Managed Web Application Development

UW-Whitewater Web Application Development Best Practices

This document is a work in progress. It will continue to grow as our patterns and practices develop.

Use Index.aspx as the home page or main menu for your application. The production webserver will be setup to use Index.aspx as the default page. In most cases, a site should provide an Index.aspx in each sub-folder as well.
Do not use absolute paths. Your application will be deployed under a different address at a different level in the website tree, thus all paths must be relative. The exception is when you are linking to external files, such as those in /Common.

Use C# for all server-side code unless you have specific permission to use VB.NET.
If you are developing in VB.NET, set both Option Explicit and Option Strict must be on.
Do not mix languages within a project.
Place all server-side code in code-behind files. Do not embed C# or VB code in aspx files.
Avoid construction of raw HTML strings in the code-behind file.
Always close SqlDataReader objects.
Always close SqlConnection objects.

Use the ViewState state bag rather than hidden fields to store persistent data.
Use the ASP.NET validation controls and the ValidationSummary object to provide client-side data validation.

Become familiar with the Section 508 guidelines for Web accessibility. The following links are good places to start:
http://www.uww.edu/icit/services/web/accessibility/tutorials/tutorials.html
http://www.access-board.gov/sec508/guide/1194.22.htm
http://www.webaim.org/techniques/
Be sure that the information on your page appears in order if you disable styles. (This can be easily accomplished using the Web Developer Toolbar Extension on Firefox.)
Do not use pop-up windows. In addition to accessibility issues, many browsers now block these.
Using the ValidationSummary object, and set the ShowMessageBox property to True. This will display a message box if validation fails, which is more likely to be recognized by some text readers than simply displaying an error on the page.
Avoid using TextChanged and SelectionChanged events.
Use Small, Medium, Large, X-Large, etc. for font sizes, rather than specific point or pixel sizes.
Use relative positioning whenever possible.

Use the XHTML 1.0 strict document type.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

Use classes defined in a css file for any repeated style definitions.
Do not use script elements to embed style sheet information in the HTML for a page. Use a separate style sheet instead.
When possible, use the same style sheet for all pages in the application.

Store application variables as key-value pairs in the <appSettings> element of the Web.config file.

Store the database connection string in the Web.config file. The connection information should not be repeated anywhere else in the application.
Use the UtilLib.DB.getSqlConn() to open a database connection.
Always close the connection to the database before exiting the method where it was created.
Do not store authentication or security information in the database. Authentication must be managed using Forms Authentication and UW-Whitewater's Active Directory system.
Under no circumstances should passwords, credit card numbers, drivers license numbers, or other private information be stored in the database.

Start method names with a lower case letter and use MixedCase. This system is also called Camel Case. E.g: private void myCoolFunction()
Prefix member variable names with m_

Use Hungarian Notation for variable naming. Some recommendations are listed below:

Do not write custom code to analyze web traffic. iCIT already maintains software which can provide traffic analysis.