How to prevent enabling button using developer tools on ASP.NET?

Question

1.00/5 (1 vote)

See more:

Hi Team,
I have button on the ASP.net website and that button will be getting enabled based on the user role. For the use who does not have permission are able to enable the button using Developer Tool (F12). Do we have any option or feature to handle this situation?

Note: I know that in server side we can have check to validate user rights. But i want know solution without server side.

Thanks in advance.

What I have tried:

I have tried to disable right click and other option and those are did not work properly.

Posted 4-May-20 22:15pm

kamalcodeproject

Updated 5-May-20 0:13am

Add a Solution

Comments

phil.o 5-May-20 5:17am

Whatever you will do, client side code will always be vulnerable to alteration by the client. The only place where you should handle what is possible and what is not based on user rights is on the server side.

DerekT-P 5-May-20 7:51am

If someone's going to try this, they probably have the skill and motivation to do it just by crafting a POST request using a proxy anyway, so as per the suggested solution, you MUST check permissions server side. However, by sending a disabled button, you are (a) giving people ideas and (b) telling them the name of the button. With or without "enabling" the button, I can create a POST using that button name and you've no idea if it was enabled or not. However without the button name, I can only guess at what it might be. If it's sensitive and if verifying permissions on the server is "expensive" then just don't send the (disabled) button at all, to remove temptation; and name it something obscure (or even give it a dynamic, random name) then any hacker won't know what to press. BUT you still need to verify permissions at server side!! :-)

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

F-ES Sitecore · Answer 1 · 2020-05-05T00:15:00

Solution 1

There is no client side solution. You always need to confirm server side that the person has the rights to do what they are doing.

Posted 5-May-20 0:15am

F-ES Sitecore