Hi,
Following is the checklist to be followed for good ASP.NET application recommended by Microsoft:
Source:
http://msdn2.microsoft.com/en-us/library/ms998530.aspx
Design Considerations
| Check | Description |
| Consider security and performance. | |
| Partition your application logically. | |
| Evaluate affinity. | |
| Reduce round trips. | |
| Avoid blocking on long-running tasks. | |
| Use caching. | |
| Avoid unnecessary exceptions. |
Threading
| Check | Description |
| Tune the thread pool by using the formula to reduce contention. | |
| Consider minIoThreads and minWorkerThreads for burst load. | |
| Do not create threads on a per-request basis. | |
| Avoid blocking threads. | |
| Avoid asynchronous calls unless you have additional parallel work. |
Resource Management
| Check | Description |
| Pool resources. | |
| Explicitly call Close or Dispose on resources you open. | |
| Do not cache or block on pooled resources. | |
| Know your application allocation pattern. | |
| Obtain resources late and release them early. | |
| Avoid per-request impersonation. |
Pages
| Check | Description |
| Trim your page size. | |
| Enable buffering. | |
| Use Page.IsPostBack to minimize redundant processing. | |
| Partition page content to improve caching efficiency and reduce rendering. | |
| Ensure pages are batch compiled. | |
| Ensure debug is set to false. | |
| Optimize expensive loops. | |
| Consider using Server.Transfer instead of Response.Redirect. | |
| Use client-side validation. |
Server Controls
| Check | Description |
| Identify the use of view state in your server controls. | |
| Use server controls where appropriate. | |
| Avoid creating deep hierarchies of controls. |
Data Binding
| Check | Description |
| Avoid using Page.DataBind. | |
| Minimize calls to DataBinder.Eval. |
Caching
| Check | Description |
| Separate dynamic data from static data in your pages. | |
| Configure the memory limit. | |
| Cache the right data. | |
| Refresh your cache appropriately. | |
| Cache the appropriate form of data. | |
| Use output caching to cache relatively static pages. | |
| Choose the right cache location. | |
| Use VaryBy attributes for selective caching. | |
| Use kernel caching on Microsoft® Windows Server™ 2003. |
State Management
| Check | Description |
| Store simple state on the client where possible. | |
| Consider serialization costs. |
Application State
| Check | Description |
| Use static properties instead of the Application object to store application state. | |
| Use application state to share static, read-only data. | |
| Do not store single-threaded apartment (STA) COM objects in application state. |
Session State
| Check | Description |
| Prefer basic types to reduce serialization costs. | |
| Disable session state if you do not use it. | |
| Avoid storing STA COM objects in session state. | |
| Use the ReadOnly attribute when you can. |
View State
| Check | Description |
| Disable view state if you do not need it. | |
| Minimize the number of objects you store in view state. | |
| Determine the size of your view state. |
HTTP Modules
| Check | Description |
| Avoid long-running and blocking calls in pipeline code. | |
| Consider asynchronous events. |
String Management
| Check | Description |
| Use Response.Write for formatting output. | |
| Use StringBuilder for temporary buffers. | |
| Use HtmlTextWriter when building custom controls. |
Exception Management
| Check | Description |
| Implement a Global.asax error handler. | |
| Monitor application exceptions. | |
| Use try/finally on disposable resources. | |
| Write code that avoids exceptions. | |
| Set timeouts aggressively. |
COM Interop
| Check | Description |
| Use ASPCOMPAT to call STA COM objects. | |
| Avoid storing COM objects in session state or application state. | |
| Avoid storing STA components in session state. | |
| Do not create STA components in a page constructor. | |
| Supplement classic ASP Server.CreateObject with early binding. |
Data Access
| Check | Description |
| Use paging for large result sets. | |
| Use a DataReader for fast and efficient data binding. | |
| Prevent users from requesting too much data. | |
| Consider caching data. |
Security Considerations
| Check | Description |
| Constrain unwanted Web server traffic. | |
| Turn off authentication for anonymous access. | |
| Validate user input on the client. | |
| Avoid per-request impersonation. | |
| Avoid caching sensitive data. | |
| Segregate secure and non-secure content. | |
| Only use Secure Sockets Layer (SSL) for pages that require it. | |
| Use absolute URLs for navigation. | |
| Consider using SSL hardware to offload SSL processing. | |
| Tune SSL timeout to avoid SSL session expiration. |
Deployment Considerations
| Check | Description |
| Avoid unnecessary process hops. | |
| Understand the performance implications of a remote middle tier. | |
| Short-circuit the HTTP pipeline. | |
| Configure the memory limit. | |
| Disable tracing and debugging. | |
| Ensure content updates do not cause additional assemblies to be loaded. | |
| Avoid XCOPY under heavy load. | |
| Consider precompiling pages. | |
| Consider Web garden configuration. | |
| Consider using HTTP compression. | |
| Consider using perimeter caching. |
Thanks & Regards,
Arun Manglick
SMTS || Microsoft Technology Practice || Bridgestone - Tyre Link || Persistent Systems || 3023-6258
No comments:
Post a Comment