ASP.NET MVC - is it better to use custom JQuery validation as opposed to using Model annotations?

Question

I've just started using the MVC pattern with ASP.NET with Razor, everything is great! The model annotations for validation looked great at first but now it's becoming quite annoying as there doesn't seem to be a straight forward way of validating a checkbox and it seems like a pain to integrate your own JQuery validation into a form along with the model validation. It seems by adding the annotations in the model asp.net is doing the work for you, which is great but when it comes down to customising a site I don't want anything pre-done. So, it is better to go with your own validation using JQuery or stick to using the annotations in the Model?

Thanks

Answer 1

Client-side-only validation is a big mistake from a security perspective. Definitly validate on the server side; and if it's a pain to do both, drop client-side validation.

Model validation has come along quite a way with MVC3, and is probably more flexible than you are giving it credit for.

For example, you can implement the IValidatableObject on your model, which requires this method to be defined:

public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)

Into which you can place all kinds of validation rules to your heart's content, including rules based on combinations of more than one input value (e.g. password and password_repeat must be equal)

Answer 2

What's most important is that you have server side validation. You don't have to use data annotations: you can try using another approach to validation, such as implementing IValidatableObject, or integrating another validation framework.

From my experience, data annotations (together with the unobtrusive validation library) provide an easy and extensible way to link server-side rules to a client-side implementation, instead of defining the same rules in different places.

If you want explicit control over client side validation (but still like how data annotations operate on the server), then you can disable the javascript adapter (this adds client-side validation rules based on data- attributes rendered on your input fields), and implement client-side rules manually.

But it's hard to understand why you'd want to do that, when all the adapter is doing is linking a server-side rule (could be custom, might not) to its client-side equivalent.

Answer 3

I prefer model annotations as well. Any jQuery validations you may have you would also want to put as a model annotation to make sure someone hasn't gotten around any of your jQuery validation by disabling javascript or hacking...

The easiest way I have found to add checkbox validation as well as any other customized validation would be to use the CustomValidationAttribute as described here:

http://weblogs.asp.net/peterblum/archive/2009/12/07/the-customvalidationattribute.aspx

Example:

[CustomValidation(typeof(Category), "FinalCheck")]
public partial class Category
{
   [CustomValidation(typeof(Category), "TestCategoryName")]
   public string CategoryName { get; set; }

   public bool Active { get; set; }

   public bool ShowOnHomepage { get; set; }

   public static ValidationResult FinalCheck(Category pCategory, ValidationContext pValidationContext)
   {
      if (!pCategory.Active && pCategory.ShowOnHomepage)
         return new ValidationResult("The category must be active in order to show it on the homepage.", new List<string> { "Active", "ShowOnHomepage" });
      return ValidationResult.Success;
   }

   public static ValidationResult TestCategoryName(string pNewName, ValidationContext pValidationContext)
   {
      if (Regex.IsMatch(pNewName, @"^\d"))
         return new ValidationResult("Cannot start with a digit", new List<string> { "CategoryName" });
      return ValidationResult.Success;
   }
}