来源 http://msdn.microsoft.com/library/default.asp?URL=/library/techart/PDC_userinput.htm

Introduction

Validating user input is a common scenario in a Web-based application. For production applications, developers often end up spending a lot more time and code on this task than we would like. In building the ASP+ page framework, it was important to try and make the task of validating input a lot easer than it has been in the past.

The Problem

In HTML 3.2, validating data is a difficult process. Each time you get a request, you need to write code to check the input and write any errors the user has made back to the page to help the user to correctly fill in the validation form. This is a taxing process for end users, developers, and servers alike.
DTHML and scripting languages improve things somewhat. It is possible to provide the user with immediate feedback on bad input and to prevent them from posting a page until it has been corrected. However, it can be almost impossible to guarantee that every user of your site has the required scripting environment. This usually means that if you want to use script to improve the interface of your pages, you have to write the same validation logic twice, once on the client, and again on the server, just in case the client code cannot be executed.

The Objective

Our objective with validation is as follows:

• Provide components that can perform 90 percent or more of the typical input validation tasks for data entry pages.
  
  
• Have these components perform rich script-based validation on modern browsers that can also effectively fall back to pure HTML 3.2 server-based validation, if required.
  
  
• Provide a flexible API so that any validation tasks not covered by the components are easy to complete.

We visited a large number of real pages to determine the sort of scenarios these components needed to be able to handle. We wanted to dramatically reduce the amount of validation code needed for future applications.

The Solution—Overview

The validator controls are the main elements of the solution. A validator is a visual ASP+ control that checks a specific validity condition of another control. It generally appears to the user as a piece of text that displays or hides depending on whether the control it is checking is in error. It can also be an image, or can even be invisible and still do useful work. There are five types of validator controls that perform different types of checks.
Another element in our solution is the ValidationSummary control. Large data entry pages generally have an area where all errors are listed. The ValidationSummary automatically generates this content by gathering it up from validator controls on the page.
The final element is the Page object itself. It exposes the all-important "IsValid" property, which you check in server code to determine if all of the user input is OK.

Client Features

Most Web sites do all of their validation checks on the server. You need to write the server-based checks anyway for clients without script, so it can be hard to justify writing it all over again for rich clients.
Validation controls change all that, because almost all the duplicated logic is encapsulated in the controls. If a client with Internet Explorer 4.0 or later uses your page, it can do the same input validation that takes place on the server without you having to write any special client script.
The client side validation has a number of features:

• Errors can appear and disappear immediately after the bad input is entered/corrected. This immediate feedback makes it much easier to correct bad input.
  
  
• Post-back is prevented if there are errors that are detectable on the client, saving the user time and reduces hits on the server.
  
  
• The ValidationSummary updates itself without posting back if it detects e