics for an ASP.NET AdRotator control?

XML (C)

What is the purpose of the AlternateText element within the XML configuration of an AdRotator control?

Provides text to display if the image cannot be loaded. (A)

Which XML element in an AdRotator configuration file is used to direct the user to a specific webpage when the advertisement is clicked?

NavigateUrl (B)

Which property of the AdRotator control specifies the path to the XML file containing advertisement details?

AdvertisementFile (C)

In the Calendar control, what does the SelectionMode property determine?

Whether the user can select a day, week, or month. (B)

Which event of the Calendar control is raised when the user navigates to a different month?

VisibleMonthChanged (B)

What is the primary purpose of 'State Management' in ASP.NET?

To maintain and store the state of an application across user sessions. (D)

Which of the following is an example of client-side state management in ASP.NET?

View State (B)

Which client-side state management technique stores data as key-value pairs in the URL?

Query String (C)

What is a primary characteristic of 'Non-Persistence Cookies'?

They are discarded when the browser is closed. (B)

In ASP.NET, which server-side state management technique stores data specific to a single user session?

Session State (D)

Which ASP.NET feature is used to store data that is accessible to all users of an application?

Application State (A)

What is the default timeout period for a session in ASP.NET?

20 minutes (B)

If a developer wants to manually configure session timeout, what file should they modify?

Web.config (B)

Which of the following is true about hidden fields?

HiddenFields values can be easily viewed by viewing the page source. (D)

Which of the following is the correct way to set session timeout to 30 minutes in web.config file?

<sessionState timeout="30"> </sessionState> (D)

Flashcards

Validation

Ensuring user input is correct and accurate before processing in ASP.NET.

Client-Side Validation

Validation performed on the user's browser before form submission.

Server-Side Validation

Validation performed on the server after the form is submitted.

RequiredFieldValidation

Ensures a field is not empty; used for required textboxes or dropdowns.

CompareValidator

Compares the value of one input control to another (e.g., password confirmation).

RangeValidator

Checks if a value falls within a specific range (e.g., age validation).

RegularExpressionValidator

Ensures user input matches a specific regular expression pattern (e.g., email format).

ValidationSummary

Displays a report of all validation errors on a web page.

AdRotator control

ASP.NET control that presents banner ads from an XML file.

Advertisement File

An XML file containing information for advertisements in the AdRotator control.

XML

A W3C standard for text document markup, storing data in a structured format.

Calendar Control

ASP.NET control for displaying a calendar and allowing date selection.

State Management

Captures and retains application or page state during user interaction.

Client Side State Management

State management where data is stored on the client side (browser).

Server Side State Management

State management where data is stored on the server.

View State

Data stored on the client and specific to a page, lost when navigating away.

Cookies

Small text file used to identify users uniquely, stored on the client's computer.

Persistence Cookies

Cookies that have a specific expiry date and time; maintains data across browser sessions.

Non-Persistence Cookie

Cookies not stored permanently; maintains information only while the browser is open.

Query String

Data passed in the URL in key-value pairs, visible to all users.

HiddenField

Non-visual control for storing values on the client-side between round trips.

Session State

A state management technique that can store values on the server.

Session ID

Unique ID generated by the server to keep track of a user's session.

Application State

A server-side state management technique for storing data shared by all users.

Study Notes

Input Validation in ASP.NET

• Input validation ensures user input is correct and accurate before it's processed in ASP.NET.
• Performed on both the client and server sides to ensure data integrity and security.

Client-Side Validation

• Occurs in the user's browser before a form is submitted to the server.
• Advantages include reduced server load, faster user feedback, and improved user experience.
• Disadvantages: can be bypassed by disabling JavaScript, and is not secure for sensitive data.

Server-Side Validation

• Occurs on the server after the form is submitted.
• Advantages include better security, inability to bypass, and suitability for complex validation.
• Disadvantages: slower due to server round trips, and increases server load.

Validation Controls in ASP.NET

• ASP.NET offers a variety of validation controls for validating user input in web forms.
• Common validation controls include RequiredFieldValidator, CompareValidator, RangeValidator, RegularExpressionValidator, and ValidationSummary.

RequiredFieldValidator

• Ensures a field isn't left empty.
• Usable for text boxes, dropdown lists, checkboxes and other input options.

CompareValidator

• Compares the value of one input control to another for password validation or other scenarios.

RangeValidator

• Checks if a value falls within a specific range.
• Applicable for validating age, income, or date of birth inputs.

RegularExpressionValidator

• Validates user input against a specified regular expression pattern.
• Enforces formats for email addresses, phone numbers and postal codes

ValidationSummary

• Displays a report of all validation errors on a web page.

Important points for validation controls

• ControlToValidate property is a must for all validate controls
• Only one input control is validated by one validation control, however, an input control may have several validation controls attached
• To enable any validation control, specific code needs to be added to the web.config file.

ASP.NET RequiredFieldValidation Control

• Verifies data has been entered into for the input control
• A RequiredFieldValidator control can be used for each form element users want to enforce as mandatory.
• Properties include ControlToValidate and ErrorMessage.

ASP.NET CompareValidator Control

• Compares data entered between an input control with either a specific value or a another control value.
• Useful when the data entered by user is always case-sensitive.
• It has properties such as ControlToValidate, ControlToCompare, and ErrorMessage.

ASP.NET RangeValidator Control

• Verifies if a control value is within a valid range
• Important attributes include MaximumValue, MinimumValue, and values Type

RegularExpressionValidator

• Validates user input matches a specific regular expression
• Useful for enforcing valid email addresses, phone numbers, and postal codes.
• Has key properties such as ControlToValidate, ValidationExpression, and ErrorMessage

AdRotator Control

• Randomly selects banner graphics from a list specified in an external XML schedule file known as the advertisement file.
• It can specify both the advertisement file and the type of window the link should follow using the AdvertisementFile and Target properties, respectively.
• Code: <asp:AdRotator runat = "server" AdvertisementFile = "adfile.xml" Target = "_blank" />

Advertisement File

• It is an XML file with data that displays the advertisements.
• Extensible Markup Language (XML) is a W3C standard for text document markup and enables storing data in a structured format using meaningful tags.
• XML is not a language, but a set of rules for creating markup languages, which facilitates developers to create custom tag sets

Common XML Elements

• Advertisements: Encloses the advertisement file.
• Ad: Delineates each separate advertisement.
• ImageUrl: Path to the image that will show.
• NavigateUrl: The link when a user clicks the ad.
• AlternateText: The text displayed if the image can't be shown.
• Keyword: Keyword identifies a group of ads to be used in filtering.
• Impressions: The number indicating how often an ad will appear.
• Height: Height of the image to be displayed.
• Width: Width of the image to be displayed.

Calendar Control

• A functionally rich web control with a range of capabilities:
• Displays one month at a time.
• Allows users to select a day, week, or month.
• Supports selecting a range of days.
• Enables moving between months.
• The display of days can be programmatically controlled

Calendar Control Syntax

• The basic syntax looks as follows: <asp:Calender ID = "Calendar1" runat = "server"> </asp:Calender>

Properties

• Caption: Sets the caption for the calendar control
• CaptionAlign: Sets the alignment for the caption
• CellPadding: Sets spaces between data and cell border.
• CellSpacing: Sets space between cells.
• DayHeaderStyle: Style properties for the day-of-the-week section.
• DayNameFormat: Sets the format of days of the week.
• DayStyle: Sets the style properties for days in the displayed month.
• FirstDayOfWeek: Sets the day of the week to display in the first column.
• NextMonthText: Sets text for the next month navigation control, defaulting to >.
• NextPrevFormat: Sets the format of the next and previous month navigation control.
• OtherMonthDayStyle: Sets the style properties for days not displayed in the current month
• PrevMonthText: Sets default text for the previous month navigation control, default is <
• SelectedDate: Gets or sets the selected date
• SelectedDates: Gets a collection of DateTime objects showing the selected dates
• SelectedDayStyle: Gets the style attributes to apply for the selected dates
• SelectionMode: Defines what the user can select, such as a single day, week, or an entire month
• SelectMonthText: Gets or sets the text within the month selection element in the selector column
• SelectorStyle: Gets the style attributes for the week and month selector column
• SelectWeekText: Gets or sets the displayed text for the week selection element, the selector column
• ShowDayHeader: Decides if the day headings get displayed
• ShowGridLines: Sets whether to show gridlines
• ShowNextPrevMonth: Gets whether to show next and previous month
• ShowTitle: Gets whether the title section will display
• TitleFormat: Format for the title section.
• TitleStyle: Defines the style properties for the calendar control's title heading.
• TodayDayStyle: Sets style properties for today's date in particular.
• TodaysDate: Gets or sets a value for the current days date
• VisibleDate: Gets or sets the date value which specifies what month to display first
• WeekendDayStyle: Sets the style properties for weekend dates

Calendar Events

• SelectionChanged: Occurs when a day, week, or month is selected
• DayRender: Occurs when each data cell of the calendar control is rendered
• VisibleMonthChanged: Occurs when a user changes a month

Setting Selection Mode

• Calendar controls can allow users to select a single day, week, or month.
• Achieved via the SelectionMode property.
• Possible values are Day, DayWeek, DayWeekMonth, or None

State Management

• The technique uses that maintains and stores the state of the page/application until the user’s session ends.
• When an error occurs in the form the user does not have to keep re-entering the info

ASP.Net State Management Techniques

• There are 2 ways to control the state of an application in ASP.NET:
• Client Side State Management
• Server Side State Management

Client Side State Management

• Data added by the user, or info about their interaction with the server, stores on the client's machine/page.
• Server resources aren't used during the process.
• Methods include:
  • View State
  • Cookies
  • Hidden Fields
  • Query String

View State

• Used to maintain state at the page level which means that the info stays for a specific single page
• Data in View State gets lost once the user navigates somewhere else from the page
• It is the default method to store information about controls on a page.
• Useful when a user redirects back to the first page and the info added persists until he leaves the page

Cookies

• Small text files stored on the client's computer to uniquely id users
• When you say cookie this small file is generated and stored on the client side to keep personal info on the user
• When a user requests a page, the server creates one cookie and sends to the user

Types of Cookies

• Persistence Cookies - Cookies w/an expiry date/time, stores on the user's machine
• Non-Persistence Cookies - Not stored on the user's machine; only stay as long as the user remains on the same browser - wiped when the browser closes

Query String

• Data is passed in the URL as key-value pairs.
• Mainly to fetch data from one page to another, passing values while redirecting
• Anyone can see value of the query string since they are in URL
• Request.QueryString() is used to retrieve a query string value.

HiddenField

• A non-visual ASP.NET control used to store values on the client side.
• Type of client-side state management, stores values between postbacks
• Data is not encrypted or shielded.
• Used in ASP.NET for ViewState management

Server Side State Management

• A method of state management that stores user-specific information or current application state on the web server.
• It makes full use of the servers memory capacity
• Types include:
  • Session State
  • Application State

Session State

• Session can store values on the Server which makes it a state management technique
• Effective preservation of data across separate different sessions of the user.
• Session stores and identifies a user by assigning each of them a unique Session ID.
• The ASP.NET web server generates Session ID that tracks each individual person
• Session is one of the better ways to control client state since data stores for all users separately and very securely

Setting Session Timeout

• ASP.NET web apps defaults for setting the session to 20 minutes and wipes data and destroys after time
• Otherwise, you can manually set the session timeout by editing the web.config file with the following code to your value: <sessionState timeout="1"> </sessionState>
• Here 1 means 1 minute

Application State

• An ASP.NET server-side application manages the technique.
• The data is stored in Application State which means it is common to all and can be accessed any time or place from the app
• Differs from session state as that one is specific to a user session, while the Application State is made common for every user.