patterns & practices: App Arch Guide 2.0 Knowledge Base

Checklist - Web Application

Design Considerations

• Abstraction is used to design loose coupling between layers.
• Caching is used wherever appropriate, to improve performance of the application.
• Business and system critical events are logged and the application is instrumented appropriately to gather information for solving any application issue.
• Users are authenticated across trust boundaries.
• Sensitive data passed across network is encrypted and digitally signed.

Authentication

• Trust boundaries are identified and users are authenticated across the trust boundaries.
• Platform-supported authentication mechanism such as Windows Authentication is used where possible.
• Platform features are used for Forms Authentication.
• Strong account management practices such as account lockouts and expirations are used.
• Strong passwords policies such as password length and complexity, and password expiration are used.

Authorization

• Trust boundaries are identified and users are authorized across the trust boundaries.
• URL authorization is used for page and directory access control.
• Appropriate roles granularity is used.
• Downstream resources are accessed using a single trusted identity to improve performance of the application.
• Impersonation and delegation is used, if user-specific auditing and granular access controls of the platform are used for downstream resources.

Caching

• Volatile data is not cached.
• Relatively static pages are cached, using Output caching feature.
• Static data in pages are cached, using partial page caching through user controls.
• Shared expensive resources, such as network connections are pooled, instead of being cached.
• The data is cached in a ready-to-use format.

Exception Management

• Exceptions are not used to control logic flow.
• Exceptions are caught only if they can be handled.
• Global error handler is used to catch unhandled exceptions.
• User friendly messages are displayed when an exception or error occurs in the system.
• Exception details do not reveal sensitive information.

Logging and Instrumentation

• User management events such as adding a user, assigning a role, etc. are audited.
• Unusual activities are audited.
• Business critical operations are audited.
• Log files are managed securely, by restricting the access to log files, allowing only write access, etc.
• Sensitive information is not written in log or audit files.

Navigation

• Design patterns such as Model-View-Presenter (MVP), are used to decouple the UI processing from output rendering.
• Navigation logic is encapsulated in Master Page, to support consistent navigation across pages.
• Sitemap is used to help users find pages on the site, and allow search engines to crawl the site.
• Wizards are used to implement navigation between forms in a predictable way.
• Visual elements such as embedded links, navigation menus, and breadcrumb text are used in UI to help user understand where they are, what is available on the site, and how to navigate the site quickly.

Page Layout (UI)

• Cascading Style Sheets (CSS) are used for layout whenever possible.
• Table-based layout is used to support a grid layout.
• If using table-based layout, liabilities such as slow rendering, cross browser support, complex layout support are considered.
• A common layout for pages is used to maximize accessibility and ease of use.
• Master Pages are used in ASP.Net applications to provide a common look and feel to all the pages.
• Large pages that accomplish multiple tasks are not designed.

Page Rendering

• Data binding is used to render data in ASP.NET pages.
• AJAX is used, if you need better user experience and responsiveness.
• Data paging techniques are used, if you are displaying large amounts of data.
• User Interface components support localization.
• User process components are abstracted from data rendering and acquisition functions.

Presentation Entity

• Presentation Entities are used, only if required.
• Custom classes are considered, to map controls directly to business entities.
• Presentation entities supports serialization, if they are to be passed across network or need to stored on the disk.
• Input data validation is implemented in presentation entities.
• State related to user interface is stored in presentation entities.

Request Processing

• The common pre-processing and post-processing steps of Web page requests are centralized to promote logic reuse across pages.
• Design patterns, such as MVC or MVP are used to divide UI processing into three distinct roles – model, view, and controller/presenter.
• Access to the model is given to the view using the Supervising Controller pattern, which is a form of the MVP pattern.
• MVC pattern is used, if application does not have a dependency on view state and have a limited number of control events.
• Intercepting Filter pattern is used, to implement the processing steps as pluggable filters.

Session Management

• The in-process state store is used, if you have a single Web server, require optimum session state performance, and have a relatively limited number of concurrent sessions.
• Session state service running on the local Web server is used, if you have a single Web server, your sessions are expensive to rebuild, and you require durability in the event of an ASP.NET restart.
• SQL Server state store is used, if reliability is the primary concern.
• A remote session state service or SQL Service state store is used, for Web farm scenarios.
• Session state communication channel is protected.
• Basic types are used for session data to reduce the serialization cost.

Validation

• All trust boundaries are identified within Web application layers and data crossing these boundaries is validated.
• All the client controlled data is validated appropriately.
• Validation strategy constrains, rejects, and sanitizes malicious input.
• Input data is validated for length, format, and type.
• Un-trusted input is not echoed directly, instead HTML encoded, is HTML encoded before writing out as output.
• Client-side validation is used for user experience and server-side validation is used for security.

Presentation Layer Considerations

• User interface components are separated from the user interface process components.
• Design an input data validation on client side for user experience and server side for security
• Relatively static pages or parts of the pages are cached, using page output caching and fragment caching.
• Page controller pattern is used, to separate business logic from the presentation logic.
• Front controller pattern is used, to configure complex page navigation logic dynamically.

Business Layer Considerations

• A separate business layer is used to implement the business logic and workflows.
• Common business logic functions are centralized and reused.
• Business entities are designed to be coarse grained packages, such as Data Transfer Objects (DTOs).
• The business components are highly cohesive and loosely coupled.
• Business critical operations are wrapped in transactions.

Data Layer Considerations

• Separate data layer is used, to hide the details of the database from other layers of the application.
• Entity objects are used to interact with other layers, and pass data between them.
• Appropriate data access technology is used, to access various types of data store.
• Connection pooling is used, to minimize the number of open connections.
• Batch operations are used to reduce round trips to the database.

Service Layer Considerations

• Coarse-grained service methods are used, to minimize the number of client-server interactions.
• Services are designed to be interoperable with all the possible client types.
• Services are designed to be idempotent.

Performance Considerations

• Performance requirements are specific, realistic, and flexible.
• Various caching techniques are used, to improve the performance and scalability of the application.
• Batch operations are performed, to minimize the round trips across boundaries.
• The size of HTML transferred between server and client is kept to minimum.
• There are no unnecessary round trips over the network.

Security Considerations

• Authentication is performed across every trust boundary.
• Authorization is used to restrict resource access and protect business logic.
• Input and data is validated across every trust boundary to mitigate security threats.
• In addition to client side validation server side validation is also used.
• Sensitive data sent across the network is encrypted and digitally signed.

Non-Distributed Deployment

• Non-distributed deployment is used, if the Web application is performance sensitive.
• Component-based interface is used for your business layer, if you are using non-distributed deployment.
• Authentication is not performed at the business layer, if the business logic runs in the same process.
• Database is accessed using a trusted identity (using the trusted subsystem model), to improve performance and scalability of the application.
• Sensitive data passed between the Web server and database server is encrypted and digitally signed.

Distributed Deployment

• Business logic is deployed on a physically separate machine, only if it’s really required.
• Distributed deployment is used, if security concerns prohibit deploying business logic on the front-end Web server.
• Message-based interface is used for the business layer.
• TCP protocol is used to communicate with the business layer.
• Sensitive data passed between different physical tiers is encrypted and digitally signed.

Load Balancing

• Locally updatable caches, in-process or local sessions states are not used, to avoid server affinity when designing scalable Web applications.
• Components are designed to be stateless in your Web application.
• Windows Network Load Balancing (NLB) is used, to implement redirection of requests to the servers in an application farm.

Web Farm

• Clustering is used, to minimize the impact of hardware failures.
• Database is partitioned across multiple database servers, if your application has high input/output requirements.
• All requests from a user are routed to same server in a web farm, if you need support server affinity.
• Out-of-process state server service or a database server is used if your application is deployed in a Web farm.