Authorization in SSRS

Authorization can be achieved by assigning roles to the users.

Types of role

Build reports using report builder

Report Builder is a report authoring tool for business users who prefer to work in stand alone environment instead of using Report Designer in the visual studio environment. 

SQL Injection

 Sql injection occur when untrusted data is sent to an interpreter as a part of a command or query. The attacker's hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization

Why SQL injection matters

Enable static caching in web.config

Why do we need static caching?

Contents like css, javascript which are static would be stored in browser memory for future processing. which would yield enormous performance improvements 

Advantages of specifying in web.config

•  If we are on shared hosting and can't configure IIS directly
•  want our config to carry between all environments we target.

CacheControlMaxAge : is the time interval the content would be cached. In the example below the static content would be cached for an year

<system.webServer>
    <staticContent >
      <clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="365.00:00:00"/>
    </staticContent>
   </system.webServer>

Performance report before caching

Peformance report after caching

Note: The primed cache size reduced to 1k from 13.8 k , Score increased by 4 points ( 94 to 97)

Enable Gzip compression in web.config

We can enable GZIP compression entirely in your Web.config. 

Why do we need GZIP compression ?

Minimize the total size the browser needs to download which would increase performance

Advantages of specifying in web.config 

•  If we are on shared hosting and can't configure IIS directly
•  want our config to carry between all environments we target.

<system.webServer>
    <!--Enable Gzip -->
    <urlCompression doStaticCompression="true" doDynamicCompression="true" dynamicCompressionBeforeCache="false" />
   </system.webServer>

Render blocking css

By default css is treated as render blocking resource, which means the browser would hold rendering of any processed content until CSSOM is constructed.

Assume a scenario where the postman comes with a letter and he has to wait for the Gate to open. He cannot deliver the letter till the gate is open

Solution

Media type and media query allow us to mark some resources as non render blocking

Note: we need to move the media styles to 2 separate files ex portrait.css and print.css
we need to reference it with media attribute in the link

The browser would only download print.css when it needs to print

<link href="style.css"    rel="stylesheet">
<link href="portrait.css" rel="stylesheet" media="orientation:portrait">
<link href="print.css"    rel="stylesheet" media="print" >

Parser blocking JavaScript

Why is javascript parser blocking?

When the browser encounters "<script> " it has to pause DOM construction.The reason, the script reference might try to access the css properties.

Assume a scenario where the postman comes with a letter and he has to wait for the Gate to open. He cannot deliver the letter till the gate is open

Solution:

• inline java script. 

      Note:With this approach we would end up with redundant code

•  Load javascript after onload event

<script type="text/javascript">
function deferOnload() {
var element = document.createElement("script");
element.src = "defer.js";
document.body.appendChild(element);
}
if (window.addEventListener)
window.addEventListener("load", deferOnload, false);
else if (window.attachEvent)
window.attachEvent("onload", deferOnload);
else window.onload = deferOnload;
</script>

• Deferred loading by moving javascript reference to the bottom

       Note: We might have to have script reference at the top

        ex: Google analytics

• Deferred execution with "async "   .It tells the browser that it does not have to block DOM construction when it encounters script tag and it does not block on CSSOM

<script src="demo_async.js" async></script>

SPA web application architecture

• Single page web applications deliver the sleekness and fluidity of native desktop application in a browser
• Usually all necessary code is downloaded including HTML,CSS and JavaScript , Appropriate resources are downloaded based on the need (usually data through ajax call)

Solution architecture

• Is a practice of defining and describing an architecture of a system delivered in context of a specific solution
• Key methods by which solution architects define value to the organizations
• A solution architecture typically applies to a single project or project release

Overview of SQL-RD

• is an application for Windows that saves time and money by making it easy to define single or packages of Microsoft® SQL RS reports
• Schedule and run reports automatically, and send them to print, fax, disk, ftp, sms or email in a number of standard formats

Cache buster for IIS

Optimizing a web site includes specifying a long expiration headers.If we do this we need to make sure we have a cache buster


Drawback : If there is a change in the cached files the browser would not take the latest version.

Minify css files using Grunt

Grunt-contrib-cssmin

Need : 

• We can remove unwanted space and reduce the size of css sent across the network
• Minification will provide an additional 6-16% lower file size.

I used to use yahoo compressor and also used asp.net minification

However I like grunt 
reason

• Physical file are created at compile time
• Grunt provides thousands of useful plugins ex: To convert less file to css

Concat css files using Grunt

Grunt-concat-css

Need : We can reduce the no of http request to the server which would directly improve performance

Configure Log4net in 5 minutes

Steps

1. Install log4net using nuget package manager