ASP.NET
There are 57 entries for the tag
ASP.NET
A little while ago I announced our plans for ASP.NET MVC as it relates to Visual Studio 2010. ASP.NET MVC wasn’t included as part of Beta 1, which raised a few concerns by some (if not conspiracy theories!) ;). The reason for this was simple as I pointed out: One thing you’ll notice is that ASP.NET MVC is not included in Beta 1. The reason for this is that Beta 1 started locking down before MVC 1.0 shipped. ASP.NET MVC will be included as part of the package in VS10 Beta 2. …...
One of the features contained in the MVC Futures project is the ability to generate action links in a strongly typed fashion using expressions. For example: <%= Html.ActionLink<HomeController>(c => c.Index()) %>
Will generate a link to to the Index action of the HomeController.
It’s a pretty slick approach, but it is not without its drawbacks. First, the syntax is not one you’d want to take as your prom date. I guess you can get used to it, but a lot of people who see it for the first time kind of...
ASP.NET Pages are designed to stream their output directly to a response stream. This can be a huge performance benefit for large pages as it doesn’t require buffering and allocating very large strings before rendering. Allocating large strings can put them on the Large Object Heap which means they’ll be sticking around for a while. However, there are many cases in which you really want to render a page to a string so you can perform some post processing. I wrote about one means using a Response filter eons ago. However, recently, I learned about a method...
I apologize for not blogging this over the weekend as I had planned, but the weather this weekend was just fantastic so I spent a lot of time outside with my son. If you haven’t heard yet, Visual Studio 2010 Beta 1 is now available for MSDN subscribers to download. It will be more generally available on Wednesday, according to Soma. You can find a great whitepaper which describes what is new for web developers in ASP 4 which is included. One thing you’ll notice is that ASP.NET MVC is not included in Beta 1. The...
A while back, I wrote about Donut Caching in ASP.NET MVC for the scenario where you want to cache an entire view except for a small bit of it. The more technical term for this technique is probably “cache substitution” as it makes use of the Response.WriteSubstitution method, but I think “Donut Caching” really describes it well — you want to cache everything but the hole in the middle. However, what happens when you want to do the inverse. Suppose you want to cache the donut hole, instead of the donut? I think we should nickname all of...
As I’m sure you know, we developers are very particular people and we like to have things exactly our way. How else can you explain long winded impassioned debates over curly brace placement? So it comes as no surprise that developers really care about what goes in (and behind) their .aspx files, whether they be pages in Web Forms or views in ASP.NET MVC. For example, some developers are adamant that a page should not include server side script blocks, while others don’t want their views to contain Web Form controls. Wouldn’t it be great if you...
There are a couple of peculiarities worth understanding when dealing with title tags and master pages within Web Forms and ASP.NET MVC. These assume you are using the HtmlHead control, aka <head runat="server" />. The first peculiarity involves a common approach where one puts a ContentPlaceHolder inside of a title tag like we do with the default template in ASP.NET MVC: <%@ Master ... %>
<html>
<head runat="server">
<title>
<asp:ContentPlaceHolder ID="titleContent" runat="server" />
</title>
</head>
...
What’s nice about this approach is you can set the title tag...
In my last blog post, I walked step by step through a Cross-site request forgery (CSRF) attack against an ASP.NET MVC web application. This attack is the result of how browsers handle cookies and cross domain form posts and is not specific to any one web platform. Many web platforms thus include their own mitigations to the problem. It might seem that if you’re using Web Forms, you’re automatically safe from this attack. While Web Forms has many mitigations turned on by default, it turns out that it does not automatically protect your site against this specific form of...
A Cross-site request forgery attack, also known as CSRF or XSRF (pronounced sea-surf) is the less well known, but equally dangerous, cousin of the Cross Site Scripting (XSS) attack. Yeah, they come from a rough family. CSRF is a form of confused deputy attack. Imagine you’re a malcontent who wants to harm another person in a maximum security jail. You’re probably going to have a tough time reaching that person due to your lack of proper credentials. A potentially easier approach to accomplish your misdeed is to confuse a deputy to misuse his authority to commit the dastardly act...
Today I’m happy to write that ASP.NET MVC 1.0 RTW (Release To Web) is now officially released. This was one of several announcements ScottGu made at the Mix 09 conference today, which I unfortunately missed because I was on a plane to Vegas enroute to Mix 09. I was busy back at the mother ship making sure everything was in order for the release. Woohoo! It’s been nearly a year and a half since I joined Microsoft and started working on it and what a ride it’s been. Some highlights during that time: ...
Today I read something where someone was comparing Web Forms to ASP.NET MVC and suggested that Web Forms does a lot more than ASP.NET MVC to protect your site from malicious attacks. One example cited was that Server controls automatically handled HTML encoding so you don’t have to really think about it. The idea here is that Web Forms automatically protects you from XSS attacks. My friends, I’m afraid this is just not true. Take a look at the following page code. <%@ Page Language="C#" Inherits="System.Web.UI.Page" %>
<%
//For demo purposes,...
A while back on a lark, I posted a prototype demonstrating how one could use Routing within Web Forms. This is something you can do today with ASP.NET 3.5 SP1, because of the work we did to separate Routing from ASP.NET MVC. I would have liked to include Web Form Routing as part of the Routing feature when we were working on SP1, but we didn’t have the time to do so in a robust manner before SP1 was locked down. Since then, Scott Galloway, who just happens to be my office mate, has taken the reigns and is...
As I mentioned before, I’m really excited that we’re shipping jQuery with ASP.NET MVC and with Visual Studio moving forward. Just recently, we issued a patch that enables jQuery Intellisense to work in Visual Studio 2008. But if you’re new to jQuery, you might sit down at your desk ready to take on the web with your knew found JavaScript light saber, only to stare blankly at an empty screen asking yourself, “Is this it?” See, as exciting and cool as jQuery is, it’s really the vast array of plugins that really give jQuery its star power. Today...
This afternoon we released a refresh of our DLR/IronPython support for ASP.NET, now called “ASP.NET Dynamic Language Support”, on our CodePlex site. This was originally part of our July 2007 ASP.NET Futures package, along with several other features. As updates to these features were made available, we would have liked to remove them from the package, but we wanted to wait till everything within the package was updated. Well that time has come. This CodePlex release contains two exceedingly simple sample applications, one for WebForms and one for ASP.NET MVC. It’s compiled against the latest DLR assemblies, and...
Download the MSI and Release notes here. Last night we released ASP.NET CodePlex Preview 5 on CodePlex. Be on the lookout for one of those famous epic blog posts from ScottGu describing the release. In the meanwhile, the release notes contain short write-ups of what has changed. We didn’t originally plan to have another preview. However, we implemented a few significant chunks of functionality and were dying to get feedback so that we could incorporate it into the product before Beta. It helps that with five or so of these interim releases, we’ve become pretty efficient producing...
Yesterday, I wrote a quick and dirty ASP.NET HttpModule for displaying the time that a request takes to process. Note that by turning on trace output for a page, you can get timing information for that page. But as far as I understand, and I need to double check this, this only applies to the page lifecycle, which might not have all the information you want in the context of ASP.NET MVC. Not to mention, I just wanted to see a simple number at the end of the page and not have to wade through all that trace output....
A while back I wrote a routing debugger which is useful for testing your routes and seeing which routes would match a given URL. Rob suggested we have something like this for unit tests, so I whipped something simple up.
This is a class that allows you to test multiple different URLs quickly. You simply create the RouteEvaluator giving it a collection of routes and then GetMatches which returns a List<RouteData> containing a RouteData instance for every route that matches, not just the first one.
Here's a sample of usage.
[Test]
public void CanMatchUsingRouteEvaluator()
{
var routes = new RouteCollection();
GlobalApplication.RegisterRoutes(routes);
var...
Not long ago, my compadre Scott Hanselman related the following story... In a recent MVC design meeting someone said something like "we’ll need a Repeater control" and a powerful and very technical boss-type said: "We’ve got a repeater control, it’s called a foreach loop." I beg to differ. I think we can do better than a foreach loop. A foreach loop doesn’t help you handle alternating items, for example. My response to this story is, “The foreach loop is not our repeater control. Our repeater control is an iterating extension...
Made a few corrections on having default.aspx in the root due to a minor bug we just found. Isn’t preview code so much fun?
We’ve been making some changes to routing to make it more powerful and useful. But as Uncle Ben says, with more power comes more responsibility. I’ll list out the changes first and then discuss some of the implication of the changes.
Routes no longer treat the . character as a separator. Currently, routes treat the . and / characters as special. They are separator characters. The upcoming release of routing will only treat the...
Way down the road, it would be nice to be able to build ASP.NET MVC applications using a DLR language such as IronRuby. However, enabling DLR language support isn’t free.
There are going to be places in our design that are specific to statically typed languages (such as Attribute based filters) that just wouldn’t work (or would be too unnatural) with a dynamic language.
Ideally we can minimize those cases, and for the ones we can’t, we need to make sure the extensibility of the framework allows for extending the system in such a way that we can provide a DLR friendly...
In Scott Hanselman’s wonderful talk at Mix, he demonstrated a simple little route tester I quickly put together.
This utility displays the route data pulled from the request of the current request in the address bar. So you can type in various URLs in the address bar to see which route matches. At the bottom, it shows a list of all defined routes in your application. This allows you to see which of your routes would match the current URL.
The reason this is useful is sometimes you expect one route to match, but another higher up the stack matches instead....
UPDATE: I updated the sample to work with the final version of ASP.NET Routing included with ASP.NET 3.5 SP1. This sample is now being hosted on CodePlex.
Download the demo here
In my last post I described how Routing no longer has any dependency on MVC. The natural question I’ve been asked upon hearing that is “Can I use it with Web Forms?” to which I answer “You sure can, but very carefully.”
Being on the inside, I’ve had a working example of this for a while now based on early access to the bits. Even so, Chris Cavanagh impressively beats me to...
At this year’s Mix conference, we announced the availability of the second preview for ASP.NET MVC which you can download from here. Videos highlighting MVC are also available. Now that I am back from Mix and have time to breathe, I thought I’d share a few (non-exhaustive) highlights of this release as well as my thoughts on the future. New Assemblies and Routing Much of the effort and focus of this release was put into routing. If you’ve installed the release, you’ll notice that MVC has been factored into three assemblies: ...
This is part 2 in an ongoing series in which I talk about various design and versioning issues as they relate to Abstract Base Classes (ABC), Interfaces, and Framework design. In part 1 I discussed some ways in which ABCs are more resilient to versioning than interfaces. I haven’t covered the full story yet and will address some great points raised in the comments.
In this part, I want to point out some cases in which Abstract Base Classes fail in versioning. In my last post, I mentioned you could simply add new methods to an Abstract Base Class and not...
Eilon Lipton recently wrote a bit about context objects in ASP.NET MVC and in an “Oh by the way” moment, tossed out the fact that we changed the IHttpContext interface to the HttpContextBase abstract base class (ABC for short). Not long after, this spurred debate among the Twitterati. Why did you choose an Abstract Base Class in this case? The full detailed answer would probably break my keyboard in length, so I thought I would try to address it in a series of posts. In the end, I hope to convince the critiques that the real point of...
By the way my blogging frequency has declined, you can guess I’ve been quite busy here at Microsoft preparing for the next release of ASP.NET MVC. It’s not just working on specs, design meetings, etc... that keep me busy. It’s preparing for several talks, various spec reviews, building hands on labs, demo and and app building, etc...that keeps me busy. All the while I am still learning the ropes and dealing with selling a house in L.A. and buying a house up here. There’s a lot that goes into being a PM I naively didn’t expect, on top...
UPDATE: I improved this based on some feedback in my comments.
With ASP.NET MVC it is possible for someone to try and navigate directly to a .aspx view. In general, this only leaves them with an ugly error message as Views typically need ViewData in order to work.
However, one approach that I think will easily work is to create a Web.config file in the root of your Views directory that contains the following.
We need to do more testing on our side to make sure there's no pathological case in doing this, but so far in my personal testing, it seems to...
The ASP.NET and Silverlight team are hiring! Brad Abrams (who happens to be my “grand-boss” as in my boss's boss) posted a developers wanted ad on his blog:
Are you JavaScript guru who has a passion to make Ajax easier for the masses?
Are you the resident expert in ASP.NET and consistently think about how data driven applications could be easier to build?
Are you a TDD or patterns wonk that sees how ASP.NET MVC is a game-changer?
Are you excited about the potential of...
I just received a few advanced copies of our new book and am giving away three of them to the first three people who leave a comment on this post. But there’s a catch! You have to have a blog and promise to write a review on your blog. This is on the honor system so I’ll send you the book and you can then review it. In your comment, leave your email address in the email field (it’s not visible to anyone else) and I’ll follow up to get your mailing address. Also let me know if you want...
Remember the book I mentioned that I was writing along with a few colleagues? Well it is finally available for pre-order on Amazon.com! If you love me, you’ll buy five copies each. No. Ten copies! Or, you could wait for the reviews and buy the book on its own merits, which I hope it warrants. But what’s the fun in that? All kidding aside, this was a fun and tiring collaborative effort with Jeff “Coding Horror” Atwood, Jon Galloway, K. Scott Allen, and Wyatt Barnett. The book aggregates our collective wisdom on the topic of building web applications with...
UPDATE: K. Scott Allen got to the root of the problem. It turns out it was an issue of precedence. Compiler options are not additive. Specifying options in @Page override those in web.config. Read his post to find out more. Conditional compilation constants are pretty useful for targeting your application for a particular platform, environment, etc... For example, to have code that only executes in debug mode, you can define a conditional constant named DEBUG and then do this... #if DEBUG
//This code only runs when the app is compiled for debug
Log.EverythingAboutTheMachine();
#endif
It’s not common knowledge to me that these constants...
Not too long ago I wrote a blog post on some of the benefits of Duck Typing for C# developers. In that post I wrote up a simplified code sample demonstrating how you can cast the HttpContext to an interface you create called IHttpContext, for lack of a better name.
Well I couldn’t just sit still on that one so I used Reflector and a lot of patience and created a set of interfaces to match the Http intrinsic classes. Here is a full list of interfaces I created along with the concrete existing class (all in the System.Web namespace except...
First, let me start off with some praise. I really really like Windows Live Writer. I’ve praised it many times on my blog. However, there is one thing that really annoys me about WLW, it’s utter disregard for web standards and the fact that injects crap I don’t want or need into my content.
Of particular annoyance is the way that WLW adds attributes that are not XHTML compliant. For example, when you use the Insert Tags feature, it creates a div that looks something like:
<div class="wlWriterEditableSmartContent"
id="guid1:guid2"
contenteditable="false"
style="padding-right: 0px; display: inline; padding-left: 0px;...
ELMAH, which stands for Error Logging Modules and Handlers for ASP.NET, is an open source project which makes it easy to log and view unhandled exceptions via its pluggable architecture. Having been around a while, a lot has already been written on it so I won’t rehash all that information. For more details, you can read the following: Using HTTP Modules and Handlers to Create Pluggable ASP.NET Components ELMAH page on Google Code All you need to know for the purposes of this post is that ELMAH is implemented as two key components: An HTTP Module Used...
I have a confession. I am an Open Source developer and my platform of choice is the .NET framework by Microsoft. Not only that, I actually believe it is a good thing to support Open Source projects in the Microsoft ecosystem. Yeah, really. In response to this tidbit, I have heard and am bracing to hear replies such as... Why would you do that (support Open Source on Microsoft)? Or It can’t be Open Source if it’s on the Microsoft platform. One rationale given is that it ain’t really Open Source unless the entire stack is Open Source. I call this the all or nothing...
Testing code written for the web is challenging. Especially code that makes use of the ASP.NET intrinsic objects such as the HttpRequest object. My goal is to make testing such code easier. A while ago, I wrote some code to simulate the HttpContext in order to make writing such unit tests easier. My goal wasn’t to replace web testing frameworks such as Selenium, Watin, or AspUnit. Instead, I’m a fan of the Pareto principle and I hoped to help people easily reach the 80 of the 80/20 rule before reaching out to one of these tools to cover...
One praiseworthy aspect of ASP.NET 2.0 is its much improved XHTML compliance. However, there is one particular implementation detail related to this that causes some web designs to break and could have been implemented in a better manner. The detail is how ASP.NET 2.0 will wrap a DIV tag around hidden input fields. My complaint isn’t that Microsoft added this DIV wrapper, because it is needed for strict compliance. My complaint is that there is no CSS class or id on the DIV to make it easy to exclude CSS styling on it. For example, here is a snippet from the output of...
Simone Chiaretta, a member of the Subtext development team (among other open source projects), has been quite busy lately. I recently mentioned the Vista Sidebar Gadget for CruiseControl.NET he published. He also was recently in a video interview by MindBlog. Go Simo! The post that caught my eye recently is how to make a Gmail-like loading indicator with ASP.NET Ajax. This is a nice demonstartion of how to use the ASP.NET Ajax library to simulate various styles of user interface. Personally though, I’m not a fan of this particular loading indicator at the page level. When I have my...
My Coworker (and Subtext co-admin) Steve Harman writes about a weird double PostBack issue he ran into recently when using CSS Friendly Control Adapters with the CreateUserWizard Membership Provider control. So far he hasn’t received much in the way of feedback in the forums yet. Have any of you run into this? Technorati tags: ASP.NET, CSS
Maybe this is obvious, but it wasn’t obvious to me. I’m binding some data in a repeater that has the following output based on two numeric columns in my database. It doesn’t matter why or what the data represents. It’s just two pieces of data with some formatting:
42, (123)
Basically these are two measurements. Initially, I would databind this like so:
<%# Eval("First") %>, (<%# Eval("Second") %>)
The problem with this is that if the first field is null, I’m left with this output.
, (123)
Ok, easy enough to fix using a format string:
<%# Eval("First", "{0}, ") %>(<%# Eval("Second") %>)
But now I’ve learned that...
UPDATE: Luke Wroblewski posted a link in my comments to his Best Practices for Form Design PDF. It is 100+ pages chock full of good usability information concerning forms. Thanks Luke! James Avery writes about the Art of Label Placement in which he links to a few great articles on form design and label placement. Web Application Form Design by Luke Wroblewski - This article covers the best ways to arrange labels and submission buttons. Web Application Form Design Expanded by Luke Wroblewski - Another great article from Luke W. expanding on the same topics. Label Placement in Forms by Matteo...
Some people think the ViewState is the spawn of the devil. Not one to be afraid of being in bed with the devil, I feel a tad bit less negative towards it, as it can be very useful.
Still, it has its share of disadvantages. It sure can get bloated. Not only that, but disabling ViewState can wreack havock with the functionality of many controls.
This is why ASP.NET 2.0 introduces the control state. The basic idea is that there is some state that should be considered the data for the control, while other state is necessary for the control to function. For example,...
Scott Watermasysk has a great set of Quick Tips for ASP.NET on his blog. And this is only part one! I’m Looking forward to seeing the subsequent posts of this series.
However, I disagree slightly with his tip to Never use the ASP.NET Label control. I would rephrase it to:
Never use the ASP.NET Label control when a Literal would do.
The problem is not the Label control. The problem is treating the Label control as if it was merely a Literal control.
The Label control has a specific usage, to be a label for a form input. For example, check out this screenshot of...
How do you uniquely identify a person, without divulging the identity of that person? For example, given a set of personal artifacts, how would I arrange the set of artifacts grouped by the person to which they belonged?
The answer is quite easy, isn’t it (especially given the title of this blog post and the image to the right)? You can look at the fingerprints on the items.
Unless you happened to have a file that mapped the fingerprints to individuals, you won’t know who the comb and mirror belong to, for example, only that they do belong to the same person and...
I’m currently working on an interesting project to develop a series of HTTP services used by games running on the RIM Blackberry. These services will enable players to compete against one another (though not in real time) in various games and see high scores, challenge friends, etc.... It brings a social aspect to gaming on your blackberry device. The games are written in Java and I’m using a Blackberry emulator for testing the interaction between the game and the services. I’m running the service at localhost on my local machine to allow me to step through the debugger when necessary. ...
Last night a unit test saved my life (with apologies). Ok, maybe not my life, but the act of writing some unit tests did save me the embarrasment of an obscure bug which was sure to hit when I least expected it. It is cases like this that made me into such a big fan of writing automated unit tests.
Not too long ago I wrote a C# Akismet API for Subtext. In writing the code, I followed design principles focused on making the API as testable as possible. For example, I applied Inversion of Control (IOC) by having the AkismetClient constructor take...
One of the hidden gems in ASP.NET 2.0 is the new expression syntax. For example, to display the value of a setting in the AppSettings section of your web.config, you can do this: <asp:Label Text="<%$ AppSettings:AnotherSetting %>"
ID="setting"
runat="server" />
Notice that the value of the Text property of the Label control is set to an expression that is similar to the DataBinding syntax (<%#), but instead of a pound sign (#) it uses a dollar sign ($).
Expressions are distinguished by the expression prefix. In the above example, the prefix is AppSettings. The...
One of the benefits of writing an ASP.NET book is that it forces me to spend a lot of time spelunking deep in the bowels of ASP.NET uncovering all sorts of little gems I never noticed the first time around. Many of these little morsels should end up in the book, but I thought I would blog about a few of them as I go along. This is all part of the weird situation I find myself in while writing this book. I thought I would just sit down and all the words would flow. Instead, no matter how motivated I...
This one is probably old news to many of you, but I just recently ran across it. Every time I want to add a new control to a new page, I get annoyed because I have to remember that annoying syntax for registering a control.
Let’s see...how does it go again? Do I have to add a TagName attribute? No, that’s for user controls. Hmmm, forget it, I’ll just dynamically add it! Well in the interest of reducing future angst, here are two examples of the syntax, one for a custom control and one for a user...
Dave (a Subtext developer) just blogged about a project template he created for creating Atlas applications using the Web Application Project (WAP). This is wicked useful for those of us who prefer Web Application Projects over Web Site Projects. Tags: ASP.NET, Atlas
In a recent post I ranted about how ASP.NET denies WebPermission in Medium Trust. I also mentioned that there may be some legitimate reasons to deny this permission based on this hosting guide. Then Cathal (thanks!) emailed me and pointed out that the originUrl does not take wildcards, it takes a regular expression. So I updated the <trust /> element of web.config like so: <trust level="Medium" originUrl=".*" />
Lo and Behold, it works! Akismet works. Trackbacks work. All in Medium Trust.
Of course, a hosting provider can easily override this as Scott Guthrie points out in my comments. I need to stop...
This is a bit of rant born out of some frustrations I have with ASP.NET. When setting the trust level of an ASP.NET site, you have the following options:Full, High, Medium, Low, Minimal It turns out that many web hosting companies have chosen to congregate around Medium trust as a sweet spot in terms of tightened security while still allowing decent functionality. Only natural as it is the one in the middle. For the most part, I am sure there are very good reasons for which permissions make it into Medium trust and which ones are not allowed. But...
Recently I wrote a .NET based Akismet API component for Subtext. In attempting to make as clean as interface as possible, I made the the type of the property to store the commenter’s IP address of type IPAddress. This sort of falls in line with the Framework Design Guidelines, which mention using the Uri class in your public interface rather than a string to represent an URL. I figured this advice equally applied to IP Addresses as well. To obtain the user’s IP Address, I simply used the UserHostAddress property of the HttpRequest object like so. HttpContext.Current.Request.UserHostAddress
The UserHostAddress property is...
Jeff Atwood asks the question in a recent post if writing your own blog software is a form of procrastination (no, blogging is). I remember reading something where someone equated rolling your own blog engine is the modern day equivalent of the Hello World program. I wish I could remember where I heard that so I can give proper credit. UPDATE: Kent Sharkey reminds me that I read it on his blog. It was a quote from Scott Wigart. Thanks for the memory refresh Kent! Obviously, as an Open Source project founder building a blog...
UPDATE: This code is now hosted in the Subkismet project on CodePlex.
Not too long ago I wrote about using heuristics to fight comment spam. A little later I pointed to the NoBot control as an independent implementation of the ideas I mentioned using Atlas.
I think that control is a great start, but it does suffer from a few minor issues that prevent me from using it immediately.
It requires Atlas and Atlas is pretty heavyweight.
Atlas is pre-release right now.
We’re waiting on a bug fix in Atlas...
UPDATE: Looks like this will get fixed in the next release according to a comment on Steve’s blog. Steve Harman, a Subtext developer, was prototyping using Atlas in Subtext and encountered a rather problematic bug. Not only did he encounter the bug, he went through the hard work to dig into the source of the bug right down to the line of code and proposes a fix. How is that for constructive criticism? Unfortunately, he hasn't received any response from the Atlas team (at the time of this posting) regarding whether or not they recognize this as a bug...
Remember my recent post in which I suggested that we need more heuristic approaches to the comment spam problem? Check out this new NoBot control in the Atlas Control Toolkit. I wonder if this came out before or after I wrote my piece, because I don’t want y’all to think I cribbed my ideas from this control. It has a couple features that I mentioned. Forcing the client’s browser to perform a configurable JavaScript calculation and verifying the result as part of the postback. (Ex: the calculation may be a simple numeric one, or may also involve the...