- Use a 3-tier architecutre. Web pages call business objects (BLL layer), which in turn call data access layer (DAL layer). [note - need to look into the new MVC pattern]
Web Pages (UI Layer)
- Code located in code-behind (aspx.cs), not inline with the .aspx page
- Contains only a minimal amount of "glue code" to interface with the BLL layer
- Use ASP.NET Masterpages to keep consistent theme
- Use divs, not tables unless you are displaying tabular data
- Web pages generally access business objects using ObjectDataSource. Click here to read a series of articles about ASP.NET best practices for data access with ObjectDataSource
Business Objects (BLL Layer)
- Generally use the ActiveRecord design pattern. This pattern basically wraps a database row as an object with static Save(), Update(), Delete() and Fetch() methods.
- Business objects access data through the DAL layer or O/RM
- Object collections are exposed as List<T>, example: public List<OrderDetail> GetOrderDetailsByOrderID(int OrderID)
Database Access (DAL Layer)
- Use an O/RM tool - LINQ, NHibernate, Telerik O/RM, or SQLHelper.cs / OraHelper.cs class.
- No dynamic sql - this is a major security risk for SQL Injection Attacks
- Generally no sql queries in code-behind or aspx pages, with possible exception of populating a lookup value from a simple lookup table (countries table, employee type table, etc)
- Single database connection string in web.config
- Normalize tables
- All tables have primary key
- All tables have referential integrity
- Do not prefix tables with "tbl" (eg. Orders and not tblOrders)
- Table names plural
- Tables include CreatedDate and UpdateDate columns
- Tables include rowversion (also called timestamp) column for optimistic concurrency. See this article
- Use existing standard, if none exists then SQL Server 2008 or XML files for smaller datasets.
- If it is appropriate, a method will deal with errors in a try-catch block but most methods will not catch errors, and therefore automatically pass the error up the call stack.
- Global.asax will capture unhandled errors and log them, typically by inserting a new case into a bug tracking system and passing along all available debugging information.
- We are generally language agnostic and will use the best language and tool for the job, however our standard is C# and .NET 3.5 framework unless there is a compelling reason otherwise
- Subversion for source control, click here for instructions. If you don't mind spending $249 per user then SourceGear Vault is better than Subversion.
- Fogbugz for bug / feature / case tracking
- AWStats for web traffic analysis
- Log4Net for logging
- Current version of Visual Studio or Visual Studio Express (free download)