Server-Side Validation
Web applications work under the client-server model. We have been focusing on the server portion, using ASP.NET Core MVC and C# to create server-side application code. A critical component of any well-made web application is validation, which is the process of checking that data conforms to certain criteria. Validation ensures that the application only stores meaningful data.
Consider a user registration form on a web site. Effective validation rules might require that:
- The username is between 3 and 12 characters long, and
- The password is between 6 and 20 characters long.
Web applications should validate all data submitted by users. This ensures that data remains well-structured and unexpected errors don’t occur. Validation that occurs in the browser—using JavaScript or HTML attributes—is client-side validation. Validation that occurs on the web server is server-side validation.
Even if client-side validation is done, it is still critical to validate data on the server. This is because client-side validation can often be bypassed by a savvy user. For example, such a user might modify HTML using a browser’s developer tools, or disable JavaScript.
Server-side validation involves both the model and controller.
- The model is responsible for defining validation rules.
- The controller is responsible for checking validation rules when data is submitted to the server.
Check Your Understanding
The best practice for validating data in a web app is to:
- Use client-side validation
- Use server-side validation
- Use both client-side and server-side validation
- Don’t validate incoming data