Some baseline coding principles and best-practices can be adopted from the Microsoft
documentation as standard.
- Put all business logic in the model
- Put all validation logic in the model
- Define interfaces for data access
- Put HTML in views and partials and not in the controller
- Access data in views using ViewData
- Insert server-side comments in templates
- Use HTMLHelper extension methods
- Use model binding instead of manually parsing a request
- Use Post/Redirect/Get when submitting forms
- Implement HandleUnknownAction and HandleError
- Order routes from specific to general when using standard routing
- Use named routes to avoid route ambiguity
- Use filters for adding behaviours
- Guard against common attack vectors
- Cross-site scripting (XSS) attacks
- SQL injection
- Cross-site Request Forgery (XSRF)
- Improperly implementing model binding
- Authenticate and authorise users
- Use
<%: %> to protect against XSS
- Consider partial page updates using AJAX
- Don't over-use session, instead use TempData for intra-request storage
- Use an OutputCache filter for static pages
- Consider using asynchronous controllers for long running requests