Friday, May 29, 2009

Checklist for ASP.Net and Sharepoint

Version Control:
-- All the code changes should be checked in
-- Label the build with proper Product Version Number

Refactoring Checklist:

-- Remove the extra namespace references, you can use VS to do this
-- Add some inline comments
-- Make sure you not using System.Data.SqlClient in UI code-behind class, it should only be used in Data Layer
-- Remove the Source Control binding
-- Make sure to Encrypt the connection strings and other sensitive information
-- Remove any hard-coded test accounts
-- Compile the project to RELEASE mode
-- If using any timer job, make the timer interval configurable
-- For any Window Service, make the timer interval configurable
-- Set some standard in-term of maximum lines of code per file ( 100-200 lines ) , and refactor accordingly.
-- Make sure assemblies are strongly named
-- Compile the project for minimum .net framework
-- Use Try Catch Finally blocks to handle exception
-- Use a robust logging framework ( i.e. log4net ) in-spite of redeveloping your own

Database Checklist:
-- Use a naming conversion for all the tables ( Users , Employees )
-- Make sure to create limited SPs per table ( GetAll, Get, Add, Update, Delete or Remove)
-- Only grant ‘execute' permission on all stored procedures, and grant that permission only for the application domain group.
You can use the Database roles with EXEC permissions to Stored Procedure.
-- Do not use "exec @sql" construct in your stored procedures , only use stored procedures.

Deployment Checklist:

-- If you using AppSettings make sure all of them point to proper server (Production server)
-- Prepare script for retracting the solutions and of-course for deploying the solutions
-- Prepare pre-install / post-install scripts for any additional operation which need to executed on each individual server
-- In case you are replacing system files , make sure you back them up and need to be restored when you back-out

Code Quality Checklist:

-- Unit Tests
-- Address Cross Scripting issues
-- Address for SQL Injection issues, use Stored Procedures
-- Address Blind SQL Injection