ankittyagii · April 28, 2022 19:24
diff --git a/.Net Core WebApi b/.Net Core WebApi
 S.No	        Description
 1		ConfigureServices Method should be as lean as possible. Create an extension class with the static method. then just to call this extended method upon the IServiceCollection type
 2		DAL should be created as a separate service. With DAL as a separate service we can register it inside the IOC (Inversion of Control) container. 
 3		The repository logic should always be based on interfaces
 4		The controllers shouldn’t have any business logic inside it.
 5		Actions should always be clean and simple. Actions should have IActionResult as a return type in most of the cases. That way we can use all the methods inside .NET Core which returns results and the status codes as well.
 6		Handle errors globally as much as possible using built-in and ready to use middleware or custom middleware. Add that exception middleware in the Startup class by modifying the Configure method
 7		Use ActionFilters to Remove Duplicated Code
 8		Separate entities that communicate with the database from the entities that communicate with the client. Map the data fetched to a DTO and return the result to the client
 9		Attribute Routing should be used for most cases instead of Conventional Routing
 10		Logging should be in place using logging providers
 11		Do not store the passwords in a database as a plain text. Hash the passwords
 12		Use Response Cache 
 13		Do not block asynchronous execution by calling Task.Wait or Task.Result
 14		Do not acquire locks in common code paths
 15		Do not call Task.Run and immediately await it
 16		Make hot code paths asynchronous.
 17		Call data access and long-running operations APIs asynchronously if an asynchronous API is available. Once again, do not use Task.Run to make a synchronus API asynchronous.
 18		Make controller/Razor Page actions asynchronous. The entire call stack is asynchronous in order to benefit from async/await patterns.
 19		Do not allocate many, short-lived large objects on hot code paths
 20		Do call all data access APIs asynchronously
 21		Do not retrieve more data than is necessary. Write queries to return just the data that's necessary for the current HTTP request.
 22		Do consider caching frequently accessed data retrieved from a database or remote service if slightly out-of-date data is acceptable. Depending on the scenario, use a MemoryCache or a DistributedCache.
 23		Do minimize network round trips. The goal is to retrieve the required data in a single call rather than several calls.
 24		Do use no-tracking queries in Entity Framework Core when accessing data for read-only purposes. EF Core can return the results of no-tracking queries more efficiently.
 25		Do filter and aggregate LINQ queries (with .Where, .Select, or .Sum statements, for example) so that the filtering is performed by the database.
 26		Use ASP.NET Core's built-in support for bundling and minifying client assets
 27		Do not use throwing or catching exceptions as a means of normal program flow, especially in hot code paths
 28		Before putting untrusted data inside an HTML element/attribute ensure it's HTML encoded
 29		Before putting untrusted data into JavaScript place the data in an HTML element whose contents you retrieve at runtime or ensure the data is Javascript encoded
 30		Before putting untrusted data into a URL query string ensure it's URL encoded
 31		Use AntiForgeryToken where it is necessary
 32		HTTPS Redirection Middleware (UseHttpsRedirection) to redirect HTTP requests to HTTPS
 33		HSTS Middleware (UseHsts) to send HTTP Strict Transport Security Protocol (HSTS) headers to clients.
diff --git a/C# Checklist b/C# Checklist
 S.No	        Description
 1   Make sure that there shouldn't be any project warnings.
 2	  Avoid nested for / for-each and make use of LINQ lambda expressions where applicable. 
 3	  Complex string manipulations to be worked out using StringBuilder. 
 4	  Reduce the usage of out and ref keywords. 
 5	  Use USING blocks for avoiding memory leaks and utilizing unmanaged resources.
 6	  Unused strings, methods, comments to be removed
 7	  "Class property, methods, objects, events, and enumerations are Pascal case. No underscores"
 8	  Proper implementation of try catch block is applicable.
 9	  Not more than 30-40 LOC / method. 
 10	  Summary Comments on top of the method is important. 
 11	  Use constants and readonly where applicable. 
 12	  Option Strict and Option Explicit are both set to On.  
 13	  Class constants are all UPPER case with underscores between each word.
 14	  Only one statement per line
 15	  Only one declaration for line
 16	  Uses line continuation characters to break long lines of code to avoid horizontal scrolling
 17	  Comments are used for complex logic, and not used where code is clear and unambiguous
 18	  Check if your UI is not injected with SQL. 
 19	  Separate set of methods / events using #region. 
 20	  Single Responsibility Principle: Make sure the class & methods are well seperated based on responsibility. 
 21	  Use String.format instead of concatenation
 22	  Use String.Empty instead of "" 
 23	  Variables can be on camel case. 
diff --git a/MVC b/MVC
 S.No	        Description
 1		Make sure that there shouldn't be any project warnings.
 2		Avoid nested for / for-each and make use of LINQ lambda expressions where applicable. 
 3		Complex string manipulations to be worked out using StringBuilder. 
 4		Reduce the usage of out and ref keywords. 
 5		Use USING blocks for avoiding memory leaks and utilizing unmanaged resources.
 6		Unused strings, methods, comments to be removed
 7		Class property, methods, objects, events, and enumerations are Pascal case. No underscores.
 8		Variables can be on camel case. 
 9		Proper implementation of try catch block is applicable.
 10		Not more than 30-40 LOC / method. 
 11		Summary Comments on top of the method is important. 
 12		Use constants and readonly where applicable. 
 13		Option Strict and Option Explicit are both set to On.  
 14		Class constants are all UPPER case with underscores between each word.
 15		Only one statement per line
 16		Only one declaration for line
 17		Uses line continuation characters to break long lines of code to avoid horizontal scrolling
 18		Comments are used for complex logic, and not used where code is clear and unambiguous
 19		Check if your UI is not injected with SQL. 
 20		Separate set of methods / events using #region. 
 21		Single Responsibility Principle: Make sure the class & methods are well seperated based on responsibility. 
 22		Keep your controller very simple, just remember to get the data and bind that data to view. The sense of business logic should be kept in a separate assembly.
 23		Controllers should not have DB Queries or string manipulations for DB and should not contain HTML markups. 
 24		Do not cache a page that needs an authorization.
 25		Do explicitly name views in action methods -
 26		return View(Products) instead of return View(); 
 27		Use OutputCache filter for the controllers that is not dynamic. 
 28		Use Asynchronous Controllers when there are more operations to complete on background. 
 29		Ensure that you are having Unit-test project before starting to write a code. Make sure you fail the test-method and then start writing the code. Follow "Arrange, Act & Assert" 
 30		Set the HttpOnly flag on cookies. This will prevent JavaScript from reading and sending cookies. 
 31		Use Strongly typed data from Controller to View. Do not use ViewData or ViewBag for binding a model. 
 32		Use TempData instead of Sessions for short life on objects that share data between 2 controllers / actions. 
 33		Multiple CSS / JS Files referenced from a View page to be bundled using BundleCollection. This minimizes network traffic of making a request for every file referenced in the View page. 
 34		Do not use IF…THEN Conditions on razor engine / Views. Utilize HTMLHelper if it is demanding to have IF..THEN. 
 35		Common presentational area like Header, Footer should be defined in Layout view.
 36		Add Html.Encode for all user input data that is displayed, whether immediately rendered or the data is put into the database and then displayed later. Otherwise use <%: ViewData["CustomerName"] %> for encoding. 
 37		Refresh partial view updates using AJAX. 
 38		Do not write Javascript in View page. Utilize jQuery. 
 39		Use the Html.AntiForgeryToken class in forms to protect against cross-site forgery request. On the action which takes the post request, place the ValidateAntiForgeryToken attribute 
 40		Your View Models should be different from Business Model. Do not use the same Business model extending to UI. While your UI is more volatile with respect to fields should not imply a change in business model.
	S.No Description
	1 ConfigureServices Method should be as lean as possible. Create an extension class with the static method. then just to call this extended method upon the IServiceCollection type
	2 DAL should be created as a separate service. With DAL as a separate service we can register it inside the IOC (Inversion of Control) container.
	3 The repository logic should always be based on interfaces
	4 The controllers shouldn’t have any business logic inside it.
	5 Actions should always be clean and simple. Actions should have IActionResult as a return type in most of the cases. That way we can use all the methods inside .NET Core which returns results and the status codes as well.
	6 Handle errors globally as much as possible using built-in and ready to use middleware or custom middleware. Add that exception middleware in the Startup class by modifying the Configure method
	7 Use ActionFilters to Remove Duplicated Code
	8 Separate entities that communicate with the database from the entities that communicate with the client. Map the data fetched to a DTO and return the result to the client
	9 Attribute Routing should be used for most cases instead of Conventional Routing
	10 Logging should be in place using logging providers
	11 Do not store the passwords in a database as a plain text. Hash the passwords
	12 Use Response Cache
	13 Do not block asynchronous execution by calling Task.Wait or Task.Result
	14 Do not acquire locks in common code paths
	15 Do not call Task.Run and immediately await it
	16 Make hot code paths asynchronous.
	17 Call data access and long-running operations APIs asynchronously if an asynchronous API is available. Once again, do not use Task.Run to make a synchronus API asynchronous.
	18 Make controller/Razor Page actions asynchronous. The entire call stack is asynchronous in order to benefit from async/await patterns.
	19 Do not allocate many, short-lived large objects on hot code paths
	20 Do call all data access APIs asynchronously
	21 Do not retrieve more data than is necessary. Write queries to return just the data that's necessary for the current HTTP request.
	22 Do consider caching frequently accessed data retrieved from a database or remote service if slightly out-of-date data is acceptable. Depending on the scenario, use a MemoryCache or a DistributedCache.
	23 Do minimize network round trips. The goal is to retrieve the required data in a single call rather than several calls.
	24 Do use no-tracking queries in Entity Framework Core when accessing data for read-only purposes. EF Core can return the results of no-tracking queries more efficiently.
	25 Do filter and aggregate LINQ queries (with .Where, .Select, or .Sum statements, for example) so that the filtering is performed by the database.
	26 Use ASP.NET Core's built-in support for bundling and minifying client assets
	27 Do not use throwing or catching exceptions as a means of normal program flow, especially in hot code paths
	28 Before putting untrusted data inside an HTML element/attribute ensure it's HTML encoded
	29 Before putting untrusted data into JavaScript place the data in an HTML element whose contents you retrieve at runtime or ensure the data is Javascript encoded
	30 Before putting untrusted data into a URL query string ensure it's URL encoded
	31 Use AntiForgeryToken where it is necessary
	32 HTTPS Redirection Middleware (UseHttpsRedirection) to redirect HTTP requests to HTTPS
	33 HSTS Middleware (UseHsts) to send HTTP Strict Transport Security Protocol (HSTS) headers to clients.
	S.No Description
	1 Make sure that there shouldn't be any project warnings.
	2 Avoid nested for / for-each and make use of LINQ lambda expressions where applicable.
	3 Complex string manipulations to be worked out using StringBuilder.
	4 Reduce the usage of out and ref keywords.
	5 Use USING blocks for avoiding memory leaks and utilizing unmanaged resources.
	6 Unused strings, methods, comments to be removed
	7 "Class property, methods, objects, events, and enumerations are Pascal case. No underscores"
	8 Proper implementation of try catch block is applicable.
	9 Not more than 30-40 LOC / method.
	10 Summary Comments on top of the method is important.
	11 Use constants and readonly where applicable.
	12 Option Strict and Option Explicit are both set to On.
	13 Class constants are all UPPER case with underscores between each word.
	14 Only one statement per line
	15 Only one declaration for line
	16 Uses line continuation characters to break long lines of code to avoid horizontal scrolling
	17 Comments are used for complex logic, and not used where code is clear and unambiguous
	18 Check if your UI is not injected with SQL.
	19 Separate set of methods / events using #region.
	20 Single Responsibility Principle: Make sure the class & methods are well seperated based on responsibility.
	21 Use String.format instead of concatenation
	22 Use String.Empty instead of ""
	23 Variables can be on camel case.