SlideShare a Scribd company logo

What not to do with ASP NET

Download as PPTX, PDF
PsiberTech Solutions Pte Ltd, profile picture
PsiberTech Solutions Pte Ltd

This document outlines common mistakes to avoid when using ASP.NET for web projects. It discusses issues regarding standards compliance, security, and reliability and performance. Specifically, it advises against using inline styles, static browser detection, disabling security features, long-running requests, and attempting to access request data too early in the page lifecycle. The document stresses using modern techniques like CSS, JavaScript, asynchronous code, and separate application pools to build secure, standards-compliant ASP.NET applications.

Technology
1 of 17
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
WHAT NOT TO DO WITH ASPNET Common mistakes to avoid while using aspnet for web projects
I .STANDARDS COMPLIANCE No Control adapters : It's best to use solid adaptive CSS and HTML techniques.
I. STANDARDS COMPLIANCE No style values in the control markup: Set CSS classes yourself, don't use inline styles. protected void CustomersGridView_RowDataBound(object sender, GridViewRowEventArgs e) { if (e.Row.Cells[2].Text == "Unconfirmed") { e.Row.CssClass = "CautionRow"; } }
I. STANDARDS COMPLIANCE No page and control callbacks: Stick with SignalR, Web API, and JavaScript.
I. STANDARDS COMPLIANCE No static browser capability detection: Check for features instead of browsers
II. SECURITY No Request Validation: Validate user input and encode values from users.
II. SECURITY No Cookieless Forms Authentication and Session Require cookies when application includes authentication. <authentication mode="Forms"> <forms loginUrl="member_login.aspx“ cookieless="UseCookies" requireSSL="true" path="/MyApplication" /> </authentication>
II. SECURITY Do not set EnableViewStateMac to false. Require cookies when application includes authentication. <%@ Page language="C#" EnableViewStateMac="true" %>
II. SECURITY Do not depend on Medium Trust: Keep Apps in separate App pools.
II. SECURITY Do not disable security patches with appsettings: Keep Apps in separate App pools.
II. SECURITY Do not use UrlPathEncode: Use UrlEncode Instead. string destinationURL = "http://www.contoso.com/default.aspx?user=test"; NextPage.NavigateUrl = "~/Finish?url=" + Server.UrlEncode(destinationURL);
III. RELIABILITY AND PERFORMANCE No PreSendRequestHeaders and PreSendRequestContext: Use native IIS module to perform the required task
III. RELIABILITY AND PERFORMANCE No Asynchronous Page Events with Web Forms: Use Page.RegisterAsyncTask instead protected void StartAsync_Click(object sender, EventArgs e) { Page.RegisterAsyncTask(new PageAsyncTask(async() => { string stringToRead = "Long text value"; using (StringReader reader = new StringReader(stringToRead)) { string readText = await reader.ReadToEndAsync(); Result.Text = readText; } })); }
III. RELIABILITY AND PERFORMANCE No Fire-and-Forget Work: Move ThreadPool.QueueUserWorkItem outside or use WebBackgrounder if you must
III. RELIABILITY AND PERFORMANCE No reading Request.Form or Request.InputStream before the handler's execute event: Stay out of Request.Form and Request.InputStream before your handler's execute event. It may not be ready to go
III. RELIABILITY AND PERFORMANCE No Long-running Requests (>110 seconds): Use WebSockets or SignalR for connected clients, and use asynchronous I/O operations
THANK YOU ! WWW.PSIBERTECH.COM.SG

More Related Content

PPTX
SgCodeJam24 Workshop Extract
remko caprio
 
PDF
Open social for science a sciverse primer - mysimplesearch
remko caprio
 
PDF
Softlayer_API_openWhisk
Shuichi Yukimoto
 
PPTX
07.1. Android Even Handling
Oum Saokosal
 
PPTX
Lidiia 'Alice' Skalytska - Security Checklist for Web Developers
OWASP Kyiv
 
PDF
Resume (2)
Debasish Panda
 
PPTX
Angular js 1.x - Main Concepts presented in FronteersJo Meetup
Islam AlZatary
 
PPTX
Authorization and Authentication using IdentityServer4
Aaron Ralls
 
SgCodeJam24 Workshop Extract
remko caprio
 
Open social for science a sciverse primer - mysimplesearch
remko caprio
 
Softlayer_API_openWhisk
Shuichi Yukimoto
 
07.1. Android Even Handling
Oum Saokosal
 
Lidiia 'Alice' Skalytska - Security Checklist for Web Developers
OWASP Kyiv
 
Resume (2)
Debasish Panda
 
Angular js 1.x - Main Concepts presented in FronteersJo Meetup
Islam AlZatary
 
Authorization and Authentication using IdentityServer4
Aaron Ralls
 

What's hot (20)

PPTX
Python in SQL 2019
Rich Benner
 
PDF
Bleeding edge web stuff
Niranjan Prithviraj
 
PPTX
Azure - Il cloud secondo microsoft
Davide Benvegnù
 
PPTX
Offline Storage
SP Balamurugan
 
PDF
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
Syed Ubaid Ali Jafri
 
PPTX
View controllers en iOS
Mariano Carrizo
 
PPTX
11.1 Android with HTML
Oum Saokosal
 
PPTX
Progressive Web Apps - Tips
Rainmaker Ho
 
PPTX
Securing the Web@VoxxedDays2017
Sumanth Damarla
 
PPTX
Asp.net page lifecycle
KhademulBasher
 
PPTX
Microsoft asp.net identity security
rustd
 
PPT
Spring Security Introduction
Mindfire Solutions
 
PPTX
New microsoft office power point presentation
teach4uin
 
PPT
Ajax Security
Roberto Suggi Liverani
 
PDF
AJAX Security - LAC2016
Julia Logan a.k.a. IrishWonder
 
PDF
Spring Cloud Gateway - Nate Schutta
VMware Tanzu
 
PPTX
Spring security
sakhibarun
 
PDF
Spring security jwt tutorial toptal
jbsysatm
 
PPTX
OAuth
Anand Rai
 
PPTX
ZZ BC#8 Hello ASP.NET MVC 4 (dks)
Chalermpon Areepong
 
Python in SQL 2019
Rich Benner
 
Bleeding edge web stuff
Niranjan Prithviraj
 
Azure - Il cloud secondo microsoft
Davide Benvegnù
 
Offline Storage
SP Balamurugan
 
Syed Ubaid Ali Jafri - Secure IIS Configuration Windows 7
Syed Ubaid Ali Jafri
 
View controllers en iOS
Mariano Carrizo
 
11.1 Android with HTML
Oum Saokosal
 
Progressive Web Apps - Tips
Rainmaker Ho
 
Securing the Web@VoxxedDays2017
Sumanth Damarla
 
Asp.net page lifecycle
KhademulBasher
 
Microsoft asp.net identity security
rustd
 
Spring Security Introduction
Mindfire Solutions
 
New microsoft office power point presentation
teach4uin
 
Ajax Security
Roberto Suggi Liverani
 
AJAX Security - LAC2016
Julia Logan a.k.a. IrishWonder
 
Spring Cloud Gateway - Nate Schutta
VMware Tanzu
 
Spring security
sakhibarun
 
Spring security jwt tutorial toptal
jbsysatm
 
OAuth
Anand Rai
 
ZZ BC#8 Hello ASP.NET MVC 4 (dks)
Chalermpon Areepong
 
Ad

Similar to What not to do with ASP NET (20)

PPT
IEEE KUET SPAC presentation
ahsanmm
 
PDF
Tips and Tricks For Faster Asp.NET and MVC Applications
Sarvesh Kushwaha
 
DOCX
High performance coding practices code project
Pruthvi B Patil
 
PPTX
Scaling asp.net websites to millions of users
oazabir
 
PPTX
10 tips to make your ASP.NET Apps Faster
Brij Mishra
 
PDF
How to optimize asp dot-net application
sonia merchant
 
PPTX
10 performance and scalability secrets of ASP.NET websites
oazabir
 
PDF
Asp.Net Tips
Susan Begonja
 
PPTX
ASP.NET Quick Wins - 20 Tips and Tricks To Shift Your Application into High Gear
Kevin Griffin
 
PDF
Professional Aspnet 20 Security Membership And Role Management Stefan Schackow
asnermaurihg
 
PPTX
Asp.net performance
Abhishek Sur
 
PDF
10 things I’ve learnt about web application security
James Crowley
 
PDF
10 things to remember
sonia merchant
 
PDF
ASP.NET Scalability - DDD7
Phil Pursglove
 
PPT
How To Optimize Asp.Net Application ?
Pooja Gaikwad
 
PPT
How to optimize asp dot net application ?
sonia merchant
 
PPTX
Mobile Devices and SharePoint - Sahil Malik
SPC Adriatics
 
PPTX
Mobile devices and SharePoint
maliksahil
 
PDF
ASP.NET Scalability - NxtGen Oxford
Phil Pursglove
 
PPTX
Asynchronous programming in ASP.NET
Alex Thissen
 
IEEE KUET SPAC presentation
ahsanmm
 
Tips and Tricks For Faster Asp.NET and MVC Applications
Sarvesh Kushwaha
 
High performance coding practices code project
Pruthvi B Patil
 
Scaling asp.net websites to millions of users
oazabir
 
10 tips to make your ASP.NET Apps Faster
Brij Mishra
 
How to optimize asp dot-net application
sonia merchant
 
10 performance and scalability secrets of ASP.NET websites
oazabir
 
Asp.Net Tips
Susan Begonja
 
ASP.NET Quick Wins - 20 Tips and Tricks To Shift Your Application into High Gear
Kevin Griffin
 
Professional Aspnet 20 Security Membership And Role Management Stefan Schackow
asnermaurihg
 
Asp.net performance
Abhishek Sur
 
10 things I’ve learnt about web application security
James Crowley
 
10 things to remember
sonia merchant
 
ASP.NET Scalability - DDD7
Phil Pursglove
 
How To Optimize Asp.Net Application ?
Pooja Gaikwad
 
How to optimize asp dot net application ?
sonia merchant
 
Mobile Devices and SharePoint - Sahil Malik
SPC Adriatics
 
Mobile devices and SharePoint
maliksahil
 
ASP.NET Scalability - NxtGen Oxford
Phil Pursglove
 
Asynchronous programming in ASP.NET
Alex Thissen
 
Ad

Recently uploaded (20)

PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Cloud computing and distributed systems.
kkkkkhan
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
KodekX | Application Modernization Development
KodekX
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 

What not to do with ASP NET

  • 1. WHAT NOT TO DO WITH ASPNET Common mistakes to avoid while using aspnet for web projects
  • 2. I .STANDARDS COMPLIANCE No Control adapters : It's best to use solid adaptive CSS and HTML techniques.
  • 3. I. STANDARDS COMPLIANCE No style values in the control markup: Set CSS classes yourself, don't use inline styles. protected void CustomersGridView_RowDataBound(object sender, GridViewRowEventArgs e) { if (e.Row.Cells[2].Text == "Unconfirmed") { e.Row.CssClass = "CautionRow"; } }
  • 4. I. STANDARDS COMPLIANCE No page and control callbacks: Stick with SignalR, Web API, and JavaScript.
  • 5. I. STANDARDS COMPLIANCE No static browser capability detection: Check for features instead of browsers
  • 6. II. SECURITY No Request Validation: Validate user input and encode values from users.
  • 7. II. SECURITY No Cookieless Forms Authentication and Session Require cookies when application includes authentication. <authentication mode="Forms"> <forms loginUrl="member_login.aspx“ cookieless="UseCookies" requireSSL="true" path="/MyApplication" /> </authentication>
  • 8. II. SECURITY Do not set EnableViewStateMac to false. Require cookies when application includes authentication. <%@ Page language="C#" EnableViewStateMac="true" %>
  • 9. II. SECURITY Do not depend on Medium Trust: Keep Apps in separate App pools.
  • 10. II. SECURITY Do not disable security patches with appsettings: Keep Apps in separate App pools.
  • 11. II. SECURITY Do not use UrlPathEncode: Use UrlEncode Instead. string destinationURL = "http://www.contoso.com/default.aspx?user=test"; NextPage.NavigateUrl = "~/Finish?url=" + Server.UrlEncode(destinationURL);
  • 12. III. RELIABILITY AND PERFORMANCE No PreSendRequestHeaders and PreSendRequestContext: Use native IIS module to perform the required task
  • 13. III. RELIABILITY AND PERFORMANCE No Asynchronous Page Events with Web Forms: Use Page.RegisterAsyncTask instead protected void StartAsync_Click(object sender, EventArgs e) { Page.RegisterAsyncTask(new PageAsyncTask(async() => { string stringToRead = "Long text value"; using (StringReader reader = new StringReader(stringToRead)) { string readText = await reader.ReadToEndAsync(); Result.Text = readText; } })); }
  • 14. III. RELIABILITY AND PERFORMANCE No Fire-and-Forget Work: Move ThreadPool.QueueUserWorkItem outside or use WebBackgrounder if you must
  • 15. III. RELIABILITY AND PERFORMANCE No reading Request.Form or Request.InputStream before the handler's execute event: Stay out of Request.Form and Request.InputStream before your handler's execute event. It may not be ready to go
  • 16. III. RELIABILITY AND PERFORMANCE No Long-running Requests (>110 seconds): Use WebSockets or SignalR for connected clients, and use asynchronous I/O operations
  • 17. THANK YOU ! WWW.PSIBERTECH.COM.SG