Client and Server side validations with the ASP.NET Validation controls

If you have ever wondered why it is always recommended to perform both Client side and Server side validation in your web application, the answer is it is very easy to bypass client side validation(easily emulated by downgrading the client target to downlevel in asp.net Page directive)  and submit invalid data in your forms. Needless to say, this could cause all kinds of errors to being vulnerable to cross-site scripting, sql injection etc.

The asp.net Validator controls support both client side and server-side validations by default and out of the box. However, what is not commonly known is that you have to write code to enforce the server side validation! So if you are using these validation controls without checking the Page.IsValid property, and the user disables client side scripting on her browser, then your page is still vulnerable and prone to errors. All it does by default on the server-side when we have these validators, is run the Page.Validate() routine to set the flag for the Page.IsValid property.

Most of the time we do not notice this behavior because we have JavaScript turned on and the client side validations fire and we think we are all set. So remember to check for IsValid from the button event handler which submitted the form, before using the data submitted in the form. Also, the Validate() function is run after the Page_Load event fires, so the .IsValid property is not available in the Page_Load event. Trying to even read that property to check if the data submitted are valid on the Page_Load would throw an exception. If you need to do so, call the Validate function before checking IsValid in Page_Load like so:

protected void Page_Load(object sender, EventArgs e)
{
        if (IsPostBack)
        {
            this.Validate();
            if (this.IsValid)
            {
                  //use your data
            }
       }
}

And one last caveat, in case you are not aware, the checkbox asp.net control do not support the ASP.NET validators, so you can't use them with this control.

Using Custom Attributes and Reflecting on it

I found myself using a Custom attribute in C# to implement a task assigned to me while supporting an online ordering business application. The line of business had so far received only CSV files from its customers to generate Purchase Order documents after parsing them and running them through some business rules. Once the Purchase Orders are set up with the rules specific to the Customer(and generic rules too), the Customer could order as many Purchase Orders as they liked through the Online Ordering ASP.NET web application.

One of the customers informed that they can only send XML files to create the Purchase Orders and not in the CSV format. So we set out to use the XML file from the customer and convert it to CSV, so the business can feed the POs to the normal Order processing pipeline.

The task was broken down into 3 steps.
1) Using the XML document, create an XSD file to be used for validation and generating C# Class objects.
2) Use the .NET xsd.exe tool to generate the C# classes and deserialize the XML data into .NET objects.
3) Once the XML data is deserialized to the C# objects, serialize them to CSV files

Certain rules would govern how the XML data is converted to CSV.
1) There would be key fields comprising some XML elements in a particular sequence, specifically, the PO, SKU and Sizes.
2) Each unique value for the keys should create a line item ( row) in the csv file
3) All the fields in the csv file created should naturally follow a correct sequencing

To get the field positions for each property in the generated C# class, I decided to use custom attributes to add some meta-data to the properties, that I can query against later to serialize the data to the csv file using the desired field positions.

Now there are essentially 3 steps to creating custom attributes.
1. Declare an attribute - derives from System.Attribute and marked with AttributeUsage attribute.
2. Associate the attribute with a progarm element ( another class, property or method).
3. Access the attribute through Reflection to query its existence and value for any meaningful use of the attribute.

By itself decorating a class or method etc by an attribute does nothing other than adding some metadata.
In other words, you have write code using Reflection to query the attributes at runtime and use them for whatever purpose it was designed for.

You can use the GetCustomeAttributes method of the System.Reflection.MemberInfo class to query the attributes that are decorated to a class as a whole. If the attribute is decorated to a property or properties, you can use the GetCustomAttributes of the System.Reflection.PropertyInfo class. Likewise the MethodInfo class to get the custom attributes on the method level.

Error referencing Class Library in your Console app

Recently I referenced a C# class library DLL (with namespace starting as Com) from another project (Console App) and added Using in the program to get the namespace.

But the build failed as "The type or namespace name 'Com' could not be found (are you missing a using directive or an assembly reference?)"

I found out that the Project referencing the assembly may have different framework type from the assembly using it.

As it turned out, the Console app is set to ".Net Framework 4 Client Profile" by default. Changing it to ".Net Framework 4" resolved the issue.