Rules to Better Website Development - ASP.NET

Hold on a second! How would you like to view this content?
Just the title! A brief blurb! Gimme everything!
  1. Do you know how to create nice URLs using ASP.NET 4?

    There are a lot of reasons to have nice URLs for your website:
    • Easy to remember
    • Easy to navigate 
    • Better for search engines
    Bad example – This URL is impossible to remember for your users, and even search don’t like these URLs
    Figure: Bad example – This URL is impossible to remember for your users, and even search don’t like these URLs
    Good example – Nice clean URL, easy to remember, easy to guess where I am and good for search engines
    Figure: Good example – Nice clean URL, easy to remember, easy to guess where I am and good for search engines

    With ASP.NET 4 it is easy to create this URLs. The ASP.NET team includes routing features, known from the MVC web framework.
    Add a route in Global.asax

    protected void Application_Start(object sender, EventArgs e)
    {
    //RouteTable and PageRouteHandler are in System.Web.Routing
    RouteTable.Routes.Add("ProductRoute",
    new Route("products/{productname}",
    new PageRouteHandler("~/ssw/Products/ProdCategoryList.aspx")));
    }​
    Figure: Example on how to route www.ssw.com.au/products/{everything} to the www.ssw.com.au/ssw/Products/ProdCategoryList.aspx page

    Note: There is no dependency on the MVC framework in order to use this code.
    Note: IIS7 has a module called URL rewrite module that can do this functionality without changing any code. Just a configuration of a "Rule" in the IIS Manager.

  2. Do you know how to filter data?

    It is difficult for users to find their required records in a huge amount of data, so adding the filter data functionalities is very useful. 

    The standard DataGrid of ASP.NET doesn't include this functionality, developers need to implement it by themselves.

    Bad Example - implement data filter manually
    Figure: Bad Example - implement data filter manually

    Fortunately, RadGrid supplies this perfect feature.

    Good Example - add an attribute to filter data
    Figure: Good Example - add an attribute to filter data

    Developer can turn this feature on by setting the AllowFilteringByColumn="True".

  3. Do you use jQuery for making a site come alive?

    To please customers every business knows they need to keep their services and offerings fresh and up-to-date. The same is true for websites. In order to attract new traffic, we should make the website vivid.
    Bad example – there is no response when mouse is over the image
    Figure: Bad example – there is no response when mouse is over the image
    Good example – apply the different style when mouse is over
    Figure: Good example – apply the different style when mouse is over
            
            $("p").hover(function () {
                $(this).css({ "background-color":"yellow", "font-weight":"bolder" }); },
                function () { 
                    var cssObj = { "background-color": "#ddd", 
                    "font-weight": "", 
                    color: "rgb(0,40,244)"
                }
                $(this).css(cssObj);
            }); 
        
    Figure: Mouse hover sample
  4. Do you use jQuery Tooltips to save drilling through?

    It is common when we browse a list page, we have to click the "More..." or "Details" button to view the item detail. This process takes more time because we need to wait for the loading of the detail page.

    To improve the performance, we can use jQuery plus CSS to show tooltips in the list page that can let users determine which item detail they want to see.
    Bad Example - redirect to a new page to view the detail
    Figure: Bad Example - redirect to a new page to view the detail
    Good Example - show tooltip when mouse is over in the list
    Figure: Good Example - show tooltip when mouse is over in the list
  5. Do you use MSAjax for Live Data Binding which saves round trips?

    In old versions of ASP.NET AJAX the UI control couldn't get notification if the source had been changed. Developers had to write the extra code to refresh the value.

    In ASP.NET AJAX version 4.0, there is a new feature called "Live Data Binding", which means when there's any change in the data source, the changes are reflected to the data bound interface instantly and vice versa. 
    Binding Modes:
    • Sys.BindingMode.auto
      This is the default binding mode. Two-way binding on an input control, and one-way binding on a context-type elements such as spans.
      <b>Name: </b><input id="name" type="text" value="{binding name, mode=auto}" />
      <b>Echo: </b><span id="nameDisplay">{binding name, mode=auto}</span>
              
      Figure: When you update either textbox, the other one will be updated with the same value.
    • Sys.BindingMode.twoWay
      This is the default binding mode for input controls.
      <b>Name: </b><input id="name" type="text" value="{binding name, mode=twoWay}" />
      <b>Echo: </b><span id="nameDisplay">{binding name, mode=twoWay}</span>
              
      Figure: When you update either textbox, the other one will be updated with the same value.
    • Sys.BindingMode.oneWay 
      <b>Name: </b><input id="name" type="text" value="{binding name, mode=oneWay}" />
      <b>Echo: </b><span id="nameDisplay">{binding name, mode=twoWay}</span>
              
      Figure: When you update the Name, it won't affect the Echo.
    • Sys.BindingMode.oneWayToSource
      <b>Name: </b><input id="name" type="text" value="{binding name}" />
      <b>Echo: </b><span id="nameDisplay">{binding name, mode=oneWayToSource}</span>
              
      Figure: When you update the Name, it won't affect the Echo. But if you update Echo, it will affect the Name.
    • Sys.BindingMode.oneTime
      <b>Name: </b><input id="name" type="text" value="{binding name, mode=twoWay}" />
      <b>Echo: </b><span id="nameDisplay">{binding name, mode=oneTime}</span>
              
      Figure: When you update the Name in the first time, it will affect the Echo. After the first time, it won't affect the Echo.
    The live-binding syntax is similar to binding syntax in WPF (XAML).
  6. Do you allow users to comment and rate your pages?

    If you have published content on the internet, it's a good idea to allow your visitors to comment and rate your pages. Collecting feedback is a great way to make it easier to maintain your content. You can see which content is out of date, and which content is more highly regarded by your user base. This lets you focus on creating the most relevant content that you can. As well as providing you with feedback, allowing people to participate makes them feel more engaged with your content, broadening your reach.​

    There are a few ways that you can easily add comments an​​d interactivity, such as using widgets from:​

    ​The following video shows an overview of Yotpo ratings which we've implemented for our SSW Rules.

     
    Good Example: Yotpo ratings on the SSW Rules site​


  7. Do you always put JavaScript in a separate file?

    ASP.NET injects many lines during page rendering, so if you are using inline JavaScript, the line numbers will change during client side JavaScript debugging in VS.NET, FireBug or IE8 developer Tools.
    ​​​
    JavaScriptBad1.jpg
    Figure: Bad Code - Using Inline JavaScript
    JavaScriptBad.jpg
    Figure: Bad Code - On PostBack Line numbers are changed for Inline JavaScript
    JavaScriptGood.jpg
    Figure: Good Code - Using JavaScript on Separate file ​

    So you should always put JavaScript in a separate file.  Then the line numbers will stay consistent during debugging. 
    Keeping JavaScript in a separate file is also good for production as it improves performance due to browser caching. 

    Note: During development, remember to hit CTRL-F5 to force the browser to re-fetch the files from the server or you may be debugging old version of the JavaScript file.

  8. Do you avoid deploying source code on the production server?

    When you are deploying an ASP.NET project (no matter it's a Web site or a Web application), do not copy all files of this project to the production server because source code will be deployed during this simple copy and it makes easier for others to access or tamper the source code of your site.

    Instead, please use 'Publish' utility to deploy your Web site or Web application. This utility can remove the source code from the site.​​

    1. ​Web Site Project

      Publish Web Site dialog box is designed to precompile and deploy your Web site to a new location (whatever it is, ftp://..., http://... or drive:\path). During the deployment, source code are removed automatically. Besides, the precompilation process finds any compilation errors and identifies the errors in the configuration file.

      To access this dialog box, please open a Web site that you want to deploy and click Build menu, then click Publish Web Site.​

      PublishWebsite.jpg
      Figure: How to open Publish Web Site dialog box
      PublishWebsiteDialog.JPG​​
      Figure: Publish Web Site dialog box

      See more about Publishing Web Sites.

    2. Web Application Project

      The Publish Web dialog box enables you to build and publish a Web application project to a new location. Like Publish Web Site dialog box, this utility can remove source code. However you have to select Only files needed to run this application to specify it. Other benefit of this utility is that potential errors and compile-time errors in the Web.config file and in other non-code files can be found.

      To access this dialog box, open a Web application project that you want to publish and click Publish ApplicationName on the Build menu.​

      PublishWebApp.jpg
      Figure: How to open Publish Web dialog ('WebApp' is the name of this application)​
      PublishWebAppDialog.JPG
      Figure: Publish Web dialog box
      ​​

      See more about How to Publish Web Applications.


  9. Do you avoid using ASP/ASP.NET tags in plain HTML?

    ASP and ASP.NET tags have no place in plain HTML pages. They simply increase the size of the file and are ignored by browsers, because the need to be processed on the server. When converting ASP.NET pages to plain HTML you must be careful to remove all of these tags.​

    ​<%@ Page Language="C#" %>
    <html>
    <ssw:inctop id="inctop" runat="server"></ssw:inctop>

    ​​​​​Figure: Bad Example - ASP.NET tags accidentaly placed in a plain HTML documents

    We have a program called SSW Code Auditor​ to check for this rule.


  10. Do you avoid using document.getElementById(id) and document.all(id) to get a single element, instead use selector $(#id)?

    $(#id) is a selector of jQuery. It gets the single element with the given id.

    jQuery ​is a fast and concise JavaScript Library that simplifies how you traverse HTML documents, handle events, perform animations, and add Ajax interactions to your web pages. jQuery is designed to change the way that you write JavaScript.​

    ​With jQuery, you can write less code but do more work.

    <h1 id="Head1">Hello</h1> <script type="text/javascript" language="javascript">
    document.all("Head1")
    .style.color="red"; </script>

    Figure - Bad Code​​​

    <h1 id="Head1">Hello</h1> <script type="text/javascript" language="javascript">​​
    document.getElementById("Head1")
    .style.color="red"; </script>

    Figure: Bad Code​

    <h1 id="Head1">Hello</h1> <script type="text/javascript" language="javascript">
    $("#Head1")
    .css("color","red"); </script>

    Figure: Good Code - Using $("#Head1")​​​
  11. Do you avoid using mailto: on your website?

    Don't ever display valid individual email addresses or mailto:'s on a website. Nasty people on the web have created "Email Harvesting" tools. These programs search public areas on the Internet to compile, capture, or otherwise "harvest" lists of email addresses from web pages, newsgroups, and chat rooms. Any email address that is spelled out can be captured and therefore gets attacked with spam.

    The best way to avoid it is not to display valid individual email addresses in text format (especially in the form of "mailto:") on your website. 

    ​​

    e.g. FirstnameSurname@ssw.com.au 

    Figure: Bad way - normal email address in text format

     Better way: encryption technique 

    1. Store email addresses in the web.config file
    2. <configuration>
      <appSettings>
      <add key="SampleEncodedEmailAddress" value="David@sample.com.au" /> ...</appSettings> </configuration>

    3. Encode them on the server using the BitConverter class 
    4. Dim email As String = ConfigurationSettings.AppSettings("SampleEncodedEmailAddress") Application("SampleEncodedEmailAddress") = BitConverter.ToString( _ ASCIIEncoding.ASCII.GetBytes(email)).Replace("-", "")

    5. Decode on the client with a JavaScript function in the JavaScript
    6. <a id="linkContact" href="javascript:sendEmail('44617669644073616D706C652E636F6D2E6175')">CONTACT David</a>​

    We have a program called SSW Code Auditor to check for this rule.


  12. Do you avoid using ReportViewer local processing mode?

    ReportViewer control is a powerful control designed for Windows application and Web application to process and display reports. This control can be configured to run in local processing mode and remote processing mode.​​​

    • ​Local Processing Mode
      This mode uses client report definition (.rdlc) files, all report processing is performed on the computer that hosts the application. All data used by the report must be retrieved from data that the client application provides, so you have to configure the ReportViewer control's Data sources, Report parameters.
      See Configuring ReportViewer for Local Processing for more information.
    • Remote Processing Mode
      This mode needs the Microsoft SQL Server 2005 Reporting Services report server, The report server processes the data and renders the report into an output format. The ReportViewer control retrieves the finished report from the report server and displays it on the screen, so you have to configure the ReportViewer control's report server information. 
      See Configuring ReportViewer for Remote Processing for more information.

    If you use local processing mode in your Web application, there are more configuration to do for the ReportViewer control, report processing will also slow down the web server.


  13. Do you avoid using Web Site Projects?

    If you're creating new web apps in ASP.NET 2.0, do you still use Web Site projects? We strongly recommend using the new Web Application projects.

    What's the difference between the two? There is a detailed comparison here, but to summarize:​​

    • Web Site projects have no project file and it creates multiples assemblies. (This result in a lot of annoying scenarios.)
    • Web Application projects have a physical project file and along with all other standalone classes within the project are compiled into a single assembly.

    Please see our kb - How to upgrade VS 2005 Web Site Projects to be VS 2005 Web Application Projects? to do the upgrade. ​​

  14. Do you build criteria by using a where clause?

    It is very common to come up with ways to filter data. 
    As an example, you could do it like this.

    ClientSearch.aspx?Client.ClientID='ssw'&Client.CoName='S'

    Figure: Filtering Data

    This allows you to easily extract fields and values, but it only works for the fields you hard code. You could get around it by writing complex code to build a SQL query or ignore the ones that don't match.

    But this gives exact matches. E.g.:

    ​ClientID=ssw

    What if you want to give the ability to allow the user to be able to use a like e.g.

    ClientID like '%ssw%'

    Well then I could add something like

    ClientSearch.aspx?Client.ClientID=ssw&Client.ClientID.SearchMode=OR

    But why do this when a WHERE clause in SQL can do all this 
    e.g.

    ClientSearch.aspx?Where=Client.ClientID%20like%20'%ssw%'

    Figure: Similar matches

    Try this - ClientSearch.aspx?Where=Client.ClientID%20like%20'%ssw%'

    The Pros for do this are:

    • Quicker development time.
    • SQL is very powerful - say I want to JOIN another table in the WHERE, I could use an IN statement and do a sub query - no extra code by the developer.
    • Matches HTML syntax (named value pair) and as a developer you can get it easy. e.g.
    • Request.QueryString("Where")

    The CONS:

    • It shows the database schema to the users - users maybe should not see the structure of the database.
    • Security - the where clause could show data we don't want users to see.
    • Got to add a little extra code to avoid SQL injection.


  15. Do you have a Validation page (the /zsValidate) for your web server?

    How can you know that all components are working correctly on your site? It is vitally important to have a 'Health Check' page to validate everything is working correctly. This page will check the server and make sure:

    • all the DLLs are present (and registered for COM ones)
    • all the web services are working
    • all the databases are alive, etc.

    Link Auditor footer
    Figure: Link Auditor server info

    You would be surprised how many dependencies a large web page can have.The advantage of this page is if you ever need to redeploy your application on another server or you have some pages that are just not working as planned you can load up this page and get a quick diagnostics of your website.

    Validate Setup
    Figure: One of the components on this web site is down
    Validation Tests
    Figure: Automatically validating our website

    See SSW Rules - Do you have a zsValidate page to test your website dependencies?

    ​​
  16. Do you have generic exception handler in your Global.asax?

    Add your code to handle generic exception of your ASP.NET application in Application_Error.

    ​​private static readonly ILog log = LogManager.GetLogger(typeof(MvcApplication));

            protected void Application_Error(object sender, EventArgs e)
            {
                Exception ex = Server.GetLastError().GetBaseException();
                log.Fatal("Unhandled Exception", ex);
            }

    ​Figure. Exception handler in Global.asax.cs​
  17. Do you keep your "DataBinder.Eval" clean?

    Remember ASP code, you had lots of inline processing. Using DataBinder.Eval encourages the same tendencies. DataBinder.Eval is OK, so is formatting a number to a currency. But not formatting based on business rules. The general rule is, any code between <%# and DataBinder.Eval is bad and should be moved into protected method on the form.

    Here is a good and a bad way to binding fields in ASP.NET in a datagrid.

    Putting all the field binding code AND the business rule in the

    control

    • Bad: Business logic is in the presentation layer (.aspx file)
    • Bad: No intellisense
    • Bad: Compile errors are not picked up 

    ​​

    <asp:Label id="tumorSizeLabel" runat="server" Text='<%# iif( Container.DataItem.Row.IsNull("TumorSize"), "N/A",DataBinder.Eval(Container, "DataItem.TumorSize", "0.00")) %>'/>

    Bad code​​

    ​​Putting the code on the ItemDataBound Event.

    • Good: Business logic is in the code behind (.vb or .cs file)
    • Good: intellisense
    • Bad: Code Bloat
    • Bad: Have to use server control for all controls (viewstate bloat)

    In server page: 

    ​​<asp:Label id="tumorSizeLabel" runat="server" /> 

    In code behind:

    Private Sub patientDataGrid_ItemDataBound( ByVal sender As Object, ByVal e As DataGridItemEventArgs)_
    Handles patientDataGrid.ItemDataBound
    If( e.Item.ItemType = ListItemType.Item Or e.Item.ItemType = ListItemType.AlternatingItem) Then
    Dim tumorSizeLabel As Label = e.Item.FindControl("tumorSizeLabel")
    Dim rowView As DataRowView = CType(e.Item.DataItem, DataRowView)
    Dim row As PatientDataSet.PatientRow = CType(rowView.Row, PatientDataSet.PatientRow)
    If row.IsTumorSizeNull() Then
    tumorSizeLabel.Text = "N/A"
    Else
    tumorSizeLabel.Text = row.TumorSize.ToString("0.00")
    End If
    End If
    End Sub

    Good code​​

    ​​We have a program called SSW Code Auditor to check for this rule.​​​


  18. Do you keep your website loading time acceptable?

    Nobody Likes a Slow Website. You should optimize the performance of your websites so it loads as quick as possible.

    You should use Pingdom Website Speed Test​​​ to analyze the load speed of your websites and learn how to make them faster.

    Then work to k​eep it under 3 MB:

    • Unacceptable > 3 MB​​
    • OK 1.5 MB to 3 MB (apple.com is 1.5MB)
    • Good < 1.5 MB​
    • Excellent < 1 MB
  19. Do you know how to generate maintenance pages?

    In every application you focus on is the important business problems e.g. Invoices with multiple deliveries. Plus you have lots of lookup tables e.g. CustomerCategory. It is smart to work on the important business problems and have the lookup tables done automatically using a code generator.

    ​​The code generators to generate maintenance pages automatically, come from MS and from 3rd parties. The current choices are:​

    1. ​​We recommend NetTiers (a template for Code Smith) in our 'The Best 3rd Party .NET Tools'. It is an open source template and the output code is of good quality. There are many amazing features:
      • Creates a full website project, already pre-configured and ready to begin coding against your data immediately.
      • Creates a full set of administration web controls, that serves as a basic yet fully functional web administration console for database.
      • Creates a full set of typed DataSource controls for your entire API with design time support, they are similar to the ObjectDataSource, only these are full featured and are actually developer friendly.
      • Creates a full webservice API for your domain, perfect for a .net winforms or smart client application and is simple to configure.
    2. AspDB is an alternative choice. You can click via a code generator (Designer) to produce a complete and acceptable Web DB application in several minutes.
    3. BLinQ is a tool to generate websites that use LinQ to show and edit data.
      ​DEAD - now replaced by ASP.NET Dynamic Data.
    4. ASP.NET Dynamic Data provides the Web application scaffolding that enables you to build rich data-driven Web applications. This scaffolding is a mechanism that enhances the functionality of the existing ASP.NET framework by adding the ability to dynamically display pages based on the data model of the underlying database, without having to create pages manually. 

      WARNING: ASP.NET Dynamic Data is in Beta and not installed on SEAL and SEALUS. 
      ASP.NET Dynamic Data has been released in VS.NET 2008 SP1.


  20. Do you know not to use LinkButton?

    If we want to refresh and data bind the same page from client side, we can use the javascript function calls "__doPostBack". We shouldn't fire this post back in LinkButton. Otherwise, there will be an error.
    RightClickLink.gif
    Figure: Right click the link with __doPostBack event  ​
    PostBack.gif
    Figure: New window with incorrect URL

    ASPX:
    <asp:Panel runat="server" ID="mUpdatePanel" OnLoad="mUpdatePanel_Load">
    <asp:Label runat="server" ID="lblTime" />
    <br />
    <asp:GridView ID="gvList" runat="server" AutoGenerateColumns="false">
    <Columns>
    <asp:BoundField DataField="ID" HeaderText="ID" />
    </Columns>
    <Columns>
    <asp:BoundField DataField="Name" HeaderText="Name" />
    </Columns>
    </asp:GridView>
    <br />
    ID:<asp:TextBox ID="txtID" runat="server"/>
    Name:<asp:TextBox ID="txtName" runat="server"/>
    </asp:Panel>
    C#:
    protected void mUpdatePanel_Load(object sender, EventArgs e)
    {
    lblTime.Text = DateTime.Now.ToLongTimeString();
    ArrayList mList = (ArrayList)ViewState["List"];
    if (txtName.Text.Length > 0)
    {
    Client mClient = new Client();
    mClient.ID = Int32.Parse(txtID.Text);
    mClient.Name = txtName.Text;
    mList.Add(mClient);
    ViewState["List"] = mList;
    gvList.DataSource = mList;
    gvList.DataBind();
    }
    }

    Sample Code​​​

    ​​​<a href="javascript:__doPostBack('mUpdatePanel','');">Refresh</a>

    Bad Code​

    <input type="button" onclick="javascript:__doPostBack('mUpdatePanel','');" value="Refresh" />

    Good Code​

    We have a program called SSW Code Auditor to check for this rule.​


  21. Do you know that or sections in web.config must contain a or a element?

    If web.config contains a <httpHandlers> or <httpModules> section, that section must contain a <remove... /> or a <clear /> element.

    This basically forces developers to explicitly enable inheritance in nested virtual directories. In 99% of cases this developers won't use inheritance on these two sections, however it causes issues when somebody wants to add a module or handler to the parent virtual directory.

    <configuration>
       <system.web>
          <httpHandlers>
             <add verb="*" 
                  path="*.New" 
                  type="MyHandler.New,MyHandler"/>
             <add verb="GET,HEAD" 
                  path="*.MyNewFileExtension" 
                  type="MyHandler.MNFEHandler,MyHandler.dll"/>
         </httpHandlers>
       <system.web>
    </configuration>
    
    Figure: Bad example
    <configuration>
       <system.web>
          <httpHandlers>
             <clear/>
             <add verb="*" 
                  path="*.New" 
                  type="MyHandler.New,MyHandler"/>
             <add verb="GET,HEAD" 
                  path="*.MyNewFileExtension" 
                  type="MyHandler.MNFEHandler,MyHandler.dll"/>
         </httpHandlers>
       <system.web>
    <configuration>
    
    Figure: Good example
  22. Do you know the best sample applications?

    Before starting a software project and evaluating a new technology, it is important to know what the best practices are. The easiest way to get up and running is by looking at a sample application. Below are a list of sample applications that we’ve curated and given our seal of approval.

    SQL Server

    ASP.NET MVC + WebAPI

    SPA

    AngularJS

    Angular

    2

  23. Do you know when anchor should "run at server"?

    <a> tag should runat=“server" *ONLY* if you need to change the target at runtime.

    If you include runat=“server" for an HTML element that you do not need access to in code behind, you are introducing a whole lot of overhead you do not need. ​

    ​We have a program called SSW Code Auditor to check for this rule.​​


  24. Do You Know Which Packages To Add To Your New MVC Project?

    ​​​When you create a new MVC project in Visual Studio it is important to include the right packages from the start. This makes the project more manageable and you become more efficient in producing your final result.

    ​If you add old, obsolete or incorrect NuGet packages, the project will suffer and you might have decreased performance or scope creep as new requirements are discovered. 

    Avoid old technologies such as:

    • ​​MVC Web Forms
    • KnockoutJS
    When you create a project you should be adding the following NuGet Packages:
    • SSW.DataOnion
    • SSW.HealthCheck
    • ​​AutoFac
    • Serilog

    You should also add the following NPM packages:

    • Angular JS
    • Bootstrap
    • Gulp

    Note: Prior to 2016, SSW recommend developers choose bower over NPM as their front end package manager. That recomendation has chan​ged due to the industry trend away from bower.

    Bower_v_NPM.png 

    Figure: NPM Popularity has been increasing

    Part of SugarLearning Developer Induction.

  25. Do you release build your web applications before you deploy them?

    Additionally to the reasons found on rule Do you always deploy Release builds to production, there are more reasons doing this with ASP.NET
      • ASP.NET conducts a batch compilation on "release builds", which means it tries to compile all files in the current folder into one DLL
      • No resource caching is performed on debug build assemblies, which means that each request/response for a resource is not cached
    According to MSDN web developer tips, you can choose one of the following to release build your web application
      • In web.config file, set <compilation debug="false"/>
      • Disable the <compilation debug="true"/> switch for all ASP.NET applications on the server by setting the following in Machine.config​

    ​<system.web> <deployment retail="true"/> </system.web>

    ​​​The setting in machine.config will also turn off trace output in a page and detailed error messages remotely
    ​Machine.config file is typically located at %SystemRoot%\Microsoft.NET\Framework\%VersionNumber%\CONFIG.​​
  26. Do you replace the 404 error with a useful error page?

    ​​​

    Error page, you say? You worked hard to make sure my site has no errors!! Well, surfers don't always type URLs accurately. No website is immune to such errors.

    A well-designed custom error page encourages surfers to remain in your site and help them to the right page. Although it's possible to redirect error codes straight to your homepage, that doesn't tell visitors what's going on. It's more user-friendly to explain that there was a problem and provide some alternatives. Supply a link to your home page or other links, or offer your site's search function if you have one. ​

    <customErrors mode="Off"></customErrors>

    Figure: This is the default code in the web.config

    <customErrors mode="RemoteOnly" defaultRedirect="/ssw/ErrorPage.aspx">
    <error statusCode="404" redirect="/ssw/SSWCustomError404.aspx">
    </customErrors>

    Figure: this is the current code in the web.config of the SSW Site 

    For ASP.NET website, the detailed information would be presented to the remote machines when an unhandled error occurs if the customErrors mode is off.

    This error information is useful for the developer to do debugging. However, it would leak out some confidential information which could be used to get into your system by the hackers. We can assume that if a SQL exception occurs by accident, which may expose database sensitive information (e.g. connection string; SQL script). So, to prevent these leaks, you should set the "mode" attribute of the tag <customerrors> to "RemoteOnly" or "On" in the web.config file and create a user-friendly customized error page to replace the detailed error information.

    <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm"></customErrors>

    Figure: Turning on "customErrors" protects sensitive information against Hacker 
    404-bad.jpg
    Figure: Bad example - Unhandled e rror
    404-good.jpg
    Figure: Good example - Custom error page

    Related rule

  27. Do you use "301" code to redirect renamed or moved pages?

    Don't lose your Google juice when you rename a file. Do not use META refresh to redirect pages - "301" code is the most efficient and Search Engine Friendly method for webpage redirection. There are different ways to implement and it should preserve your search engine rankings for that particular page. If you have to change file names or move pages around, always use the code "301", which is interpreted as "moved permanently".​

    How to do a "301" redirect in .aspx

    Any time you move a page or just delete a page you should add a "301" redirect to a new page or a page for missing pages.
    1. You can add a 301 redirect in code

       <% Response.RedirectPermanent("NEW PAGE URL HERE") %>

      Although this works well it is difficult to manage the list of redirects and you need to keep the page around.
    2. You can write an HTTP handler
      This is better as you can choose where to store the redirect list, but you still need to manage a custom codebase.
    3. You can use rewrite maps in IIS URL Rewrite to add a number of redirects
      See Storing URL rewrite mappings in a separate file  for an explanation of how to use rewrite maps.
    Note: If you are using a source control, like TFS, lock the old file so no-one can edit it by mistake.

    WordPress

    WordPress automatically redirects posts when you change the URL (permalink). No further action is required.

  28. Do you use CSS Validation Service to check your CSS file?

    CSS Validation Service allows you to check your webpage against the W3C recommendations. When developing web pages you want to create a clean and valid web page. It makes it easier for someone else to read and add new parts to a web page. Every web language like CSS has its own Syntax it must follow in order to produce a clean and valid web page, CSS Validation Service allows you to achieve that goal.

    Go to CSS Validation Service:

    1. Enter the URL or ppload file or by Direct Input to check
    2. Review the results and make changes to fix ​errors 

  29. Do you use Markup Validation Service to check your HTML and XHTML code?

    Markup Validation Service allows you to check your web page against the W3C recommendations. When developing web pages you want to create a clean and valid web page. It makes it easier for someone else to read and add new parts to a web page. Every web language like HTML has its own syntax it must follow in order to produce a clean and valid web page, Markup Validation Service allows you to achieve that goal. 

    Go to Markup Validation Service​:

    1. Enter the URL or upload file to check ​
    2. Review the results and make changes to fix errors

  30. Do you use server side comments?

    ​Use server side comments:

    • Use <%-- Comment Here --%> instead of <!-- Comment Here --> (Does not get rendered to the client, saves us a few precious kilobytes)
    • Use CTRL + K, C to comment and CTRL + K, U to uncomment​
  31. Do you use SSO (Single sign-on) for your websites?

    Many companies have more than one web applications running under different versions of .NET framework in different subdomains, or even in different domains. They want to let the user sign in once and stay logged in when switching to a different web site, and this is SSO (Single Sign-On).

    In ASP.NET the logged-in user status is persisted by storing the cookie on the client computer, base on this mechanism, they are two possible solutions​:


    1. ​​Share one cookie across the web applications. 
      The Forms authentication cookie is nothing but the container for forms authentication ticket. The ticket is encrypted and signed using the <machineKey> configuration element of the server's Machine.config file. So if the web applications are hosted on the same machine, the point is to create a shared authentication cookie. Configure the web.config and create the cookie manually can achieve this. 
      Following scenarios may suit this solution
      • SSO for parent and child application in the virtual sub-directory
      • SSO for two applications in two sub-domains of the same domain
    2. Create its own cookie for each site by calling a page which can create cookie in its own domain. 
      If the web applications are hosted on different machine, it is not possibly to share a cookie. In this case each site will need to create its own cookie, call the other sites and ask them to create their own ones. 
      Following scenarios may suit this solution.
      • SSO for two applications in different domains
    ​​
  32. Do you use the best Web UI libraries?

    ​Don't waste time evaluating which Web UI libraries to use. Most of the commonly used libraries are very similar in functionality . The recommend  library is Twitter Bootstrap.

    It's the most popular available framework today, which means more people involved in the project, more tutorials and articles from the community, more real-world examples/websites, more third-party extensions, and better integration with other​ web development products

    zurb.png
    Figure: Bad example - Zurb Foundation is the second most popular, but it uses Sass files and​ has the worst name

    In VS 2013 Zurb Foundation was always out of date on Nuget. So if you use it (which is not recommended) download it direct from ​Github.​​ 

    In VS 2015 these packages were moved from N​uget to Bower. 

    bootstrap.png
    Figure: Good example - leader among frameworks today, Bootstrap toolkit is recommended to build​ successful websites

    The 3 things a developer need to know to get up and running quickly with ASP.NET MVC

     

    Twitter Bootstrap & ASP.NET MVC ​​​​- Intro / Quickstart

     

    ​Other useful frameworks​

    Now that you saved a lot of UI develo​pment time by using Bootstrap, you can play around with other useful frameworks.​

    • KendoUI for enhanced HTML and jQuery controls
    • KnockoutJS for view-model data binding
    • SignalR for real-time web functionality​
  33. Do you use Windows Integrated Authentication?

    Windows Integrated Authentication is the preferred option for use with intranet applications. When using Windows Integrated security, you don't need to implement the sign in system and user accounts database. The biggest advantage is if the user is already logged in to your domain they don't need to sing in to your application, it automatically logs them in instead of them having to sign in manually.