Do ASP.NET validation controls run on the client or the server?

Whenever possible, ASP.NET validation controls emit client-side script so that the browser can validate input without a postback. They also perform server-side validation to protect against disabled script or tampered requests.

When should I use the CustomValidator control?

Use CustomValidator when your validation logic does not fit into the built-in validators. You can write your own client-side script and server-side event handler that return true or false depending on whether the value is valid.

How can I show all validation errors in one place?

Use the ValidationSummary control to collect the error messages from all validation controls on the page and display them in a single list, either inline on the page or in a message box.

ASP.NET Validation Controls for Reliable Input

Q: What are ASP.NET validation controls?

ASP.NET validation controls are built-in Web Forms controls that validate user input for common scenarios like required fields, ranges, comparisons, regular expression checks, and custom rules on both client and server.

Last Updated: Nov 14, 2025

5 min read

Legacy Archive

Introduction to input validation

Whenever you collect data from users—login names, passwords, email addresses, numeric ranges—there is a risk that required fields are left blank or values are entered in the wrong format. The original article emphasizes that plain HTML forms typically rely on handwritten JavaScript or server-side checks to validate input, which can be repetitive and hard to maintain. :contentReference[oaicite:0]{index=0}

ASP.NET Web Forms introduces validation controls that encapsulate common validation patterns into reusable components. You drag a validator next to the input control, set a few properties, and ASP.NET handles both client-side and server-side validation logic for you.

Why use ASP.NET validation controls?

In traditional HTML, you might validate form fields by writing JavaScript to check for empty values or compare ranges, and then repeat similar logic again on the server. If the browser has script disabled, client-side checks silently stop working. The original article notes that creating and maintaining these checks manually "takes lots of time" and can fail if JavaScript is turned off. :contentReference[oaicite:1]{index=1}

ASP.NET validation controls:

Provide a declarative way to define validation rules beside each input control.
Automatically perform client-side checks where supported, reducing round trips and server load.
Always perform server-side validation as a safety net.
Expose a consistent set of properties and events, since all validators inherit from a common base class.

Built-in ASP.NET validation control types

The original content describes five core validator types in ASP.NET Web Forms: :contentReference[oaicite:2]{index=2}

RequiredFieldValidator – ensures that the associated input is not left blank or left with a default value.
RangeValidator – checks that the entered value is within a specified minimum and maximum range.
CompareValidator – compares two values (for example, two password text boxes) or checks that the value matches a specific data type.
RegularExpressionValidator – verifies that input matches a pattern, such as an email address, postal code, or phone number.
CustomValidator – lets you define your own validation logic using client-side script and/or server-side code that returns true or false.

All of these validators share common properties such as ControlToValidate, ErrorMessage, and visual formatting options (for example, BackColor, BorderStyle, or CSS classes) for customizing how error messages appear.

Example: validating a registration form

The example below shows how you might use several validation controls together on a registration form:

Basic ASP.NET Web Forms validation example

<asp:TextBox ID="txtUserName" runat="server" />
<asp:RequiredFieldValidator
    ID="rfvUserName"
    runat="server"
    ControlToValidate="txtUserName"
    ErrorMessage="User name is required."
    Display="Dynamic" />

<asp:TextBox ID="txtAge" runat="server" />
<asp:RangeValidator
    ID="rvAge"
    runat="server"
    ControlToValidate="txtAge"
    MinimumValue="18"
    MaximumValue="99"
    Type="Integer"
    ErrorMessage="Age must be between 18 and 99."
    Display="Dynamic" />

<asp:TextBox ID="txtEmail" runat="server" />
<asp:RegularExpressionValidator
    ID="revEmail"
    runat="server"
    ControlToValidate="txtEmail"
    ValidationExpression="\w+([-+.']\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*"
    ErrorMessage="Please enter a valid e-mail address."
    Display="Dynamic" />

<asp:ValidationSummary
    ID="vsSummary"
    runat="server"
    HeaderText="Please correct the following errors:"
    ShowSummary="true" />

When the user clicks the submit button, the validators run. If any control fails its rule, the associated error message is displayed and the Page.IsValid property is set to false.

Formatting error messages and using CSS

The original article explains that you can customize the formatting of error messages using properties such as BackColor, BorderStyle, and BorderWidth, or by applying CSS styles. :contentReference[oaicite:3]{index=3} You can also centralize error display using the ValidationSummary control.

In modern styling, it is common to:

Apply a CSS class to validators and style them consistently.
Display inline messages next to inputs and a summary at the top of the form.
Use icons or color-coding to indicate which fields need attention.

Modern considerations

ASP.NET validation controls are tightly integrated with Web Forms. In newer application stacks such as ASP.NET Core MVC or Razor Pages, validation is typically handled via data annotations, model binding, and client-side libraries like jQuery Validation instead of these Web Forms-specific controls.

If you are maintaining a legacy Web Forms application, the patterns described here remain fully relevant. If you are building a new system, consider whether you can adopt a more modern validation pipeline before committing to additional Web Forms code.

Quick FAQ

What are ASP.NET validation controls?

ASP.NET validation controls are reusable Web Forms components that enforce common validation rules on inputs, such as required fields, numeric ranges, type checks, pattern matching, and custom conditions. They provide both client-side and server-side validation support with minimal code.

Do validation controls work when JavaScript is disabled?

Yes. When script is disabled or unavailable, ASP.NET still executes the validators on the server side during postback. Client-side checks are used to improve user experience and reduce server load, but server-side validation is always the final authority before processing data.

When should I use CustomValidator instead of a built-in validator?

Use CustomValidator when your rule does not map cleanly to required, range, comparison, or regular expression checks. Examples include cross-field business rules, lookups against a database, or complex conditional logic that must run both on the client and the server.

How can I show all validation errors at the top of the page?

Add a ValidationSummary control to the page and set ShowSummary="true". The ValidationSummary collects error messages from each validator and displays them as a list, making it easy for users to see everything they need to fix in one place.

Back to Articles