stevenmcd.net

I found the following top 10 tips on daptivate.com. This tips are indeed exceptionally important to heed when moving from a development environment to a production environment. daptivate.com is the weblog of Kyle, a developer at Telligent

His tips are as follows:

1. Generate new encryption keys

When moving an application to production for the first time it is a good idea to generate new encryption keys. This includes the machine validation key and decryption key as well as any other custom keys your application may be using. There is an article on CodeProject that talks about generating machineKeys specifically that should be helpful with this.

2. Encrypt sensitive sections of your web.config

This includes both the connection string and machine key sections. See Scott Guthrie’s post for some good references. Note that if your application runs in a clustered environment you will need to share a custom key using the RSA provider as described in an MSDN article.

3. Use trusted SQL connections

Both Barry Dorrans and Alex Chang have articles which discuss this in detail.

4. Set retail=”true” in your machine.config

This will kill three birds with one stone. It will force the ‘debug’ flag in the web.config to be false, it will disable page output tracing, and it will force the custom error page to be shown to remote users rather than the actual exception or error message. For more information you can read Scott Guthrie’s post or the MSDN reference.

5. Create a new application pool for your site

When setting up your new site for the first time do not share an existing application pool. Create a new application pool which will be used by only by the new web application.

6. Set the memory limit for your application pool

When creating the application pool, specifically set the memory limit rather than the time limit which is set by default. Asp.net has a good whitepaper which explains the value of this:

By default IIS 6.0 does not set a limit on the amount of memory that IIS is allowed to use. ASP.NET’s Cache feature relies on a limitation of memory so the Cache can proactively remove unused items from memory.

It is recommended that you configure the memory recycling feature of IIS 6.0.

7. Create and appropriately use an app_Offline.htm file

There are many benefits to using this file. It provides an easy way to take your application offline in a somewhat user friendly way (you can at least have a pretty explanation) while fixing critical issues or pushing a major update. It also forces an application restart in case you forget to do this for a deployment. Once again, ScottGu is the best source for more information on this.

8. Develop a repeatable deployment process and automate it

It is way too easy to make mistakes when deploying any type of software. This is especially the case with software that uses configuration files that may be different between the development, staging, or production environments. I would argue that the process you come up with is not nearly as important as it being easily repeatable and automated. You can fine tune the process as needed, but you don’t want a simple typo to bring a site down.

9. Build and reference release versions of all assemblies

In addition to making sure ASP.NET is not configured in debug mode, also make sure that your assemblies are not debug assemblies. There are of course exceptions if you are trying to solve a unique issue in your production environment … but in most cases you should always deploy with release builds for all assemblies.

10. Load test

This goes without saying. Inevitably, good load testing will uncover threading and memory issues not otherwise considered.

Kyle has awesome content on his blog and I think there’s something for everyone there. I have sat reading different posts for the last half an hour or so. I habe already added his blog to my Google Reader. So go check out his blog now!

Top 10 Best Practices for Production ASP.NET Applications on http://daptivate.com

I am by nature a web developer, not a web designer. So when I have been asked to design websites they honestly look like a 9 year old created something using frontpage. I recently decided that learning how to design websites would be a good idea because I can work on the performance of my web apps while designing them instead to trying to communicate this point through whichever random person gets contracted to do the actual design of the web application.

Over the next while I will focus on CSS in my blog posts and I thought it relevant to write to first post about the benefits of CSS design.

CSS (Cascading Stylesheets) works as a method to present content on a website, which content should be shown where and how. Up until now I have always just used HTML Tables to design the pages I have worked on. This becomes quite tricky after a while especially if you are working with a complex page. I am not saying that tables are never to be used but using tables to set the layout of your page is incorrect. I will go into more details concerning this in a later post.

Benefits of CSS:

1) Your website will download faster to client machines:
  A) When using tables, the browser reads your content twice. Once to layout the tables and a second time to fill the content of the tables.
  B) Generally, using CSS design instead of Table based design requires less code
  C) CSS styles can be stored in a separate document so that it can be cached.
  D) With CSS you can set the download order of content on your page, so text will download first and then the larger images can be downloaded

2) Your webpage will be more Search Engine Friendly as CSS content driven spiders can detect more content on better structured HTML code

3) Making your website more accessible becomes easier. If for example you need your website to be viewed on a mobile device, simply create a Stylesheet that caters to a mobile device. This way you only need to swap stylesheets instead of recreating whole web apps.

There are a quick few reasons as to why you should start looking at CSS driven design if you do not already use CSS.

Wanna see whats happening on your webpages? If you’re a FireFox user then get the following add-on FireBug. This little add-on will show you a wealth of information concerning the webpage you are currently viewing. But there’s a better reason to install this.

Once FireBug  is installed then head over to YSlow.  This little add-on will tell you exactly WHY your website is so slow and what needs to be done to improve it. This is a simply MUST have tool for any web developer in South Africa! Once you have both installed, restart Firefox and then go to Tools –> Firebug –> Open Firebug

Firebug will show you your HTML, CSS, SCRIPT, DOM as well as how long everything took to load. The console will show any errors in your XHTML or HTML.  Then its time to analyze the page using YSlow.

In the Firebug pane, click on the YSlow tab. It is the last tab at the bottom.  Once you click this, Peformance and Stats buttons appear above. If you wanna test the performance of the page then click performance. YSlow will then grade the page and provide recommendationson how to speed up your page. Selecting the stats option will show basic information regarding Empty and Full Cache sizes for the page.

Thats right! After looking at the eNaTIS website trying to figure out why someone would want to deface already ugly looking sight, I looked at the source of the page and what do I see?

meta content=”Joomla! - Copyright (C) 2005 - 2006 Open Source Matters. All rights reserved.” name=”Generator”

So our new Traffic Website is powered by a *FREE* *OPEN SOURCE* Content Management System?! Thats right folks! This *FREE* *OPEN SOURCE* implementation of Joomla! for the traffic department cost us, the taxpayers R408-million! (http://www.mg.co.za/articlePage.aspx?articleid=308153&area=/insight/insight__national/) Now how the heck is this possible? I realize there is some extra functionality that has been incorporated into the site and that the Database backend might have required some brainpower but R408 Million worth? I just can’t understand it!

Lets have a look at Tasima (the company who “developed” eNaTIS) homepage. Go to http://www.tasima.co.za/. Now, if I was looking at hiring a company to do a web based application for me that would be accessible to the public, I would see what their website looks like. Even their webpage looks terrible! Now according to http://validator.w3.org/ their Website is not even Valid for HTML 4.01 Transitional! Now I ask you, with tears in my little developer eyes, HOW THE HELL CAN THE GOVERNMENT SELECT THEM TO DO SUCH A PROJECT?!?!?!?!?!?!?!

The general image of IT in this country is that we do not have the skills to pull off projects such as this. That is because the government keeps selecting idiots like these to develop country critical systems! I can promise you right now, had they have selected a decent company such as Dariel Solutions (http://www.dariel.co.za) or Barone, Budge & Dominick (http://www.bbd.co.za/) or even a smaller company such as Signify Software (http://www.signify.co.za/) they would have had a much safer and better constructed system!

All the above mentioned companies are masters of carefully planning a system, giving the client feedback about progress and TESTING THEIR APPLICATIONS! The government needs to do some research into companies before awarding them a contract such as this. But then again, it is the South African Government we are talking about and they aren’t always too fond of actually doing work. Especially tedious work such as inspecting companies previous projects. I think the worst thing to arise from the eNaTIS saga is that developers in the country are being given a bad name by one single company. Joe Soap from the general public will never see the true talent we have in this country because all the best developers write and maintain internal systems for local companies and international ones.

There are hundreds of firms in this country that have international clients! The websites are not hosted locally due to excessive broadband prices, but they are developed by South Africans.

Above is a HTTP Debugging Proxy that I have been introduced to. It is a very nice small little application that captures all the traffic between your pc and the web server of the site you are currently accessing. It shows the size of request, type of request and any HTTP codes if application. You can also view any sessions and a multitude of data. This is a great way to check exactly what gets sent to the user’s PC when they access the site.

Fiddler Site: http://www.fiddlertool.com/fiddler

Fiddler Download: http://www.fiddlertool.com/dl/FiddlerSetup.exe

Article: http://www.developer.com/lang/jscript/article.php/3631066

Overview: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/IETechCol/dnwebgen/IE_IntroFiddler.asp?frame=true

Fiddler Blog: http://insidehttp.blogspot.com/