what do you mean exactly?
how to implement it for a page with multiple controls and multiple
arguments?
Teemu Keiski wrote:
Usually it is implemented in the control itself, as part of controls own
rendering process, as control knows what event arguments it expects. Doing
on the page is pretty much when control's implementation is missing
something.
--
Teemu Keiski
ASP.NET MVP, AspInsider
Finland, EU
http://blogs.aspadvice.com/joteke
Thank you very much for you reply
is it the only function needed to secure page spoofing ? no other
functions needed?
however about that example.. how to use it when you have rendering
controls dynamically.. for example in the same page I may have
different controls
Teemu Keiski wrote:
Hi,
basically it is to tell which client-side event arguments your control is
expecting and which should be allowed. E.g it is basically validating if
event is valid. From docs:
"
Balance the security benefit of event validation with its performance
cost
Controls that derive from the System.Web.UI.WebControls and
System.Web.UI.HtmlControls classes can validate that an event originated
from the user interface that was rendered by the control. This helps
prevent
the control from responding to spoofed event notification. For example,
the
DetailsView control can prevent processing of a Delete call (which is not
inherently supported in the control) and being manipulated into deleting
data. This validation has some performance cost. You can control this
behavior using the EnableEventValidation configuration element and the
RegisterForEventValidation method. The cost of validation depends on the
number of controls on the page, and is in the range of a few percent.
Security Note
It is strongly recommended that you do not disable event
validation.
Before disabling event validation, you should be sure that no postback
could
be constructed that would have an unintended effect on your application.
"
And here is one sample:
http://msdn2.microsoft.com/en-us/library/ms223395.aspx
--
Teemu Keiski
ASP.NET MVP, AspInsider
Finland, EU
http://blogs.aspadvice.com/joteke
Hi all,
I have a question, what does the function
ClientScriptManager.RegisterForEventValidation really does? Does it
means securing your client side code? more security?
The question is how to implement this function, a step by step example
would be appreciated much
I don't want to disable the EnableEventValidation property at Page
level, security is an issue
Thanks!
begin 666 security.gif
M1TE&.#EA!P`*`,0?`(2$A'MM4F-C8_>^2O?'4N>N.?_#0MZV6M75U81U6C\_
M/X&!@6-9*>>V2MZZ<YR*<WME0G!P<-:J2JV22H1M4I2"4G-A0M'1T8QY8Z66
MA*V66O_38__GI69F9O_______R'Y! $``!\`+ `````'``H```4TX'<M781\
M'W!Y5X<*7JQ\CF9K5:5Q/(_MF^ &D^%L& <"I;B9; :0HD'2*%@R#TR"$K"$
#```[
`
end