Skip to main content
BuyLog In
XAF: Cross-Platform .NET App UI & Web API
Search in…
Docs > Deployment > Deployment Recommendations for ASP.NET Applications
A newer version of this page is available. .
All docs
V18.2
eXpressApp Framework
Fundamentals
Getting Started
Concepts
Design-Time Features
Deployment
Deployment Tutorial
Apply Different Configurations
Update Application and Database Versions using the ModuleInfo Table
Redistribution and Deployment
Medium Trust Support (Obsolete)
Deployment Recommendations for ASP.NET Applications
Task-Based Help
Frequently Asked Questions (FAQ)
API Reference
Download CHM

Deployment Recommendations for ASP.NET Applications

  • 5 minutes to read

This topic explains how to reduce the memory requirements on your server(s) and secure your application.

ASP.NET

  1. Scale your ASP.NET XAF applications

    You can configure a web farm to achieve high scalability in your ASP.NET XAF application. XAF ASP.NET applications are stateful (maintain session state) when they are used on web farm, and each user session requires about 10 MB of memory. This means that a client’s requests should be routed to the same content server because the session management is not centralized. To learn more about how to configure a web farm for stateful applications, refer to the HTTP Load Balancing using Application Request Routing article. Step 3 of this article describes how to enable the client affinity feature.

    Additional resources:

  2. Server Mode

    There is no limit on the number of the application’s database records. However, you can use the Server Mode for List Views to only retrieve the required records (visible in the grid) from the database. You can set the Server Mode for all List Views. To do this, use the Options or Views | <ListView> node’s IModelOptions.DataAccessMode property. Note that in server mode, a List View does not have simultaneous access to all the Collection Source’s type objects. This imposes limitations listed in the Server Mode article.

  3. Supported session state modes

    The XafApplication class, as well as other XAF entities stored in the session, are not serializable. An XAF application cannot use the StateServer, SQLServer and Custom session state modes; use the InProc session state mode instead.

Mobile

  1. Secure Sockets Layer

    The Mobile data service (XafDataService) is a standard WCF Data Service whose API conforms to OData V3. You should consider encrypting communication between the client and the data service using the Secure Sockets Layer (SSL) because it uses a cookie-based authentication. Refer to the HTTPS and WCF Data Services articles for more details.

  2. Brute Force attacks prevention

    The Blocking Brute Force Attacks article describes approaches to block this type of attacks. You can use one of these approaches or implement your own, for example, blocking a user with suspicious activity. The following topics describe how to protect your application from these attacks:

  3. The MetadataService excluding

    MetadataService is a non-secure service used to build an application while you develop it. Usually, you can exclude this service from an application’s production version. To do this, remove the following configuration snippet from the Web.config file in the Mobile application project:

    <configuration>
  <system.serviceModel>
    <services>
      <service name="MySolution.Mobile.MetadataService">
        <endpoint address="" behaviorConfiguration="web" binding="webHttpBinding" bindingConfiguration="msgSize" contract="DevExpress.ExpressApp.Mobile.Services.IMobileMetadataService" />
      </service>
      <!-- ... -->
    </services>
    <!-- ... -->
  </system.serviceModel>
  <!-- ... -->
</configuration>

    If you want to run the application’s production version using the Web client, enable a cashing for this service instead of service excluding. This reduces the server load and increases the application’s startup speed in the browser. To do this, modify the MetadataService.svc file…

    using DevExpress.ExpressApp.Mobile.Services;
// ...
public class MetadataService : MobileMetadataService<MySolutionMobileApplication> {
    [System.ServiceModel.Web.AspNetCacheProfile("AppConfigCache")]
    public override System.IO.Stream AppConfig(string dataServiceUrl) {
        return base.AppConfig(dataServiceUrl);
    }
}

    …and add the following configuration snippet to the Web.config file in the Mobile application project:

    <configuration>
  <system.web>  
    <caching>     
      <outputCacheSettings>
        <outputCacheProfiles>
          <add name="AppConfigCache" duration="2147483647" varyByHeader="Accept" varyByParam="dataServiceUrl" />
        </outputCacheProfiles>
      </outputCacheSettings>
    </caching>
    <!-- ... -->
  </system.web>
  <!-- ... -->
</configuration>

  4. Enabling Compression

    Enable HTTP Compression for your IIS hosting to decrease Internet traffic. Note that HTTP Compression can increase server-side CPU usage.

    To enable this feature, follow the steps below:

    • Enable Dynamic Content Compression as described in the HTTP Compression article.

    • Ensure that in the overrideModeDefault parameter is set to Allow in the %windir%\System32\inetsrv\config\applicationHost.config file. This allows the httpCompression element to change.

      <configuration>
  <section name="httpCompression" allowDefinition="AppHostOnly" overrideModeDefault="Allow" />
  <!-- ... -->
</configuration>

    • Add the following configuration snippet to the Web.config file in the Mobile application project:

      <configuration>
  <system.webServer> 
    <httpCompression> 
      <dynamicTypes> 
        <add mimeType="application/json" enabled="true" /> 
        <add mimeType="application/octet-stream" enabled="true" /> 
      </dynamicTypes> 
    </httpCompression>
    <!-- ... --> 
  </system.webServer> 
  <!-- ... -->
</configuration>

  5. Limit the number of entities a DataService returns

    Enable Paging in the DataService.svc file in the Mobile application project as shown in the code below. This code demonstrates how to set the Contact objects’ limit to 20 on one page.

    using System.Data.Services;
using DevExpress.ExpressApp.Mobile.Services;
// ...
public class DataService : MobileDataService<MainDemoMobileApplication> {
    public new static void InitializeService(DataServiceConfiguration config)
    {
        MobileDataService<MainDemoMobileApplication>.InitializeService(config);
        config.SetEntitySetPageSize("MainDemo_Module_BusinessObjects_Contact", 20);
    }
}

  6. Limit the number of requests a DataService processes simultaneously

    Add the following code snippet to the Web.config file in the Mobile application project to use the ServiceThrottlingBehavior in your application to control DataService performance:

    <configuration>
  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceThrottling maxConcurrentCalls="1" maxConcurrentSessions="1" maxConcurrentInstances="1" />
          <!-- ... -->
        </behavior>
        <!-- ... -->
      </serviceBehaviors>
      <!-- ... -->
    </behaviors>
    <!-- ... -->
  </system.serviceModel>
  <!-- ... -->
</configuration>
See Also