.NET - MVC Application - Good to Know

 
   web.config - http://www.codeproject.com/Articles/301726/Web-config-File-ASP-NET
     
        <configuration>

           <configSections>
                <sectionGroup>
                </sectionGroup>
           </configSections>

          <connectionStrings>
          </connectionStrings>

          <system.web>
               <customErrors mode="Off">
               </customErrors>
         
              <authentication mode="Forms">
                    <forms loginUrl="~//Login" timeout="20" defaultUrl="~/d" slidingExpiration="false" />
              </authentication>
              <httpRuntime requestValidationMode="2.0" maxRequestLength="20" targetFramework="4.5.1" maxQueryStringLength="80" />

                   <sessionState timeout="20" mode="InProc" />

          </system.web>

          <system.webServer>
              <modules>
              </modules>
              <handlers>
              </handlers>

              <security>
                 <requestFiltering>
                     <requestLimits maxAllowedContentLength="2147483648" maxQueryString="8000" />
                 </requestFiltering>
              </security>

               <defaultDocument>
                     <files>
                          <clear />
                          <add value="Landing.aspx" />
                          <add value="Login.aspx" />
                    </files>
                </defaultDocument>

                <staticContent>
                </staticContent>              
          </system.webServer>

          <appSettings>
          </appSettings>

        </configuration>

Session time out - controlled by web.config

 <system.web>
   <sessionState mode="InProc" timeout="30"/>
 </system.web>
 in-process session state vs out-of-process providers and the problems they solve

ASP.NET Session State provides the following storage options:
InProc: sessions kept within worker process
StateServer: sessions kept in a stand-alone process
SqlServer: sessions kept in the database as BLOBs
Custom: plug-in third party session storage like NCache
http://stackoverflow.com/questions/5967682/asp-net-session-state-performance-benchmarks

https://msdn.microsoft.com/en-au/library/aa478952.aspx
InProcSessionStateStore, which stores session state in memory in the ASP.NET worker process
OutOfProcSessionStateStore, which stores session state in memory in an external state server process
SqlSessionStateStore, which stores session state in Microsoft SQL Server and Microsoft SQL Server Express databases

State Server is faster because it stores session data in an in-memory dictionary. SQL Server is slower because it's stored in a database which persists data to disk.

SQL server is also slower because everything is stored in one table which leads to contention as more and more clients access/update the session data.
https://blogs.msdn.microsoft.com/kenkilty/2014/07/03/asp-net-session-state-using-sql-server-in-memory/

ASP.NET - IN-PROC and State Server
Redis - is the winner
Couchbase
RavenDB
SQL Server 2012
MongoDB


InProc cannot handle web gardens at all and handles web farms only by using sticky session feature in load balancer that prevents scalability. StateServer has performance and scalability issues. And, with both options you lose session data in case a web server goes down. SqlServer has performance and scalability issues because SQL Server was designed for structured data and not BLOBs.

A much better strategy is to use the "custom" option
1. Plug-in a distributed cache like NCache as your ASP.NET Session State storage. NCache is extremely fast and scales linearly by letting you add    more cache server to handle greater transaction loads and greater storage capacity. NCache also provides intelligent replication of ASP.NET    Session State so you don't lose any sessions if a web server or a cache server goes down.
      http://www.alachisoft.com/ncache/session-index.html
2. Couchbase ASP.NET session state provider

Answer seems to be to use a backing store that isn't I/O bound and doesn't depend on the uptime of a single server.

Authentication time out - 

 <system.web>
    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login" timeout="2" defaultUrl="~/Dashboard" slidingExpiration="false" />
    </authentication>
 </system.web>

What is Cross Site Request Forgery?

Cross Site Request forgery is a type of a hack where the hacker exploits the trust of a website on the user. In other words, the site trusts the user (because they have authenticated themselves) and accepts data that turns out to be malicious.

 AntiForgery -
On Login Page include - @Html.AntiForgeryToken()
On AccountController or LoginController on Login - put
System.Web.Helpers.AntiForgery.Validate()
          - Validates that input data from an HTML form field comes from the user who submitted the data.
   Throws - HttpAntiForgeryException / ArgumentException 


MVC 6 has cleaner way of doing things

http://www.davepaquette.com/archive/2015/05/11/cleaner-forms-using-tag-helpers-in-mvc6.aspx
 
Compared to HTML Helpers MVC 6 has tag helpers 
  eg:   instead of @Html.EditorFor(l=> l.UserName) use <input asp-for="UserName" />
can make your Razor forms much more readable
<!--Create an input with additional class for UserName using Html Helper-->
@Html.EditorFor(l => l.UserName, new { htmlAttributes = new { @class = "form-control" } })
<!--Create an input with additional class for UserName using Tag Helper-->
<input asp-for="UserName" class="form-control" />

How to enable Tag Helpers - The MVC Tag Helpers are located in the Microsoft.AspNet.Mvc.TagHelpers package so you will need to add a reference to that in your project.json file. Once you have added the reference, you can enable tag helpers in all your views by adding the following code to GlobalImports.cshtml.
   @addTagHelper "*, Microsoft.AspNet.Mvc.TagHelpers"







Comments

Post a Comment

Popular posts from this blog

API design best practices

API Design summary 1. Use two base URLs per resource 2. Keep verbs out of your base URLs 3. Use HTTP verbs to operate on the collections and elements 4. Be consistent either use plural nouns or singular nouns 5. Use concreate names rather than abstract names     An intuitive API uses plural rather than singular nouns, and concrete rather than abstract names 6. keep your API intuitive by simplifying the associations between resources, and sweeping parameters and other complexities under the rug of the HTTP question mark. Handling errors Errors boil down to Everything worked - ok The application did something wrong – client error The API did something wrong – server error In summary, be verbose and use plain language descriptions. Add as many hints as your API team can think of about what's causing an error. eg: HTTP Status Code: 401 {"status" : "401", "message":"Authenticate","code": 20003, "...
Read more

DB Connection Issues

1. Application gives "1c86bdf0 SharedPool I J2CA0086W: Shareable connection MCWrapper id 686bbdf9 Managed connection com.ibm.ws.rsadapter.spi.WSRdbManagedConnectionImpl@6156bdf9 State:STATE_TRAN_WRAPPER_INUSE" message when trying to do a db update within loop which is querying a view and carrying out some operations. In IBM this problem is documented under the topic " Application hangs with prior J2CA0086W warning messages" The solutions are  1. The application must be modified to use serial reuse or 2. The connection pool can be changed to unshareable. Shareable connections are not allowed within a local transaction containment boundary. The above scenario suggests a possible problem in the application logic and how it is using the connection code. The J2CA0086 message is telling you that your application is using a shared connection in a LocalTransaction. Since the connection is enlisted in a Local Transaction, and not a Global Transaction, di...
Read more

Reading Excel Sheet on client side and processing it

Image
If you ever want to process excel sheets on the client side (on the browser) then this will be useful for you.  This uses  http://oss.sheetjs.com  coed and the source files are in ( https://github.com/SheetJS/js-xls ,  https://github.com/SheetJS/js-xlsx ) it is licensed under Apache Licence, Version 2.0 (refer attached licence in the libraries in github) Steps to Follow, JS Files required: Copy the code for following files and make corresponding files locally, or download them from github,                 https://raw.github.com/SheetJS/js-xlsx/master/xlsx.js                 https://raw.github.com/SheetJS/js-xls/master/xls.js                 http://stuk.github.io/jszip/ We will be taking some javascript already in oss.sheetjs.com for our example particularly on the main page of oss.sheetjs.com. Sample Excel Sheet: Our exce...
Read more