Hi,
Following is the checklist to be followed for good ASP.NET application recommended by Microsoft:
Source:
http://msdn2.microsoft.com/en-us/library/ms998530.aspx
Design Considerations
Check | Description |
Consider security and performance. | |
Partition your application logically. | |
Evaluate affinity. | |
Reduce round trips. | |
Avoid blocking on long-running tasks. | |
Use caching. | |
Avoid unnecessary exceptions. |
Threading
Check | Description |
Tune the thread pool by using the formula to reduce contention. | |
Consider minIoThreads and minWorkerThreads for burst load. | |
Do not create threads on a per-request basis. | |
Avoid blocking threads. | |
Avoid asynchronous calls unless you have additional parallel work. |
Resource Management
Check | Description |
Pool resources. | |
Explicitly call Close or Dispose on resources you open. | |
Do not cache or block on pooled resources. | |
Know your application allocation pattern. | |
Obtain resources late and release them early. | |
Avoid per-request impersonation. |
Pages
Check | Description |
Trim your page size. | |
Enable buffering. | |
Use Page.IsPostBack to minimize redundant processing. | |
Partition page content to improve caching efficiency and reduce rendering. | |
Ensure pages are batch compiled. | |
Ensure debug is set to false. | |
Optimize expensive loops. | |
Consider using Server.Transfer instead of Response.Redirect. | |
Use client-side validation. |
Server Controls
Check | Description |
Identify the use of view state in your server controls. | |
Use server controls where appropriate. | |
Avoid creating deep hierarchies of controls. |
Data Binding
Check | Description |
Avoid using Page.DataBind. | |
Minimize calls to DataBinder.Eval. |
Caching
Check | Description |
Separate dynamic data from static data in your pages. | |
Configure the memory limit. | |
Cache the right data. | |
Refresh your cache appropriately. | |
Cache the appropriate form of data. | |
Use output caching to cache relatively static pages. | |
Choose the right cache location. | |
Use VaryBy attributes for selective caching. | |
Use kernel caching on Microsoft® Windows Server™ 2003. |
State Management
Check | Description |
Store simple state on the client where possible. | |
Consider serialization costs. |
Application State
Check | Description |
Use static properties instead of the Application object to store application state. | |
Use application state to share static, read-only data. | |
Do not store single-threaded apartment (STA) COM objects in application state. |
Session State
Check | Description |
Prefer basic types to reduce serialization costs. | |
Disable session state if you do not use it. | |
Avoid storing STA COM objects in session state. | |
Use the ReadOnly attribute when you can. |
View State
Check | Description |
Disable view state if you do not need it. | |
Minimize the number of objects you store in view state. | |
Determine the size of your view state. |
HTTP Modules
Check | Description |
Avoid long-running and blocking calls in pipeline code. | |
Consider asynchronous events. |
String Management
Check | Description |
Use Response.Write for formatting output. | |
Use StringBuilder for temporary buffers. | |
Use HtmlTextWriter when building custom controls. |
Exception Management
Check | Description |
Implement a Global.asax error handler. | |
Monitor application exceptions. | |
Use try/finally on disposable resources. | |
Write code that avoids exceptions. | |
Set timeouts aggressively. |
COM Interop
Check | Description |
Use ASPCOMPAT to call STA COM objects. | |
Avoid storing COM objects in session state or application state. | |
Avoid storing STA components in session state. | |
Do not create STA components in a page constructor. | |
Supplement classic ASP Server.CreateObject with early binding. |
Data Access
Check | Description |
Use paging for large result sets. | |
Use a DataReader for fast and efficient data binding. | |
Prevent users from requesting too much data. | |
Consider caching data. |
Security Considerations
Check | Description |
Constrain unwanted Web server traffic. | |
Turn off authentication for anonymous access. | |
Validate user input on the client. | |
Avoid per-request impersonation. | |
Avoid caching sensitive data. | |
Segregate secure and non-secure content. | |
Only use Secure Sockets Layer (SSL) for pages that require it. | |
Use absolute URLs for navigation. | |
Consider using SSL hardware to offload SSL processing. | |
Tune SSL timeout to avoid SSL session expiration. |
Deployment Considerations
Check | Description |
Avoid unnecessary process hops. | |
Understand the performance implications of a remote middle tier. | |
Short-circuit the HTTP pipeline. | |
Configure the memory limit. | |
Disable tracing and debugging. | |
Ensure content updates do not cause additional assemblies to be loaded. | |
Avoid XCOPY under heavy load. | |
Consider precompiling pages. | |
Consider Web garden configuration. | |
Consider using HTTP compression. | |
Consider using perimeter caching. |
Thanks & Regards,
Arun Manglick
SMTS || Microsoft Technology Practice || Bridgestone - Tyre Link || Persistent Systems || 3023-6258
No comments:
Post a Comment