Best Practice
- Put validation logic to "view model" instead of your business model - Link
- Automapper improve productivity but slow, use with care
- Entity Framework Patterns - Link1 Link2
Security tips for security (ref link )
- Anti-Forgery-Token (attribute) on the login page
- Slow all authentication attempts down by at least a second (makes brute force impractical)
- Implement an account lock out procedure on n amounts of invalid logons
- Always use a generic error message on your failed logins to prevent hackers knowing which part of a login is wrong
- Always encrypt your passwords in the db with a salt, the salt should be per user to prevent a rainbow attack on a stolen database
- Always make sure that any data displayed or retrieved is valid for that user
- Always use parameterised sql
- Try and obfuscate the ids passed around in your urls and views to prevent modification or an attempt at a direct reference attack
- Elmah
- Glimpse
- Ninject (https://github.com/ninject/ninject/wiki/_pages)
- WebMatrix - SimpleMembershipProvider
- WebActivator
- OAuth
- EntityFramework
- Javascript Libs
- JQuery UI
- Kendo UI
- http://www.nuget.org/packages/Google.DiffMatchPatch.Js/
- Knockout
- Backbone
- Bundle
- Routing
- ViewModel
- Validation
- Model Binder
- Bundle
- Partial View
- Child Action
- Filter
- View Engine
- Controller Factory
Questions and Answers
