26/06/2016
Featured Article - ASP.NET Don’ts and Do's
Source : http://www.c-sharpcorner.com/article/asp-net-donts-and-dos/
Some folks may keep falling into a trap and are unaware of what they are doing. This article highlights the Dos and the Don’ts in general regarding ASP.NET. The majority of the items listed are taken from the ASP.NET team recommendations. Though this may not be a complete checklist, it covers some of the most common “gotchas” folks run into.
If you know other tips about the Dos and Don’ts in ASP.NET in general, feel free to drop a comment so I can update the list.
Control Adapters
If some of you are still using Control Adapters, especially those WebForms folks- you should avoid it, as much as possible.
Avoid: Control Adapters, as these were created to support mobile controls rendering different markups for different devices.
Prefer: CSS media queries, responsive design and mobile specific views.
Style Properties on Controls
Try to Avoid
The four thousand specific control style properties, e.g.
EditItemTemplate-AlternateItem-Font-ForeColor-SomeStyle-Blah-Blah :S
Using inline CSS styles, e.g.
style=“color:yellow;text-align:center;”
Prefer: CSS stylesheets. You can create your own or use Bootstrap or a combination of your own CSS.
JavaScript Frameworks and AjaxControlToolkit
Try to Avoid: Mixing your jQuery code or other JS frameworks code with WebForm's AjaxControlToolkit controls to avoid functionality issues.
Prefer: Stick to the specific control libraries.
UpdatePanel Control
Do Not: Over use it (Think about performance and maintainability)
Do: Use it, when necessary and if it makes sense to use it.
Try to Avoid: It doesn’t help you to become a better web developer.
Prefer: AJAX e.g jQuery AJAX can be used to do asynchronous updates.
Page and Control Callbacks
Try to Avoid: Page callbacks or control callbacks.
Prefer: Anything else, e.g. Page Method,Web Service, AJAX, Web API.
Scripts and CSS Files
Do: Minify, bundle your CSS and Script files when deployed on production.
Try to Avoid: Deploying unminified scripts and CSS when you can minify them.
Static Script References
Try to Avoid: Referencing local script references (e.g jQuery)
Prefer: Use CDN (Content Delivery Network), when referencing is done on static files
But Always: Do a fallback local reference, in case CDN fails
Capability Detection
Try to Avoid: BrowserCaps, as it has a history of breaking as new browser versions are released
Prefer: Client-side feature detection and lightup, such as via Modernizr.
SQL Queries
Do Not: Append input values directly into your SQL statement because it can lead you to SQL Injection attacks. It’s a big NO NO!
Do:
(1) Use parameter queries
(2) Stored Procedures
(3) ORM e.g. Entity Framework, NHibernate etc.
This article highlights preventing SQL Injection. Protect Your Data: Prevent SQL Injection
Displaying of Data
Do Not: Display huge amounts of data in your page as it can affect the performance of your App and it is not user-friendly.
Do: Limit the amount of data to be displayed.
(1) Filter out items and load the associated data.
(2) Apply paging (e.g using custom paging with LINQ or using SQL paging).
(3) Apply data caching (but be careful: use it only where it makes sense).
Request Validation
Do Not: Depend on the request validation to protect your site against XSS attacks.
Do:
(1) Validate well-formedness of the data
“Is this user-submitted value, a valid System.Uri whose scheme is http: or https:?”
(2) Encode data on the way out.
CSHTML: ● ASPX:
(3) Don’t forget about JavaScriptStringEncode, UrlEncode, etc.
Cookieless Forms Auth& Session
Do Not: Enable cooki less forms authentication or session, as they could make your users victim to malicious attacks.
Do:
(1) Enable “require cookies” for these features.
(2) Consider using only secure (SSL) cookies for the sites serving sensitive information.
EnableViewStateMac
For the developers who use ASP.NET runtime
In this article you will learn about the different controls in ASP.NET. This also highlights the Dos and the Don’ts in general regarding ASP.NET.
