MSDNEvents_Spring2007_AJAXBestPractices

Views:
 
Category: Entertainment
     
 

Presentation Description

No description available.

Comments

Presentation Transcript

Best Practices for Building Next Generation Web Applications Using Microsoft ASP.NET AJAX : 

Best Practices for Building Next Generation Web Applications Using Microsoft ASP.NET AJAX MSDN Events http://www.msdnevents.com

What We Will Cover : 

What We Will Cover Common Pitfalls Best Practices Prescriptive Guidance

Agenda : 

Agenda Introduction Extensibility and Maintenance Accessibility Scalability Security

Using AJAXBenefits and Concerns : 

Using AJAXBenefits and Concerns Benefits Richer application functionality Better end-user experiences Decreased bandwidth utilization Improved scalability Concerns Increased complexity for developers Increased attack surface

AJAX Architecture : 

AJAX Architecture DOM, JavaScript, CSS, XML, JSON, etc. C#, VB.NET, ASPX, XML, SQL, etc.

Developer Checklist : 

Code Extensibility and Maintenance Accessibility Scalability Security Developer Checklist

Agenda : 

Agenda Introduction Extensibility and Maintenance Accessibility Scalability Security

Code Maintenance : 

Code Maintenance General Coding Best Practices Design patterns and idioms Refactoring Unobtrusive Client-Side Coding Separate behavior from structure Similar to how CSS separates style from structure

Unobtrusive Coding - Benefits : 

Unobtrusive Coding - Benefits Benefits Less coupling yields less brittle code Less coupling yields better re-use through encapsulation Behaviors can degrade more gracefully Unobtrusive Coding Yields:

Unobtrusive ASP.NET AJAX : 

Unobtrusive ASP.NET AJAX

Agenda : 

Agenda Introduction Extensibility and Maintenance Accessibility Scalability Security

AJAX and Accessibility : 

AJAX and Accessibility What is Accessibility? Problems with AJAX and Accessibility Dynamic Nature Partial-page reloads Asynchronous update to UI using Web Services and AJAX calls. Visual Nature Rich visual UI Cool ‘effects’

Mitigation Strategies : 

Mitigation Strategies User Notification Dampening Alerting / Notifications Validation By real users who use real assistive technologies Progressive Enhancement / HIJAX

Addressing Accessibility with ASP.NET AJAX : 

Addressing Accessibility with ASP.NET AJAX

Agenda : 

Agenda Introduction Extensibility and Maintenance Accessibility Scalability Security

Update Panels and Web Services : 

Update Panels and Web Services Update Panels Easy to leverage Only requires server side coding Stateful Requires a full post-back Synchronous (last request wins)Requires a full post-back Use when you need state or server-side logic. Web Services Lightweight Asynchronous / parallel execution Finer control Harder to Implement Requires client-side codingUse when your logic/data is stateless or when you need fine control

Optimizing UpdatePanels : 

Optimizing UpdatePanels Size and Scope Limit scope and number Avoid enclosing static content Optimizations Conditional updates Triggers

Optimizing AJAX Partial Page Postbacks : 

Optimizing AJAX Partial Page Postbacks

Micro-Caching : 

Micro-Caching Server side caching with ASP.NET AJAX applications deliver more responsive UIs and ‘dynamic’ data Cached data that has become “stale” is not acceptable Consider the definition of stale 2 minutes? 20 seconds? 2 seconds? Solution: Micro-Caching Cache for short periods of time Middle ground between always up-to-date and stale data

Using Micro Caching : 

Using Micro Caching

Agenda : 

Agenda Introduction Extensibility and Maintenance Accessibility Scalability Security

Security Best Practices : 

Security Best Practices Trust nothing—validate everything Separate control from data Adhere to the Defense In Depth principle Use secure transmissions as needed Reduce attack surfaces

Common Validation Failings : 

Common Validation Failings Failure to validate at the server Client-side only validation is NOT security. Validation techniques Blacklisting Complex Treacherous Whitelisting Intuitive Secure

Addressing common validation concerns : 

Addressing common validation concerns

Securing Access and Communications : 

Securing Access and Communications Remember Use Authorization schemes Protect sensitive information Easy Use Sys.Services.AuthenticationService

Other Security Best Practices : 

Other Security Best Practices Disable error messages Don’t disclose useful information to malicious users Reduce attack surfaces Remove non-used interfaces and Web methods Turn of WSDL and/or .DISCO where possible

Hardening Web Services : 

Hardening Web Services

Session Summary : 

Session Summary Remember Best Practices Remember to Optimize Update Panels Take Security Seriously Consider Accessibility

Resources : 

Resources Microsoft ASP.NET AJAX http://ajax.asp.net MSDN Events Resources http://www.msdnevents.com/resources

Slide 30: 

MSDN Events http://www.msdnevents.com

authorStream Live Help