best-practices

Opinion Time: Should Developers ALWAYS Build an API?

There's been some talk in my office lately about the practicality of always building API (Application Programming Interfaces) backends for our apps. Some of my teammates argue that it ensures portability, that we can move to newer technologies more readily. Others agree, but say the primary reason is to provide a layer of abstraction between the code and the data (since enough abstractions can solve many problems). I personally have a much more basic problem. I'm at a crossroads, and... Read more >

Between Two Stacks: The Consequences of a Data-Less Decision

We've been having an ongoing debate in our team about what archicture to use to implement our new enterprise-level application. There are two possible solutions, one familiar, one fast, but we can't seem to reach a conclusion as to which to use. A lack of applicable data is forcing us to make this key decision on intuition and guesswork, and I can't help but wonder how else we might be able to decide which path to take. Speed lights 2... Read more >

Ten Commandments For Naming Your Code

There are only two hard things in Computer Science: cache invalidation and naming things. -- Phil Karlton Naming things is hard. Image taken from [How to Name Things](http://slidedeck.io/hoontw/naming-things), used under [license](https://creativecommons.org/licenses/by/4.0/) As developers, we spend a lot of time and effort trying to name things appropriately. This can cause us no small amount of frustration, as the ability to name things properly requires abilities (a mastery of your... Read more >

Best Practices: Fight Code Ambiguity with Enumerations

I've written before about the idea that code needs to have a reason to exist. Right alongside that idea is another I frequently find myself having to be reminded of: code must have a clear, explicit meaning. Let me clarify what I mean by that (irony alert!). I think that a reason to exist and meaning are two distinct ideas. In my mind, having meaning gives the code purpose and importance (much like it does for humans). Funny thing is,... Read more >

Using POST-REDIRECT-GET in ASP.NET MVC

Anybody that's been on the internet for more than five seconds has encountered one of these: I'm a fan of getting rid of anything that interferes with the user experience, and these dialogs certainly get in the way. There's a pattern we can implement, called POST-REDIRECT-GET, that will eliminate these dialogs. Let's see what that pattern is, and how we can implement it in a simple ASP.NET MVC application. What is PRG? POST-REDIRECT-GET is a pattern that says a... Read more >

Use FluentValidation for a better validation framework in MVC

One of my team's favorite NuGet packages is FluentValidation, a package that allows us to extend the validation rules provided by System.ComponentModel to give us more flexible validation framework. In this post, we'll go over how to set up and use FluentValidation in a simple MVC web application. Let's get started! Getting the FluentValidation Package First things first, we need to grab FluentValidation from NuGet. Because we want to use it in an MVC project, we need the MVC... Read more >

Prevent Cross-Site Request Forgery (CSRF) Attacks in MVC with AntiForgeryToken

One of the most common security vulnerabilities on any given website is the Cross-Site Request Forgery (CSRF) attack. It's so common that OWASP has regularly included it in its list of the top ten security vulnerabilities. Luckily for us, Microsoft has made this kind of attack very easy to prevent in ASP.NET MVC via the use of AntiForgeryTokens. What is a Cross-Site Request Forgery Attack? Pretend we're doing some online banking. Without logging out of the bank's site or... Read more >

Code must have a reason to exist (even if we don't like the reason)

I generally operate from the position that code must have a reason to exist. If it doesn't have a reason to be there, or be at this particular place, then it should be deleted, and I don't think twice about deleting code. So I tell my team that every piece of code you write must have a reason to exist, preferably a technical one, and one we can defend if people ask Why is this here? Today, this theory (and... Read more >