ict.ken.be
ASP.Net Don't do that, do this!
Categories
.Net
(22)
Android
(1)
Angularjs
(2)
Azure
(5)
BitCoin
(1)
CSS
(4)
Docker
(2)
EF
(6)
Gatsbyjs
(1)
Git
(5)
GraphQL
(2)
HTML
(5)
IIS
(12)
Javascript
(17)
Kubernetes
(2)
Linq
(1)
Linux
(5)
Mercurial
(6)
Messagent
(17)
Mobile
(4)
mojoPortal
(2)
Network
(14)
Nodejs
(7)
Notes
(23)
Patterns
(8)
Reactjs
(3)
Red5
(1)
RegEx
(1)
Security
(12)
Shortcuts
(5)
SQL Server
(23)
Testing
(10)
Visual Code / VSCode
(1)
Visual Studio
(16)
WebApi
(7)
Windows
(19)
Related Posts
System.Net.WebException Too many automatic redirections were attempted
Windows file paths are too long to install npm packages
Visual Studio 2013, C# 6 and .Net 4.6
Clubbing the seal
Exe with all dll assemblies included
Categories:
.Net
Previous Post <<
>> Next Post
By Damian Edwards
Avoid control adapters
use css media queries
instead
Avoid style properties on controls use css stylesheets
Avoid page & control callbacks use updatepanel, ajax, webapi, ...
Avoid capability detection use client-side feature detection such as Modernizr
Avoid request validation use :
Validate well-formedness of data on the way in (is this submitted value using the correct scheme)
Encode data on the way out (@foo,
<%:foo%>
, JavaScriptStringEncode, UrlEncode, ...)
Do not us <%=, <%# and us @foo.HtmlString() when needed
Avoid cookieless forms auth & session use require cookies and
secure ssl cookies
Make sure
EnableViewStateMac = true
(must be always on even when not using viewstate)
Do not use Medium Trust or any other trust level as a security boundry, place untrusted applications into their own application pools, run each application pool under its own unique identity.
http://support.microsoft.com/kb/2698981
Do not use <appSettings> to disable our security (only on webfarm roll out)
http://msdn.microsoft.com/en-us/library/hh975440.aspx
Do not use UrlPathEncode
use UrlEncode and sanitize urls with System.Uri
Use native IIS modules if you need to hook into PreSendRequestHeaders & PreSendRequestContent, do not use them from within managed IHttpModule instances
Do not use async void for page lifecycle events, use Page.RegisterAsyncTask() and set <httpRuntime targetFramework="4.5" /> if using Task
Avoid timers, ThreadPool.QUWI
as we might tear the AppDomain out from under you.
Moving to a Windows Service or Worker Role for maximum reliability.
Using WebBackgrounder if the work needs to be done in-proc:
http://nuget.org/packages/WebBackgrounder
Avoid reading Request.Form/InputStream before the HandlerExecute event, instead deffer to HandlerExecute.
Use Request.GetBufferlessInputStream(), Request.Form and InputStream unavailable
Use GetBufferedInputStream() to get a copy, Request.Form and InputStream available
Response.Redirect(string) calls Response.End()
, which aborts the current thread in synchronous requests and halts code execution. For asynchronous handlers, Response.End() does not abort the current thread, so code execution continues. If you need to redirect the response, use the method appropriate for the framework you're using. For example, in MVC return a RedirectResult instead of calling Response.Redirect.
Do not use EnableViewState but
set ViewStateMode="Disabled" at the page directive level
and set ViewStateMode="Enabled" only on controls that require state
Do not use SqlMembershipProvider,
use UniversalProviders
which work with all databases that Entity Framework supports including SQL, Azure SQL, SQL Compact, MySQL and more...
Avoid long-running requests because asp.net will forcibly release the session object lock at a potentially inopportune time. If needed use WebSockets as it has much lower per-request memory overhead.
Previous Post <<
>> Next Post