Use the ReadOnly property of the text box.
Change Based on the OP comment, this probably won't do the trick.
Edit 2 : from DotNetSlackers:
So, what is the difference between these two properties and why both exist? There are two differences between these two properties, the trivial difference and the subtle, deep:
- Two properties emit different markups. When you set Enabled to False, the TextBox introduces the attribute disabled = "disabled" inits the displayed HTML. When you set the ReadOnly Property to True, the readonly = "readonly" attribute is injected.
- According to the W3C specification on HTML forms, disabled controls areNOT are “successful,” and read-only controls MAY be “successful.” A successful control is one whose name / value pair is sent back to the browser through POST or request headers. Therefore, disabled controls are NOT sent back to the ASP.NET page, while read-only control may be, depending on User Agent. (In my tests, both IE 6 and FireFox 1.5 send TextBox only for text input.)
......
If you encounter this problem in ASP.NET Version 1.x, you may have found the TextBox ReadOnly property and used this instead of setting Enabled to False. You can still turn off the ViewState page and set the text text of the TextBox to read-only Text software, because the TextBox value is sent back via the form's read-only control. However, in ASP.NET 2.0, things change a bit, as Rick Strahlin noted on the blog. Changing ASP.NET 2.0 ReadOnly behavior when EnableViewState is false. Since 2.0, the behavior of the property of the TextBox control is slightly changed. From technical documents:
The text value of the TextBox with the ReadOnly property set to true is sent to the server when postback occurs, but the server does not process the read-only text field. This allows an attacker to change a read-only text value. The value of the Text property is maintained in view state between postbacks, unless modified by server-side code.
What happens is that the client sends along the read-only value of the TextBox through the form values, but the ASP.NET 2.0 engine does not accept this value and assign its TextBox property for postback to protect the read-only TextBox value from reading itself yourself. But this brings us back to our early problem - if the value is not specified in the postback (or ignored in this case) and the ViewState is disabled, the value will be lost. Eep.
Rick'sworkaround was only supposed to manually read the value from the request headers (this is .TextBox1.Text = Request [this.TextBox1.UniqueID];), which poses a security risk and introduces the problem that there are 2.0 addresses. The best approach is to query the value from the database (or wherever you programmatically set the value for a read-only text field).
The moral of this blog is that if you have read-only data that you can use either disabled or read-only fields, it really doesn’t matter whether you get the value of the form field in the arguments form. This should not matter because you do not have to trust / use this data to start with! If you have read-only data, do not re-read it from the data stream that the end user can mess with!
A source