Is making an asp:Button control invisible enough to be sure users won't be able to click it?

Question

I\'m making a simple website that lists files from a certain folder. If the user has admin rights, the user can delete files by clicking the \"Delete\" button.

In my

Answer 1

My question is: can I be sure that this method is safe against known-code attack if user modifies the webpage client-side aiming to click this invisible button? Or I have to make precautions in CodeBehind and verify user rights in button clicked event?

I personally would also put another piece of code in the click event. Verifying that click comes from the user who is authorized to click that button.

What you could also do is to add a button from code behind as this (Assuming you are putting this button into a panel called pnlButtons):

Button btnDeleteList = new Button();
btnDeleteList.Text = "Delete List";
btnDeleteList.Click += btnDeleteList_Click;
pnlButtons.Controls.Add(btnDeleteList);

In other words, if user is Admin - add a button, if user is not an admin - do not add. In this case you do not have to play around with visibility.

hope this helps.