What I'm trying to achieve is basically to prevent client-side change of the state of my server controls.For example, let's say that I have a business web applications, that shows some data in read-only fashion to the regular users, but allow the admin to edit the data. In such case I use regular ASP.NET server controls, but disable them for the regular user (enabled=false). The problem that I have is that any advanced user could change the disabled control on the client using short javascript code and check the supposedly disabled and unchecked checkbox.From my standpoint this is serious security problem and I'm more than surprised that I cannot find no one asking questions about that.Perhaps I'm missing something, but please let me know what is the easiest way to prevent this client-side change. I thought that when the control is disabled before rendering the page, the following postback would not touch this control at all, no matter how you change it on the client. Did I get terribly wrong?