Today, I came across a checklist for SharePoint Custom Solution Code Acceptance. I reckon this checklist (modified if necessary) should be part of your test plans if your SharePoint Project needs custom solution bits. Code acceptance checklist outlines best practices for security, session management, validation, sensitive data, exception handling, Web parts, documentation, general software development. I think it is very important for any SharePoint developer to keep these best practices in mind. Of all the best practices I feel every SharePoint developer (novice to experienced) should at least follow ‘Web part development’ and ‘general software development’ best practices as a mantra!!
Best Practices for SharePoint Web part Development:
- Custom Web parts (including resource files) are contained within a SharePoint Feature and are packaged as a SharePoint solution in order to be deployed.
- The configuration of Web parts that are being deployed gives the administrator the flexibility of deploying to the Web application level or lower.
- You use the SharePoint Web part infrastructure’s standardized set of connection interfaces for Web parts to exchange information with each other at run time.
- Source code for third party Web parts solutions, whenever possible, is provided with adequate documentation to ensure good technical support.
- All custom Web parts utilize the SharePoint architecture to ensure consistent behaviour across the application for functionality such as single sign-on, feature deployment, and so on.
Best Practices for General SharePoint Software Development:
- Assemblies have a strong name. (Dynamically generated ASP.NET Web page assemblies cannot currently have a strong name.)
- You use delay signing as a way to protect and restrict the private key that is used in the strong name and signing process.
- Assemblies include declarative security attributes (with SecurityAction.RequestMinimum) to specify minimum permission requirements.
- Highly privileged assemblies are separated from lower privileged assemblies.
- If an assembly is to be used in a partial-trust environment (for example, it is called from a partial-trust Web application), then privileged code is in a separate assembly.
- You rely on a native configuration file to support the application instead of changing the configuration to the Web.config.
- You use .NET Framework 2.0, 3.0, or 3.5.
- You use a single .NET Framework version. You do not mix multiple versions.
- Your code is 64 bit compatible.
- Your application does not try to directly access any SharePoint databases. Data stores in SharePoint databases are only updated by using the SharePoint object model.
- You avoid hard coding strings and labels. You use resources or language files instead.
- When referencing the SPWeb or SPSite objects, you employ a using statement or, alternatively, you use an explicit call of the .Dispose method to ensure proper use and disposing of the memory objects.
- You use caching as appropriate to reduce unnecessary round trips. For Web parts, you expose the cache expiration (duration) as a Web part property.
- When packaging your solution, you include a Code Access Security policy for the solution and, if necessary, include your assembly in the Safe Controls list though the solution.
- When logging code, you use the Portal Log class to log the SharePoint Unified Logging Service (ULS) logs.
- If you need to update multiple list items by using remote code, you use the Web service to update list items. You only use SPListItem.Update() if you have to update more than one item at a time by using local OM-based code.
- When using the Count property of a SPListItemCollection, you only call it once and then store it in a variable that you can refer to when looping. You do not call it inside a loop.
- The solution uses the AppSettings object to implement XML mapping. (This can be provided by using the settings persistence framework in .NET 2.0, 3.0, or 3.5.) The solution avoids creating custom XML files and a strongly typed object for XML mapping.
- Installation and deployment logging are provided in the event logs to enable appropriate operational troubleshooting during installation and uninstallation.
Please note that, the best practices are not limited to ones mentioned above. Best Practices are something which evolve with experience. If you know of any other best practices which you think are worth sharing don’t hesitate to share them in comments.
For other best practices please refer to Sample code acceptance checklist for IT organizations.
For a printable version of the sample code checklist that you can edit, download the list as a Word 2007 document (.doc).
Sample code acceptance checklist for IT organizations (http://go.microsoft.com/fwlink/?LinkId=125134)
Additional Resources for Best Practice SharePoint Development
-
Microsoft Office SharePoint Server 2007 SDK (http://go.microsoft.com/fwlink/?LinkID=72208)
-
Windows SharePoint Services 3.0 SDK (http://go.microsoft.com/fwlink/?LinkID=113927)
-
Development Tools and Techniques for Working with Code in Windows SharePoint Services 3.0 (http://go.microsoft.com/fwlink/?LinkId=123413)
-
Working with ASP.Net 2.0 Web parts and WSS 3.0 (http://go.microsoft.com/fwlink/?LinkId=123429)
-
Best Practices: Common Coding Issues When Using the SharePoint Object Model (http://go.microsoft.com/fwlink/?LinkId=123414)
-
Windows SharePoint Services Developer Center (http://go.microsoft.com/fwlink/?LinkId=123428)
-
MSDN Webcast: Essentials of Application Security (Part 1 of 3): Secure Communications (Level 200) (http://go.microsoft.com/fwlink/?LinkId=123430)
-
SharePoint Server 2007 Developer Portal (http://go.microsoft.com/fwlink/?LinkID=119449)
-
Microsoft Anti-Cross Site Scripting Library V1.5 (http://go.microsoft.com/fwlink/?LinkId=123431)
-
Improving Web Application Security: Threats and Countermeasures (http://go.microsoft.com/fwlink/?LinkId=123432)
-
Exception Management Architecture Guide (http://go.microsoft.com/fwlink/?LinkId=123433)
-
SharePoint Products and Technologies White Paper: Implementing Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0 Solutions (http://go.microsoft.com/fwlink/?LinkId=114834)
-
How to programmatically test for canonicalization issues with ASP.NET (http://go.microsoft.com/fwlink/?LinkId=123434)
-
Validating ASP.NET server controls (http://go.microsoft.com/fwlink/?LinkId=123435)
-
MSDN Webcast: Digging into Server-Side State Management (http://go.microsoft.com/fwlink/?LinkId=123436)
-
SharePoint Products and Technologies customization policy (http://go.microsoft.com/fwlink/?linkid=92311)
Posted by SharePoint Daily for August 19, 2008 - SharePoint Daily on August 20, 2008 at 12:16 am
[...] SharePoint Development Best Practices – Checklist (Footprint of IT)Today, I came across a checklist for SharePoint Custom Solution Code Acceptance. I reckon this checklist (modified if necessary) should be part of your test plans if your SharePoint Project needs custom solution bits. Code acceptance checklist outlines best practices for security, session management, validation, sensitive data, exception handling, Web parts, documentation, general software development. [...]
Posted by sharec on August 25, 2008 at 9:10 pm
Very good collection of resources Jag.I appreciate your hard work.
Posted by rtemple on December 10, 2008 at 12:56 am
Nice checklist. One question for you on #3 – Best Practices for SharePoint Web part Development,
I’ve read other sources that recommend using the System.Web.UI.WebControls.WebParts libraries rather than the Sharepoint. I’m working with provider – consumer webparts and connections and having difficulty adding Ajax functionality to the webconnection. Do you have any suggestions?
Thanks!