logging in or signing up MSDNEvents_Spring2007_AJAXBestPractices bakshiramanpreet Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 7 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: November 27, 2009 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Best Practices for Building Next Generation Web Applications Using Microsoft ASP.NET AJAX : Best Practices for Building Next Generation Web Applications Using Microsoft ASP.NET AJAX MSDN Events http://www.msdnevents.com What We Will Cover : What We Will Cover Common Pitfalls Best Practices Prescriptive Guidance Agenda : Agenda Introduction Extensibility and Maintenance Accessibility Scalability Security Using AJAXBenefits and Concerns : Using AJAXBenefits and Concerns Benefits Richer application functionality Better end-user experiences Decreased bandwidth utilization Improved scalability Concerns Increased complexity for developers Increased attack surface AJAX Architecture : AJAX Architecture DOM, JavaScript, CSS, XML, JSON, etc. C#, VB.NET, ASPX, XML, SQL, etc. Developer Checklist : Code Extensibility and Maintenance Accessibility Scalability Security Developer Checklist Agenda : Agenda Introduction Extensibility and Maintenance Accessibility Scalability Security Code Maintenance : Code Maintenance General Coding Best Practices Design patterns and idioms Refactoring Unobtrusive Client-Side Coding Separate behavior from structure Similar to how CSS separates style from structure Unobtrusive Coding - Benefits : Unobtrusive Coding - Benefits Benefits Less coupling yields less brittle code Less coupling yields better re-use through encapsulation Behaviors can degrade more gracefully Unobtrusive Coding Yields: Unobtrusive ASP.NET AJAX : Unobtrusive ASP.NET AJAX Agenda : Agenda Introduction Extensibility and Maintenance Accessibility Scalability Security AJAX and Accessibility : AJAX and Accessibility What is Accessibility? Problems with AJAX and Accessibility Dynamic Nature Partial-page reloads Asynchronous update to UI using Web Services and AJAX calls. Visual Nature Rich visual UI Cool ‘effects’ Mitigation Strategies : Mitigation Strategies User Notification Dampening Alerting / Notifications Validation By real users who use real assistive technologies Progressive Enhancement / HIJAX Addressing Accessibility with ASP.NET AJAX : Addressing Accessibility with ASP.NET AJAX Agenda : Agenda Introduction Extensibility and Maintenance Accessibility Scalability Security Update Panels and Web Services : Update Panels and Web Services Update Panels Easy to leverage Only requires server side coding Stateful Requires a full post-back Synchronous (last request wins)Requires a full post-back Use when you need state or server-side logic. Web Services Lightweight Asynchronous / parallel execution Finer control Harder to Implement Requires client-side codingUse when your logic/data is stateless or when you need fine control Optimizing UpdatePanels : Optimizing UpdatePanels Size and Scope Limit scope and number Avoid enclosing static content Optimizations Conditional updates Triggers Optimizing AJAX Partial Page Postbacks : Optimizing AJAX Partial Page Postbacks Micro-Caching : Micro-Caching Server side caching with ASP.NET AJAX applications deliver more responsive UIs and ‘dynamic’ data Cached data that has become “stale” is not acceptable Consider the definition of stale 2 minutes? 20 seconds? 2 seconds? Solution: Micro-Caching Cache for short periods of time Middle ground between always up-to-date and stale data Using Micro Caching : Using Micro Caching Agenda : Agenda Introduction Extensibility and Maintenance Accessibility Scalability Security Security Best Practices : Security Best Practices Trust nothing—validate everything Separate control from data Adhere to the Defense In Depth principle Use secure transmissions as needed Reduce attack surfaces Common Validation Failings : Common Validation Failings Failure to validate at the server Client-side only validation is NOT security. Validation techniques Blacklisting Complex Treacherous Whitelisting Intuitive Secure Addressing common validation concerns : Addressing common validation concerns Securing Access and Communications : Securing Access and Communications Remember Use Authorization schemes Protect sensitive information Easy Use Sys.Services.AuthenticationService Other Security Best Practices : Other Security Best Practices Disable error messages Don’t disclose useful information to malicious users Reduce attack surfaces Remove non-used interfaces and Web methods Turn of WSDL and/or .DISCO where possible Hardening Web Services : Hardening Web Services Session Summary : Session Summary Remember Best Practices Remember to Optimize Update Panels Take Security Seriously Consider Accessibility Resources : Resources Microsoft ASP.NET AJAX http://ajax.asp.net MSDN Events Resources http://www.msdnevents.com/resources Slide 30: MSDN Events http://www.msdnevents.com You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
MSDNEvents_Spring2007_AJAXBestPractices bakshiramanpreet Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 7 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: November 27, 2009 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Best Practices for Building Next Generation Web Applications Using Microsoft ASP.NET AJAX : Best Practices for Building Next Generation Web Applications Using Microsoft ASP.NET AJAX MSDN Events http://www.msdnevents.com What We Will Cover : What We Will Cover Common Pitfalls Best Practices Prescriptive Guidance Agenda : Agenda Introduction Extensibility and Maintenance Accessibility Scalability Security Using AJAXBenefits and Concerns : Using AJAXBenefits and Concerns Benefits Richer application functionality Better end-user experiences Decreased bandwidth utilization Improved scalability Concerns Increased complexity for developers Increased attack surface AJAX Architecture : AJAX Architecture DOM, JavaScript, CSS, XML, JSON, etc. C#, VB.NET, ASPX, XML, SQL, etc. Developer Checklist : Code Extensibility and Maintenance Accessibility Scalability Security Developer Checklist Agenda : Agenda Introduction Extensibility and Maintenance Accessibility Scalability Security Code Maintenance : Code Maintenance General Coding Best Practices Design patterns and idioms Refactoring Unobtrusive Client-Side Coding Separate behavior from structure Similar to how CSS separates style from structure Unobtrusive Coding - Benefits : Unobtrusive Coding - Benefits Benefits Less coupling yields less brittle code Less coupling yields better re-use through encapsulation Behaviors can degrade more gracefully Unobtrusive Coding Yields: Unobtrusive ASP.NET AJAX : Unobtrusive ASP.NET AJAX Agenda : Agenda Introduction Extensibility and Maintenance Accessibility Scalability Security AJAX and Accessibility : AJAX and Accessibility What is Accessibility? Problems with AJAX and Accessibility Dynamic Nature Partial-page reloads Asynchronous update to UI using Web Services and AJAX calls. Visual Nature Rich visual UI Cool ‘effects’ Mitigation Strategies : Mitigation Strategies User Notification Dampening Alerting / Notifications Validation By real users who use real assistive technologies Progressive Enhancement / HIJAX Addressing Accessibility with ASP.NET AJAX : Addressing Accessibility with ASP.NET AJAX Agenda : Agenda Introduction Extensibility and Maintenance Accessibility Scalability Security Update Panels and Web Services : Update Panels and Web Services Update Panels Easy to leverage Only requires server side coding Stateful Requires a full post-back Synchronous (last request wins)Requires a full post-back Use when you need state or server-side logic. Web Services Lightweight Asynchronous / parallel execution Finer control Harder to Implement Requires client-side codingUse when your logic/data is stateless or when you need fine control Optimizing UpdatePanels : Optimizing UpdatePanels Size and Scope Limit scope and number Avoid enclosing static content Optimizations Conditional updates Triggers Optimizing AJAX Partial Page Postbacks : Optimizing AJAX Partial Page Postbacks Micro-Caching : Micro-Caching Server side caching with ASP.NET AJAX applications deliver more responsive UIs and ‘dynamic’ data Cached data that has become “stale” is not acceptable Consider the definition of stale 2 minutes? 20 seconds? 2 seconds? Solution: Micro-Caching Cache for short periods of time Middle ground between always up-to-date and stale data Using Micro Caching : Using Micro Caching Agenda : Agenda Introduction Extensibility and Maintenance Accessibility Scalability Security Security Best Practices : Security Best Practices Trust nothing—validate everything Separate control from data Adhere to the Defense In Depth principle Use secure transmissions as needed Reduce attack surfaces Common Validation Failings : Common Validation Failings Failure to validate at the server Client-side only validation is NOT security. Validation techniques Blacklisting Complex Treacherous Whitelisting Intuitive Secure Addressing common validation concerns : Addressing common validation concerns Securing Access and Communications : Securing Access and Communications Remember Use Authorization schemes Protect sensitive information Easy Use Sys.Services.AuthenticationService Other Security Best Practices : Other Security Best Practices Disable error messages Don’t disclose useful information to malicious users Reduce attack surfaces Remove non-used interfaces and Web methods Turn of WSDL and/or .DISCO where possible Hardening Web Services : Hardening Web Services Session Summary : Session Summary Remember Best Practices Remember to Optimize Update Panels Take Security Seriously Consider Accessibility Resources : Resources Microsoft ASP.NET AJAX http://ajax.asp.net MSDN Events Resources http://www.msdnevents.com/resources Slide 30: MSDN Events http://www.msdnevents.com