ASP.NET Best Practice Analyzer

The alpha release of the ASP.NET Best Practice Analyzer was about 5 weeks ago. Similar to the popular SQL Server BPA, the ASP.NET BPA evaluates a set of best practice rules and tells you about configuration problems in your applications. The tool checks both machine level and application level config files. Currently, the tool only has a handful of rules. It will raise red flags if the application runs in full trust, or if debug / trace flags are enabled, and a few others.

Ironically, the tool suggest AutoEventWireup="false", which isn't the default for C# web forms in VS2005.

I can't think of too many hard and fast rules for web.config settings, but here are a few: more that could be useful:

  • No plaintext passwords in the <identity> section.
  • Make sure the <httpHandlers> section maps appropriate extensions to the HttpForbiddenHandler.
  • Make sure the <pages> section has smartNavigation disabled and validateRequest enabled.
  • No enabled trace sources inside <system.diagnostics>.

posted on Thursday, August 03, 2006 10:30 PM by scott

Comments

Thursday, August 03, 2006 10:03 PM by DotNetKicks.com

# ASP.NET Best Practice Analyzer

You've been kicked (a good thing) - Trackback from DotNetKicks.com
Friday, August 04, 2006 11:33 AM by Joe Morel

# re: ASP.NET Best Practice Analyzer

Thanks for the rules suggestions...I'm going to add them to the tool right away. Look for a refresh of the tool to be released in the next couple of weeks!
Saturday, August 05, 2006 6:35 AM by Christopher Steen

# Link Listing - August 4, 2006


GhostDoc
1.9.5 Released [Via: WeigeltRo ]
SharePoint
Account Management using SPUserUtil...