Always check Page.IsValid in your button’s EventHandler
Just because you are using ASP.NET validation controls, do not assume the page could not be submitted with invalid data.
Also, just because you hide a control, do not assume buttons/textboxes/etc on it are not submit-able. It is perfectly fine to hide a control that a user should not access, but with very little code (or using a third party tool) users can easily make an HttpPost with any data they choose.
Checking Page.IsValid method makes sure that you have always valid data entered by the user.
