MICROSOFT PATTERNS AND PRACTICES PDF

adminComment(0)
    Contents:

trademarks or trademarks of Microsoft Corporation in the United States and/or . Chapter 3: Architectural Patterns and Styles .. patterns & practices Offerings. Nov 24, A final PDF is now available for our patterns & practices Application Architecture Guide, second edition. This is our platform playbook for the. We discover, collect, and encourage practices that bring joy to engineering software. A tool for deploying Azure infrastructure based on proven practices. A reference implementation demonstrating microservices architecture and best practices for Microsoft Azure.


Microsoft Patterns And Practices Pdf

Author:LEONARDO REINEMAN
Language:English, Indonesian, Portuguese
Country:Poland
Genre:Fiction & Literature
Pages:666
Published (Last):10.06.2015
ISBN:507-2-81155-414-8
ePub File Size:25.75 MB
PDF File Size:8.74 MB
Distribution:Free* [*Sign up for free]
Downloads:27103
Uploaded by: CHERI

This guide is a collaborative effort between patterns & practices, product teams, and industry experts. on MSDN. Download the final release in PDF on MSDN. Author: Microsoft Patterns & Practices Team CMU-CS, available at bestthing.info), as: . Jason Taylor. Prashant Bansode. Lonnie Wall. Rob Boucher Jr. Akshay Bogawat. Web Application Architecture Pocket Guide. Microsoft patterns & practices. 3.

Validate data for type, length, format, and range. Consider using regular expressions for validating the inputs. For an improved user experience, consider using client-side validation, but always perform validation at the server as well.

Encode your output.

You must also understand how the three parts of the triad communicate with each other to process requests from user input. The Model represents data, and the View is the UI, which displays the data to the user and contains controls for the user to interact with the data and the application.

The Controller is responsible for handling requests, initializing the Model and choosing the appropriate View. In the Passive Model pattern, changes to the Model are only captured when the Controller processes a request. One of the limitations with this pattern is that, because the controller is responsible for intercepting and handling requests, you lose capabilities associated with the View such as the ability to handle control events and the use of viewstate in ASP.

Similar to the controller in MVC, the Presenter is responsible for processing requests and initializing the model. The main advantage of using this pattern over MVC is that, because the view handles requests, you also have support for control events and the ability to maintain the state of controls in the view. There are two main variations on this pattern, Passive View and Supervising Controller.

With Passive View, requests are intercepted by the View and passed to the Presenter, and then the Presenter initializes fields in the View through an interface. This variation completely decouples the view from the Model and provides the highest level of testability. With Supervising Controller, the View passes requests to the Presenter, the Presenter notifies the View when the Model is initialized, and the View accesses the Model directly.

This variation is useful when you have a lot of data that needs to be presented in the View, which makes Passive View impractical. If you are working with content-based applications that have few or no business rules, consider using XML. If you have complex business rules related to the business domain, or if you are designing a rich client where the domain model can be initialized and held in memory, consider using custom Domain Model objects. If your tables or views in the database represent the business entities used by your application, consider using custom objects.

If the data you are consuming is already in XML format, or if you are working with read-only documentbased data, consider using custom XML objects. If you have volatile business rules, consider storing them in a separate rules engine.

If you want your business rules to be separate from the business data, consider using business process components. If your business processes involve multiple steps with long-running transactions, consider using business workflow components.

A well-designed business component exposes data and functionality based on how the data is used, and abstracts the underlying data store and service. Do not mix unrelated functionality within a business component; for example, do not mix data access logic and business logic within the same component.

Consider designing consistent input and output data formats for business components. Avoid including business logic in a service interface in order to improve reusability and maintainability and reduce duplication of code.

Consider using standard protocols such as the SOAP as the communication medium to ensure maximum compatibility with a range of clients. The data access logic layer provides a level of abstraction from the underlying data store. A well-designed data access layer exposes data and functionality based on how the data is used, and abstracts the underlying data store complexity. Do not arbitrarily map objects to tables and columns, and avoid deep object hierarchies.

For example, if you want to display a subset of data, and your design retrieves an entire object graph instead of the necessary portions, there is unnecessary object creation overhead. Evaluate the data you need and how you want to use the data against your underlying data store.

Connections are an expensive and scarce resource, which should be shared between callers by using connection pooling. Opening a connection for each caller limits scalability.

Connect by using service accounts associated with a trusted subsystem security model. Open database connections only when you need them. Close the database connections as soon as you are finished—do not open them early, and do not hold them open across calls. If you have a small application with limited business rules, consider using dynamic SQL as it is the simplest model with the least development overhead. If you are building a larger application with maintainability requirements, consider using stored procedures since most changes to the database schema will have a minimal impact on application code.

For security considerations, you should always use typed parameters, either passed to a stored procedure or used when creating dynamic SQL.

Minimize the amount of data passed over the network. Use database connection pooling to share connections across requests. Keep transactions as short as possible to minimize lock durations and to improve concurrency.

However, do not make transactions so short that access to the database becomes too chatty. Do not consider scalar values if your design is not capable of handing schema changes. Consider XML strings when you must support a variety of callers, including third-party clients. Consider custom objects when you must handle complex data, communicate with components that know about the object type, or require better performance through binary serialization.

Consider using Data Transfer Objects DTOs that combine multiple data structures into a single structure in order to reduce round trips between layers and tiers. With the Microsoft. NET Framework, do not pass DataReader objects between layers because they require an open connection. A DataSet contains schema information and maintains a change record, which means it can be modified and used to update the database without requiring additional code.

However, it is important to understand that DataSets are expensive to create and serialize compared to custom objects. Use these guidelines as a starting point toward understanding the key concerns, such as when to use business entities, how to design your service interface, how to choose a Web service technology, and how to think about Representational State Transfer REST and SOAP.

In most cases, you want to design services that are autonomous, provide explicit boundaries, do not expose internal classes, and use policy to define interaction requirements. Consider using standard elements to compose the complex types used by your service.

If you already have an application and want to expose operations as services, you should identify the necessary operations and then define interface contracts that combine operations in order to produce application-scoped procedures.

The main thing you do not want to do is expose component- or object-based operations as service operations. When starting from scratch, you should first define the service interface contracts that an application needs to support. The main goal is to provide coarse-grained interface contracts that support business-process or client requirements without focusing on the implementation. Once you have defined the contracts, you can then focus on how to implement code that supports the contracts.

WCF allows you to implement duplex communication, and you can also use it with Windows Message Queuing and as a Windows service. In addition, you have more options with regard to protocols, bindings, and formats. Keep in mind that WCF requires the.

NET Framework 3.

Microsoft patterns & practices

The guidelines help you to understand how to design your application, keeping security and performance in mind right from the beginning. A detailed understanding of your application will also help you uncover more relevant and detailed threats. Use a security frame to focus on areas where mistakes are most often made. Key categories in a security frame include auditing and logging, authentication, authorization, configuration management, cryptography, exception management, input and data validation, and sensitive data.

Rate the threats based on the risk of an attack or occurrence of a security compromise and the potential damage that could result.

This allows you to deal with threats in the appropriate order. Identify your performance objectives, your workload, and your budgets. Identify your constraints, such as time and hardware budget.

Use load testing and unit tests to measure performance, and identify if hardware or deployment scenarios are the cause of bottlenecks. Ensure that you test with data types and data volumes that match the actual run-time scenarios. Identify requirements, cost, and budget restraints, and whether improvements can come from additional hardware and infrastructure, improved application code, or by adopting a different deployment approach.

Perform design inspections and code inspections to identify poor practices that could lead to bottlenecks.

Organize and prioritize your performance issues by using a performance frame. Key categories in a performance frame include data structures and algorithms, communication, concurrency, resource management, coupling and cohesion, caching, and state management. Learn about the canonical layered application style. Learn the steps you should follow when beginning your design.

Now Available: Final PDF of the Microsoft Application Architecture Guide, Second Edition

Learn about the main application types and architectural styles. Learn the quality attributes and understand the engineering hotspots that are important when designing an application. Avoid tight coupling to objects in other layers by using common interface definitions, abstract base classes, or message-based communication. For example, implementing the Dependency Injection and Inversion of Control patterns can provide a shared abstraction between layers.

Design your application to run in the browser sandbox. When designing an RIA, consider using a single page that changes dynamically as the user works with the application.

Multi-page designs are more complex in an RIA, and require additional considerations such as deep linking and UI screen navigation. Design for usability, such as the ability to pause and navigate to the appropriate point in a workflow without restarting the whole process.

RIA implementations have a small footprint on the client, but require a browser plug-in. Design for scenarios in which the browser plugin is not already installed, including non-interruptive plug-in installation and displaying informative error messages if an installation problem should occur.

Within the service layer, you define interface contracts, classes to translate between the interface and the business layer, and concrete classes that implement the interface. When choosing which device types to support, consider screen size and format, CPU performance characteristics, memory and storage space, development tool and environment support, as well as user requirements and organizational constraints.

Design your caching, state management, and data-access mechanisms with intermittent network connectivity in mind. Use these guidelines as a starting point toward understanding how to think about key functionality that cuts across layers and tiers. For example, your exception-management strategy should be designed to be consistent across your entire application, and not with just a single layer in mind. Use exceptions instead of error codes where possible. Do not reveal internal system or application details, such as stack traces, SQL statement fragments, and so on.

Ensure that this type of information is not allowed to propagate to the end user, or beyond your current trust boundary. Fail securely in the event of an exception, and make sure that your application denies access and is not left in an insecure state. Use finally blocks to guarantee that resources are cleaned up when exceptions occur; for example, close your database connections in a finally block. Do not log sensitive or private data such as passwords, which could be compromised.

When the exception contains user input in the exception message, ensure that you sanitize and validate it; for example, if you return an HTML error message, you should encode the output to avoid script injection. This could be a debugging issue, a performance issue, a security issue, a manageability issue, and so on.

This is different than logging in that logging is a general approach to pushing information into log files that might need to be audited in the future, versus a targeted approach to get information for a specific problem. Where you cannot use transactions, implement compensating methods to revert the data store to its previous state. Avoid holding locks for long periods; for example, when using long-running atomic transactions.

Consider using compensating locks for long-running transactions. If the chance of a data conflict from concurrent users is low for example, when users are generally adding data or editing different rows , consider using optimistic locking during data access. If the chance of a data conflict from concurrent users is high for example, when users are likely to be editing the same rows , consider using pessimistic locking during data access.

If transactions take a long time to complete, consider using asynchronous transactions that call back to the client when complete. NET, or System. T-SQL transactions are most efficient for server-controlled transactions on a single data store.

Keep transactions as short as possible, consider your isolation level, and keep read operations to a minimum inside a transaction. Use these guidelines as a starting point toward understanding key concerns, such as how to validate input on the client and on the server, and how to choose between the Model-View-Controller MVC and Model-ViewPresenter MVP patterns. Constrain, reject, and sanitize your input because it is easier to validate data for known valid types, patterns, and ranges than it is to validate data by looking for known bad characters.

Validate data for type, length, format, and range. Consider using regular expressions for validating the inputs. For an improved user experience, consider using client-side validation, but always perform validation at the server as well. Encode your output. You must also understand how the three parts of the triad communicate with each other to process requests from user input. The Model represents data, and the View is the UI, which displays the data to the user and contains controls for the user to interact with the data and the application.

The Controller is responsible for handling requests, initializing the Model and choosing the appropriate View. In the Passive Model pattern, changes to the Model are only captured when the Controller processes a request.

One of the limitations with this pattern is that, because the controller is responsible for intercepting and handling requests, you lose capabilities associated with the View such as the ability to handle control events and the use of viewstate in ASP. Similar to the controller in MVC, the Presenter is responsible for processing requests and initializing the model. The main advantage of using this pattern over MVC is that, because the view handles requests, you also have support for control events and the ability to maintain the state of controls in the view.

There are two main variations on this pattern, Passive View and Supervising Controller. With Passive View, requests are intercepted by the View and passed to the Presenter, and then the Presenter initializes fields in the View through an interface.

This variation completely decouples the view from the Model and provides the highest level of testability.

Browse more videos

With Supervising Controller, the View passes requests to the Presenter, the Presenter notifies the View when the Model is initialized, and the View accesses the Model directly. This variation is useful when you have a lot of data that needs to be presented in the View, which makes Passive View impractical.

If you are working with content-based applications that have few or no business rules, consider using XML. If you have complex business rules related to the business domain, or if you are designing a rich client where the domain model can be initialized and held in memory, consider using custom Domain Model objects.

If your tables or views in the database represent the business entities used by your application, consider using custom objects. If the data you are consuming is already in XML format, or if you are working with read-only documentbased data, consider using custom XML objects.

If you have volatile business rules, consider storing them in a separate rules engine. If you want your business rules to be separate from the business data, consider using business process components. If your business processes involve multiple steps with long-running transactions, consider using business workflow components. A well-designed business component exposes data and functionality based on how the data is used, and abstracts the underlying data store and service.

Do not mix unrelated functionality within a business component; for example, do not mix data access logic and business logic within the same component. Consider designing consistent input and output data formats for business components. Avoid including business logic in a service interface in order to improve reusability and maintainability and reduce duplication of code.

Consider using standard protocols such as the SOAP as the communication medium to ensure maximum compatibility with a range of clients.

The data access logic layer provides a level of abstraction from the underlying data store. A well-designed data access layer exposes data and functionality based on how the data is used, and abstracts the underlying data store complexity. Do not arbitrarily map objects to tables and columns, and avoid deep object hierarchies. For example, if you want to display a subset of data, and your design retrieves an entire object graph instead of the necessary portions, there is unnecessary object creation overhead.

Evaluate the data you need and how you want to use the data against your underlying data store. Connections are an expensive and scarce resource, which should be shared between callers by using connection pooling. Opening a connection for each caller limits scalability.

Connect by using service accounts associated with a trusted subsystem security model. Open database connections only when you need them.

Close the database connections as soon as you are finished—do not open them early, and do not hold them open across calls. If you have a small application with limited business rules, consider using dynamic SQL as it is the simplest model with the least development overhead. If you are building a larger application with maintainability requirements, consider using stored procedures since most changes to the database schema will have a minimal impact on application code.

For security considerations, you should always use typed parameters, either passed to a stored procedure or used when creating dynamic SQL. Minimize the amount of data passed over the network. Use database connection pooling to share connections across requests. Keep transactions as short as possible to minimize lock durations and to improve concurrency.

However, do not make transactions so short that access to the database becomes too chatty. Do not consider scalar values if your design is not capable of handing schema changes. Consider XML strings when you must support a variety of callers, including third-party clients. Consider custom objects when you must handle complex data, communicate with components that know about the object type, or require better performance through binary serialization. Consider using Data Transfer Objects DTOs that combine multiple data structures into a single structure in order to reduce round trips between layers and tiers.

With the Microsoft.Nothing could be further from the truth. Business components. User process components. Business entity components. Your choice of technologies will also be governed by organization policies, infrastructure limitations, resource skills, and so on.

CARMINE from Norwalk
I do enjoy sharing PDF docs rigidly . Review my other articles. I take pleasure in cycle speedway.
>