Email Address Validation for ASP NET

Question

What do you use to validate an email address on a ASP NET form  I want to make sure that it contains no XSS exploits   This is ASP NET 1 1

User · Answer

Here is a basic email validator I just created based on Simon Johnson's idea. It just needs the extra functionality of DNS lookup being added if it is required.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Web.UI.WebControls;
using System.Text.RegularExpressions;
using System.Web.UI;

namespace CompanyName.Library.Web.Controls
{
    [ToolboxData("<{0}:EmailValidator runat=server></{0}:EmailValidator>")]
    public class EmailValidator : BaseValidator
    {

        protected override bool EvaluateIsValid()
        {
            string val = this.GetControlValidationValue(this.ControlToValidate);
            string pattern = @"^[a-z][a-z|0-9|]*([_][a-z|0-9]+)*([.][a-z|0-9]+([_][a-z|0-9]+)*)?@[a-z][a-z|0-9|]*\.([a-z][a-z|0-9]*(\.[a-z][a-z|0-9]*)?)$";
            Match match = Regex.Match(val.Trim(), pattern, RegexOptions.IgnoreCase);

            if (match.Success)
                return true;
            else
                return false;
        }

    }
}

Update: Please don't use the original Regex. Seek out a newer more complete sample.

User · Answer

Here is a basic email validator I just created based on Simon Johnson's idea. It just needs the extra functionality of DNS lookup being added if it is required.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Web.UI.WebControls;
using System.Text.RegularExpressions;
using System.Web.UI;

namespace CompanyName.Library.Web.Controls
{
    [ToolboxData("<{0}:EmailValidator runat=server></{0}:EmailValidator>")]
    public class EmailValidator : BaseValidator
    {

        protected override bool EvaluateIsValid()
        {
            string val = this.GetControlValidationValue(this.ControlToValidate);
            string pattern = @"^[a-z][a-z|0-9|]*([_][a-z|0-9]+)*([.][a-z|0-9]+([_][a-z|0-9]+)*)?@[a-z][a-z|0-9|]*\.([a-z][a-z|0-9]*(\.[a-z][a-z|0-9]*)?)$";
            Match match = Regex.Match(val.Trim(), pattern, RegexOptions.IgnoreCase);

            if (match.Success)
                return true;
            else
                return false;
        }

    }
}

Update: Please don't use the original Regex. Seek out a newer more complete sample.

User · Answer

Preventing XSS is a different issue from validating input   Regarding XSS  You should not try to check input for XSS or related exploits  You should prevent XSS exploits  SQL injection and so on by escaping correctly when inserting strings into a different language where some characters are  magic   eg  when inserting strings in HTML or SQL  For example a name like O Reilly is perfectly valid input  but could cause a crash or worse if inserted unescaped into SQL  You cannot prevent that kind of problems by validating input   Validation of user input makes sense to prevent missing or malformed data  eg  a user writing  asdf  in the zip-code field and so on  Wrt  e-mail adresses  the syntax is so complex though  that it doesnt provide much benefit to validate it using a regex  Just check that it contains a

User · Answer

Any script tags posted on an ASP NET web form will cause your site to throw and unhandled exception   You can use a asp regex validator to confirm input  just ensure you wrap your code behind method with a if IsValid  clause in case your javascript is bypassed  If your client javascript is bypassed and script tags are posted to your asp net form  asp net will throw a unhandled exception   You can use something like    lt asp RegularExpressionValidator ID  regexEmailValid  runat  server  ValidationExpression   w   -    w     w   -   w      w   -   w     ControlToValidate  tbEmail  ErrorMessage  Invalid Email Format  gt  lt  asp RegularExpressionValidator gt

User · Answer

Preventing XSS is a different issue from validating input   Regarding XSS  You should not try to check input for XSS or related exploits  You should prevent XSS exploits  SQL injection and so on by escaping correctly when inserting strings into a different language where some characters are  magic   eg  when inserting strings in HTML or SQL  For example a name like O Reilly is perfectly valid input  but could cause a crash or worse if inserted unescaped into SQL  You cannot prevent that kind of problems by validating input   Validation of user input makes sense to prevent missing or malformed data  eg  a user writing  asdf  in the zip-code field and so on  Wrt  e-mail adresses  the syntax is so complex though  that it doesnt provide much benefit to validate it using a regex  Just check that it contains a

User · Answer

Validating that it is a real email address is much harder   The regex to confirm the syntax is correct can be very long  see http   www regular-expressions info email html for example   The best way to confirm an email address is to email the user  and get the user to reply by clicking on a link to validate that they have recieved the email  the way most sign-up systems work

User · Answer

In our code we have a specific validator inherited from the BaseValidator class   This class does the following    Validates the e-mail address against a regular expression  Does a lookup on the MX record for the domain to make sure there is at least a server to deliver to    This is the closest you can get to validation without actually sending the person an e-mail confirmation link

User · Answer

Quick and Simple Code   public static bool IsValidEmail this string email        const string pattern                     r          r                -a-z0-9     amp                   lt             lt             a-z0-9   w  -   a-z0-9    a-z  a-z     a-z             var regex   new Regex pattern  RegexOptions IgnoreCase           return regex IsMatch email

User · Answer

Preventing XSS is a different issue from validating input   Regarding XSS  You should not try to check input for XSS or related exploits  You should prevent XSS exploits  SQL injection and so on by escaping correctly when inserting strings into a different language where some characters are  magic   eg  when inserting strings in HTML or SQL  For example a name like O Reilly is perfectly valid input  but could cause a crash or worse if inserted unescaped into SQL  You cannot prevent that kind of problems by validating input   Validation of user input makes sense to prevent missing or malformed data  eg  a user writing  asdf  in the zip-code field and so on  Wrt  e-mail adresses  the syntax is so complex though  that it doesnt provide much benefit to validate it using a regex  Just check that it contains a

User · Answer

using System  using System Collections Generic  using System Linq  using System Web  using System Globalization  using System Text RegularExpressions        lt summary gt      Summary description for RegexUtilities      lt  summary gt  public class RegexUtilities       bool InValid   false       public bool IsValidEmail string strIn                InValid   false          if  String IsNullOrEmpty strIn               return false              Use IdnMapping class to convert Unicode domain names          strIn   Regex Replace strIn    quot          quot   this DomainMapper           if  InValid              return false              Return true if strIn is in valid e-mail format           return Regex IsMatch strIn    quot      quot  quot    quot  quot    quot  quot     quot  quot       0-9a-z              -      amp                     w       lt   0-9a-z      quot      quot            d 1 3     3  d 1 3        0-9a-z  - w   0-9a-z       a-z0-9  2 17     quot                  RegexOptions IgnoreCase              private string DomainMapper Match match                   IdnMapping class with default property values          IdnMapping idn   new IdnMapping             string domainName   match Groups 2  Value          try                       domainName   idn GetAscii domainName                     catch  ArgumentException                        InValid   true                    return match Groups 1  Value   domainName                RegexUtilities EmailRegex   new RegexUtilities            if  txtEmail Value     quot  quot                                         string   SplitClients Email   txtEmail Value Split                           string Send Email  Hold Email                      Send Email   Hold Email    quot  quot                            int CountEmail    Region For Count Total Email                        CountEmail   0    First Time Email Counts Zero                        bool EmaiValid   false                      Hold Email   SplitClients Email 0  ToString   Trim   TrimEnd   TrimStart   ToString                        if  SplitClients Email 0  ToString       quot  quot                                                 if  EmailRegex IsValidEmail Hold Email                                                         Send Email   Hold Email                              CountEmail   1                              EmaiValid   true                                                    else                                                       EmaiValid   false                                                                           if  EmaiValid    false                                                divStatusMsg Style Add  quot display quot    quot  quot                            divStatusMsg Attributes Add  quot class quot    quot alert alert-danger alert-dismissable quot                            divStatusMsg InnerText    quot ERROR      Please Enter A Valid Email ID  quot                           txtEmail Focus                            txtEmail Value   null                          ScriptManager RegisterStartupScript Page  this GetType     quot SmoothScroll quot    quot SmoothScroll    quot   true                           divStatusMsg Visible   true                          ClientScript RegisterStartupScript this GetType     quot alert quot    quot HideLabel    quot   true                           return false

User · Answer

Validating that it is a real email address is much harder   The regex to confirm the syntax is correct can be very long  see http   www regular-expressions info email html for example   The best way to confirm an email address is to email the user  and get the user to reply by clicking on a link to validate that they have recieved the email  the way most sign-up systems work

User · Answer

Here is a basic email validator I just created based on Simon Johnson's idea. It just needs the extra functionality of DNS lookup being added if it is required.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Web.UI.WebControls;
using System.Text.RegularExpressions;
using System.Web.UI;

namespace CompanyName.Library.Web.Controls
{
    [ToolboxData("<{0}:EmailValidator runat=server></{0}:EmailValidator>")]
    public class EmailValidator : BaseValidator
    {

        protected override bool EvaluateIsValid()
        {
            string val = this.GetControlValidationValue(this.ControlToValidate);
            string pattern = @"^[a-z][a-z|0-9|]*([_][a-z|0-9]+)*([.][a-z|0-9]+([_][a-z|0-9]+)*)?@[a-z][a-z|0-9|]*\.([a-z][a-z|0-9]*(\.[a-z][a-z|0-9]*)?)$";
            Match match = Regex.Match(val.Trim(), pattern, RegexOptions.IgnoreCase);

            if (match.Success)
                return true;
            else
                return false;
        }

    }
}

Update: Please don't use the original Regex. Seek out a newer more complete sample.

User · Answer

Validating that it is a real email address is much harder   The regex to confirm the syntax is correct can be very long  see http   www regular-expressions info email html for example   The best way to confirm an email address is to email the user  and get the user to reply by clicking on a link to validate that they have recieved the email  the way most sign-up systems work

User · Answer

You can use a RegularExpression validator  The ValidationExpression property has a button you can press in Visual Studio s property s panel that gets lists a lot of useful expressions  The one they use for email addresses is     w   -     w     w   -   w      w   -   w

User · Answer

using System  using System Collections Generic  using System Linq  using System Web  using System Globalization  using System Text RegularExpressions        lt summary gt      Summary description for RegexUtilities      lt  summary gt  public class RegexUtilities       bool InValid   false       public bool IsValidEmail string strIn                InValid   false          if  String IsNullOrEmpty strIn               return false              Use IdnMapping class to convert Unicode domain names          strIn   Regex Replace strIn    quot          quot   this DomainMapper           if  InValid              return false              Return true if strIn is in valid e-mail format           return Regex IsMatch strIn    quot      quot  quot    quot  quot    quot  quot     quot  quot       0-9a-z              -      amp                     w       lt   0-9a-z      quot      quot            d 1 3     3  d 1 3        0-9a-z  - w   0-9a-z       a-z0-9  2 17     quot                  RegexOptions IgnoreCase              private string DomainMapper Match match                   IdnMapping class with default property values          IdnMapping idn   new IdnMapping             string domainName   match Groups 2  Value          try                       domainName   idn GetAscii domainName                     catch  ArgumentException                        InValid   true                    return match Groups 1  Value   domainName                RegexUtilities EmailRegex   new RegexUtilities            if  txtEmail Value     quot  quot                                         string   SplitClients Email   txtEmail Value Split                           string Send Email  Hold Email                      Send Email   Hold Email    quot  quot                            int CountEmail    Region For Count Total Email                        CountEmail   0    First Time Email Counts Zero                        bool EmaiValid   false                      Hold Email   SplitClients Email 0  ToString   Trim   TrimEnd   TrimStart   ToString                        if  SplitClients Email 0  ToString       quot  quot                                                 if  EmailRegex IsValidEmail Hold Email                                                         Send Email   Hold Email                              CountEmail   1                              EmaiValid   true                                                    else                                                       EmaiValid   false                                                                           if  EmaiValid    false                                                divStatusMsg Style Add  quot display quot    quot  quot                            divStatusMsg Attributes Add  quot class quot    quot alert alert-danger alert-dismissable quot                            divStatusMsg InnerText    quot ERROR      Please Enter A Valid Email ID  quot                           txtEmail Focus                            txtEmail Value   null                          ScriptManager RegisterStartupScript Page  this GetType     quot SmoothScroll quot    quot SmoothScroll    quot   true                           divStatusMsg Visible   true                          ClientScript RegisterStartupScript this GetType     quot alert quot    quot HideLabel    quot   true                           return false

User · Answer

In our code we have a specific validator inherited from the BaseValidator class   This class does the following    Validates the e-mail address against a regular expression  Does a lookup on the MX record for the domain to make sure there is at least a server to deliver to    This is the closest you can get to validation without actually sending the person an e-mail confirmation link

User · Answer

You should always do server side validaton as well   public bool IsValidEmailAddress string email        try               var emailChecked   new System Net Mail MailAddress email           return true            catch               return false            UPDATE  You can also use the EmailAddressAttribute in System ComponentModel DataAnnotations  Then there is no need for a try-catch to it s a cleaner solution   public bool IsValidEmailAddress string email        if   string IsNullOrEmpty email   amp  amp  new EmailAddressAttribute   IsValid email           return true      else         return false      Note that the IsNullOrEmpty check is also needed otherwise a null value will return true

User · Answer

Any script tags posted on an ASP NET web form will cause your site to throw and unhandled exception   You can use a asp regex validator to confirm input  just ensure you wrap your code behind method with a if IsValid  clause in case your javascript is bypassed  If your client javascript is bypassed and script tags are posted to your asp net form  asp net will throw a unhandled exception   You can use something like    lt asp RegularExpressionValidator ID  regexEmailValid  runat  server  ValidationExpression   w   -    w     w   -   w      w   -   w     ControlToValidate  tbEmail  ErrorMessage  Invalid Email Format  gt  lt  asp RegularExpressionValidator gt

User · Answer

Preventing XSS is a different issue from validating input   Regarding XSS  You should not try to check input for XSS or related exploits  You should prevent XSS exploits  SQL injection and so on by escaping correctly when inserting strings into a different language where some characters are  magic   eg  when inserting strings in HTML or SQL  For example a name like O Reilly is perfectly valid input  but could cause a crash or worse if inserted unescaped into SQL  You cannot prevent that kind of problems by validating input   Validation of user input makes sense to prevent missing or malformed data  eg  a user writing  asdf  in the zip-code field and so on  Wrt  e-mail adresses  the syntax is so complex though  that it doesnt provide much benefit to validate it using a regex  Just check that it contains a

User · Answer

Validating that it is a real email address is much harder   The regex to confirm the syntax is correct can be very long  see http   www regular-expressions info email html for example   The best way to confirm an email address is to email the user  and get the user to reply by clicking on a link to validate that they have recieved the email  the way most sign-up systems work

User · Answer

You can use a RegularExpression validator  The ValidationExpression property has a button you can press in Visual Studio s property s panel that gets lists a lot of useful expressions  The one they use for email addresses is     w   -     w     w   -   w      w   -   w

User · Answer

Any script tags posted on an ASP NET web form will cause your site to throw and unhandled exception   You can use a asp regex validator to confirm input  just ensure you wrap your code behind method with a if IsValid  clause in case your javascript is bypassed  If your client javascript is bypassed and script tags are posted to your asp net form  asp net will throw a unhandled exception   You can use something like    lt asp RegularExpressionValidator ID  regexEmailValid  runat  server  ValidationExpression   w   -    w     w   -   w      w   -   w     ControlToValidate  tbEmail  ErrorMessage  Invalid Email Format  gt  lt  asp RegularExpressionValidator gt

User · Answer

Here is a basic email validator I just created based on Simon Johnson's idea. It just needs the extra functionality of DNS lookup being added if it is required.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Web.UI.WebControls;
using System.Text.RegularExpressions;
using System.Web.UI;

namespace CompanyName.Library.Web.Controls
{
    [ToolboxData("<{0}:EmailValidator runat=server></{0}:EmailValidator>")]
    public class EmailValidator : BaseValidator
    {

        protected override bool EvaluateIsValid()
        {
            string val = this.GetControlValidationValue(this.ControlToValidate);
            string pattern = @"^[a-z][a-z|0-9|]*([_][a-z|0-9]+)*([.][a-z|0-9]+([_][a-z|0-9]+)*)?@[a-z][a-z|0-9|]*\.([a-z][a-z|0-9]*(\.[a-z][a-z|0-9]*)?)$";
            Match match = Regex.Match(val.Trim(), pattern, RegexOptions.IgnoreCase);

            if (match.Success)
                return true;
            else
                return false;
        }

    }
}

Update: Please don't use the original Regex. Seek out a newer more complete sample.

User · Answer

In our code we have a specific validator inherited from the BaseValidator class   This class does the following    Validates the e-mail address against a regular expression  Does a lookup on the MX record for the domain to make sure there is at least a server to deliver to    This is the closest you can get to validation without actually sending the person an e-mail confirmation link

User · Answer

You can use a RegularExpression validator  The ValidationExpression property has a button you can press in Visual Studio s property s panel that gets lists a lot of useful expressions  The one they use for email addresses is     w   -     w     w   -   w      w   -   w

User · Answer

You should always do server side validaton as well   public bool IsValidEmailAddress string email        try               var emailChecked   new System Net Mail MailAddress email           return true            catch               return false            UPDATE  You can also use the EmailAddressAttribute in System ComponentModel DataAnnotations  Then there is no need for a try-catch to it s a cleaner solution   public bool IsValidEmailAddress string email        if   string IsNullOrEmpty email   amp  amp  new EmailAddressAttribute   IsValid email           return true      else         return false      Note that the IsNullOrEmpty check is also needed otherwise a null value will return true

User · Answer

Quick and Simple Code   public static bool IsValidEmail this string email        const string pattern                     r          r                -a-z0-9     amp                   lt             lt             a-z0-9   w  -   a-z0-9    a-z  a-z     a-z             var regex   new Regex pattern  RegexOptions IgnoreCase           return regex IsMatch email

User · Answer

Any script tags posted on an ASP NET web form will cause your site to throw and unhandled exception   You can use a asp regex validator to confirm input  just ensure you wrap your code behind method with a if IsValid  clause in case your javascript is bypassed  If your client javascript is bypassed and script tags are posted to your asp net form  asp net will throw a unhandled exception   You can use something like    lt asp RegularExpressionValidator ID  regexEmailValid  runat  server  ValidationExpression   w   -    w     w   -   w      w   -   w     ControlToValidate  tbEmail  ErrorMessage  Invalid Email Format  gt  lt  asp RegularExpressionValidator gt

User · Answer

In our code we have a specific validator inherited from the BaseValidator class   This class does the following    Validates the e-mail address against a regular expression  Does a lookup on the MX record for the domain to make sure there is at least a server to deliver to    This is the closest you can get to validation without actually sending the person an e-mail confirmation link

User · Answer

You can use a RegularExpression validator  The ValidationExpression property has a button you can press in Visual Studio s property s panel that gets lists a lot of useful expressions  The one they use for email addresses is     w   -     w     w   -   w      w   -   w

[asp.net] Email Address Validation for ASP.NET

Examples related to asp.net

Examples related to validation

Examples related to email