This document outlines common mistakes to avoid when using ASP.NET for web projects. It discusses issues regarding standards compliance, security, and reliability and performance. Specifically, it advises against using inline styles, static browser detection, disabling security features, long-running requests, and attempting to access request data too early in the page lifecycle. The document stresses using modern techniques like CSS, JavaScript, asynchronous code, and separate application pools to build secure, standards-compliant ASP.NET applications.

1. WHAT
NOT TO DO
WITH ASPNET
Common mistakes to avoid while using
aspnet for web projects

2. I .STANDARDS COMPLIANCE
No Control adapters :
It's best to use solid adaptive CSS and HTML techniques.

3. I. STANDARDS COMPLIANCE
No style values in the control markup:
Set CSS classes yourself, don't use inline styles. protected void CustomersGridView_RowDataBound(object sender, GridViewRowEventArgs e)
{
if (e.Row.Cells[2].Text == "Unconfirmed")
{
e.Row.CssClass = "CautionRow";
}
}

4. I. STANDARDS COMPLIANCE
No page and control callbacks:
Stick with SignalR, Web API, and JavaScript.

5. I. STANDARDS COMPLIANCE
No static browser capability detection:
Check for features instead of browsers

6. II. SECURITY
No Request Validation:
Validate user input and encode values from users.

7. II. SECURITY
No Cookieless Forms Authentication and Session
Require cookies when application includes authentication.
<authentication mode="Forms">
<forms loginUrl="member_login.aspx“
cookieless="UseCookies"
requireSSL="true"
path="/MyApplication" />
</authentication>

8. II. SECURITY
Do not set EnableViewStateMac to false.
Require cookies when application includes authentication.
<%@ Page language="C#" EnableViewStateMac="true" %>

9. II. SECURITY
Do not depend on Medium Trust:
Keep Apps in separate App pools.

10. II. SECURITY
Do not disable security patches with appsettings:
Keep Apps in separate App pools.

11. II. SECURITY
Do not use UrlPathEncode:
Use UrlEncode Instead.
string destinationURL = "http://www.contoso.com/default.aspx?user=test";
NextPage.NavigateUrl = "~/Finish?url=" + Server.UrlEncode(destinationURL);

12. III. RELIABILITY AND PERFORMANCE
No PreSendRequestHeaders and PreSendRequestContext:
Use native IIS module to perform the required task

13. III. RELIABILITY AND PERFORMANCE
No Asynchronous Page Events with Web Forms:
Use Page.RegisterAsyncTask instead
protected void StartAsync_Click(object sender, EventArgs e) {
Page.RegisterAsyncTask(new PageAsyncTask(async() => { string
stringToRead = "Long text value"; using (StringReader reader = new
StringReader(stringToRead)) { string readText = await
reader.ReadToEndAsync(); Result.Text = readText; } })); }

14. III. RELIABILITY AND PERFORMANCE
No Fire-and-Forget Work:
Move ThreadPool.QueueUserWorkItem outside or use WebBackgrounder if
you must

15. III. RELIABILITY AND PERFORMANCE
No reading Request.Form or Request.InputStream before the
handler's execute event:
Stay out of Request.Form and Request.InputStream before your handler's
execute event. It may not be ready to go

16. III. RELIABILITY AND PERFORMANCE
No Long-running Requests (>110 seconds):
Use WebSockets or SignalR for connected clients, and use asynchronous
I/O operations

17. THANK YOU !
WWW.PSIBERTECH.COM.SG