Components of a solid web application

Posted by Dian on February 10, 2011 0 comments

We have developed many applications over time and I thought I’d jot down a few points on recurring elements that we have applied to make successful web applications.

When thinking about a website, it is important to keep in mind that all content you want to maintain on your site, albeit text content (such as product information, company news, events, career sections etc), social media feeds, embedded content such as video clips, audio files, and data feeds from external sources has to be maintained from “somewhere”. Usually this is done the an administrative interface associated with your website. It is very rare that you get a site that has purely static content – even these ones may be generated dynamically.

When I look at a site, there are usually a few things I look for that will indicate the reliability and credibility:

  • Content – How up to date and relevant is the information that I am looking for?
  • Contact information – physical address, telephone numbers, email address
  • Copyright tag/dates on articles – when last was the site updated?

These little things usually tells me something additional about the site if I want to take it seriously.

Any well constructed website usually have at least two types of interfaces:

  1. Web  or Public-facing side - This is the site that the general web browsers will visit to access your content, albeit via referrers, search engines or direct links. Most website content is driven by a normalized database (in basic terms, “normalized” means that data is stored efficiently in a non-repetitive manner). Not only do databases allow for dynamic updates of content through some form of Content Management System (CMS), but also allows for additional functionality such as search facilities and keyword tags, and updates are usually done through the administrative interface. Apart from that, databases can store a variety of information from a number of sources such as traffic logs, auditing trails and any other general information about your site.
  2. Administrative or Private-facing side – This is the area that you access to maintain your site content and any additional parameters that determines your sites behavior. Information or system parameters that are set from this facility usually have a direct behavioral impact on the web- or secure client sides. This section also allows for administrative personnel to moderate inputs from the web site or customer interfaces.
  3. Additionally, if you have customers that subscribe to your services that you offer, have an account, or have purchased products from your site, you’ll also need to have a secure Client interface that your customers can use. Secure client interface implies encrypted transactions between the customer and your web application and is usually indicated by a certificate or “lock” symbol associated with the HTTPS web address prefix.

Keep in mind that not all applications are web-facing. Web-based application can be used internally (such as a company intranet or tool that automate in-house processes) within your organisation in which there is no public interface. You’d still need the administrative component and then a internally-faced web application for employees or agents to use.

Additional mechanisms to enforce or complement your web site

  • Database Security – All passwords should be stored securely on your database in an encrypted format – one popular “one-way” encryption mechanism is the MD5 standard.  In Ireland, the Data Protection Commissioner has set forth some guidelines in how a site should store this and any customer-related information such as personal information (contact details, address) and payment information (such as credit card details). Also, always ensure to enforce strong password policies within your business, and remember,  as the saying goes, never put all your eggs in one basket. It is usually advised that sensitive or critical information such as personal customer information be stored on a separate database away from your typical application data which usually involve tighter security.
  • Website Security – Automatically denying access by internet address based on unusual activity on your website can stifle any potential attacks. Botnets (used for probing your site for vulnerabilities) and Denial of Service attacks are hugely prevalent today and any website is under constant risk of being exploited or attacked.
  • Activity Logging – Logging activity on your administrative or client interfaces can be an extremely useful resource for auditing and paper-trail purposes. Even basic information such as time/date, internet address, action, relevant web page name and username/login information can help to monitor activity or help in problem-solving scenarios.  Logged information can vary from basic to detailed “action-by-action” data.
  • Error handling and logging- Generally, two of the most common website error messages most web browsers will encounter are the famous “404 File Not Found” error and the “500 Server Error”. Most applications will handle these errors gracefully with a customized message. Although a lot of companies often overlook this web server feature, it is very important to monitor the frequency of these errors as they usually are the first sign of malicious activity on your site. One way of keeping track of them are by logging the information a database.
  • Online help – Ensure to let people know how to use the system by offering online help facilities. This can be in the form of on screen pop-ups, embedded video clips as tutorials or live help chat facilities.
  • Granular permissions – Granular permissions provides flexible access to pages within your applications. Generally permissions can be “VIEW” and “EDIT”, but can be expanded to explicitly give control to content based on the user credentials.
  • Feedback mechanisms – Allows people to provide feedback on your site. There are various ways of doing this – online contact forms, social action buttons and comments.
  • Sitemaps - This is very important in assisting search engines in efficiently indexing pages on your site. This can be fixed or dynamically generated.
  • Terms of Use and Privacy statements – This is very important because, I for one, do read this information. This reflects the “contract” that you agree with using the site – its products and services – in developing your business relationship.
  • Template driven site – From an administrative point of view, modern sites are usually designed using two or more templates, that will allow for easy maintenance of the overall site structure. As sites tend to grow and expand, you can imagine that it is a nightmare to maintain a site with 100+ source files and images – updating this is both inefficient and  unproductive.

Find the post-back control

Posted by Dian on January 25, 2011 0 comments

Often you need to find the name of the control that is causing the post-back event so that you can filter on the post-back and perform specific tasks.

The following code is very simple to implement and works really great.

protected void Page_Load(object sender, EventArgs e)
{
    if (IsPostBack)
    {
        Control postbackControl = GetPostBackControl(this.Page);

        if (postbackControl.ID == "ddlCustomerChoice")
        {
            int choiceId = Convert.ToInt32(ddlCustomerChoice.SelectedValue);
            DoSomething(choiceId);
        }
    }
}
public static Control GetPostBackControl(Page page)
{
    Control control = null;

    string ctrlname = page.Request.Params.Get("__EVENTTARGET");
    if (ctrlname != null && ctrlname != string.Empty)
    {
        control = page.FindControl(ctrlname);
    }
    else
    {
        foreach (string ctl in page.Request.Form)
        {
            Control c = page.FindControl(ctl);
            if (c is System.Web.UI.WebControls.Button)
            {
                control = c;
                break;
            }
        }
    }

    return control;
}

Hello world!

Posted by Dian on January 1, 2011 0 comments

It has been a busy few weeks but I am glad to announce that ISADIAN has relaunched its new look, with a slight shift in business focus – from offering general IT consulting to more specialized “Social Media Integration” services. There is still a lot of work that needs to be done but we are excited about new prospects and possibilities.

If you spot anything out of the ordinary on the website, please let us know! :)