This year I had the opportunity to experience Kentico Connection Orlando with some of the top Kentico experts in the world. My colleagues and I joined hundreds of likeminded Kentico enthusiasts, partners, and clients to learn about the new enhancements in Kentico 9, best practices in a variety of areas, get hands on experience, and meet one-on-one with Kentico engineers and marketing experts. In the first part of this two part series I will summarize some of the important topics covered the developer track, while my colleague and Kentico marketing expert, Jessica Lago, will cover the Marketing track in her post Why Marketers Should Be Excited for Kentico 9.
David Komarek and Radek Pribyl talked about the advances Kentico has made in supporting MVC in Kentico 9. By using MVC with Kentico, developers will have more control over what is rendered, and the code and user interface has more separation. Although Kentico's MVC application splits the administration from the live sites, the preview option that editors love is still available within the administration. In addition, Kentico's MVC packages will be available open source! For more information on MVC in Kentico 9 check out David Komarek's article A Fresh Start For MVC In Kentico 9
Marek Fesar discussed the advantages of developing custom modules for Kentico, and briefly covered module development best practices. Modules are powerful because they are reusable, easy to deploy, and packageable. In Kentico 9, module development has become more streamlined. The manual steps that were required to deploy a custom module in v8 are no longer, now all you have to do is install the package via NuGet and rebuild your solution! Since modules are a combination of many things including web parts, classes, custom code, etc., Kentico 9 has made life easier by providing a way for developers to see all of the file names associated with the module during packaging so that the developer can be sure that nothing is missing. If that’s not enough, the brilliant engineers at Kentico also included a way for developers to uninstall their modules so that they can properly test the installation of the module.
Kentico's technical evangelist and Azure expert, Bryan Soltis, shared the benefits of deploying Kentico to Azure and some of the many features Azure provides. While the initial setup may be somewhat of a struggle for an inexperienced Azurian, Azure’s many features make it well worth it. Development and deployment are simplified for all sites, auto scaling is provided and efficiently handles unexpected popularity. There is a user interface for web app settings. Logging of specific events can be set and stored to designated accounts, and all source code and the DB can be automatically backed up to Azure. Azure also offloads search and provides a cloud hosted service using a REST API. Developers can customize how the search works including highlighting, sorting, rating, and filtering customizations. A treasure trove of information and tips on deploying Kentico to Azure can be found on Bryan’s blog.
Michal Kadak introduced more significant advances with Kentico 9, Continuous integration and continuous delivery. As developers, we all understand the frustration associated with integrating code changes from multiple people and the time consuming bug hunting that follows. Kentico has provided an ingenious solution to this problem by enabling continuous integration (CI) with multiple development environments and multiple databases. A CI server is provided, which will rebuild the solution, run tests, and check the solution. All of the objects are serialized to XML , making collision resolution simple, and changes made are via source control. The CI repository supports adding, updating, and deletion of many of the most used Kentico objects and support for more objects will be provided in the future. While TFS and GitHub are the only repositories tested with Kentico CI, all versioning systems should be supported since everything is serialized to XML.
Virgil Carroll, Founder at High Monkey, talked about responsive design best practices in Kentico. In many cases, responsive design affects the administrative interface. Developers can fix this by overriding the .DesignMode and/or .EditMode classes in the body. Virgil also suggested that responsive design settings should be placed in the HTML envelope of the editable region web part instead of the template so that the formatting of the WYSIWYG box isn’t negatively impacted. Images are another area that can affect load time, the best way to deal with large images is to compress and shade them. Shading allows the image to be more compressed without appearing pixilated. Different image sizes should also be used for different screen sizes. Developers should make use of Breakpoint Tester to view their pages on different screen sizes, and BrowserStack to view their pages in different browser types. For more info on responsive design best practices, download Kentico's Responsive Design Whitepaper.
Content best practices
David Komarek and Radek Pribyl playfully bantered on content best practices and touched on some common scenarios they find with Kentico implementations. When creating a nested menu for a site it is best to use the hierarchical viewer web part. This web part just does 1 query to the database, which is good for performance. Also the developer can use different transformations for each level using the SubLevel placeholder. The CSS List Menu is also a good web part to use, but it is less customizable. Another great way to improve performance is to limit columns when using a repeater. It is also important not to forget to take advantage of Kentico’s caching and properly use the cache dependencies so that the cache is cleared when that web part’s content is updated. Another common misuse of Kentico was adding media files to the content tree. The content tree was not designed to handle media files. Instead the media library should be used since it stores the files in the fle system instead of the database. The content tree handles up to 1000 items per node, and a total of 100,000 items for the whole content tree. It is also important not to forget to set the scope so that the editors are limited in which page type they can add to a specific node and/or don’t have to go searching or guess at which page type they need to use.
Marek Fesar gave a very important talk on security best practices in Kentico to prevent SQL injection attacks and cross-site request forgery. One of the top threats is SQL injection, which can provide hackers with access to your database allowing them to view and modify database contents. By simply entering an apostrophe into a search box or HTML parameter the hacker can tell if your site is vulnerable. If a server error appears then the hacker will attempt to gain access to the database by ending your query and adding in their own via trial and error. To protect against SQL injection in Kentico it is important to validate the data for type, length, and/or format. Kentico also provides methods to protect against SQL injection using their API. SQLHelper.EscapeQuotes and SQLHelper.EscapeLikeText provide additional security. It is also important that developers take action to prevent cross-site scripting by using Kentico’s built in methods, encoding macros, and transformation data output.
Transitioning from 8 to 9 – What developers need to know
Kentico MVP Brenden Kehren discussed the changes made in Kentico 9 that developers need to be aware of. As always, major and minor upgrades need to be done in order. API changes should be expected in major upgrades, and may also be seen with minor upgrades. The upgrades install base site files which should be removed after. Be sure to check Kentico DevNet for version 9 API changes. Don’t forget to check out Kentico’s upgrade tools to make the process smoother. The code upgrade tool will analyze Kentico projects & help convert the custom code to version 9. The Kentico installation manager works great for upgrading & can be used for hotfixes. Some notable API changes are found in the following: Online marketing, web farm, E-Commerce. Also some web parts have been depreciated but will only be removed on new installs. Several web.config keys were removed, many database columns were removed and may break some transformations. SQL views have been changed or removed, CMSList connection has been removed and standard .NET collections should be used in it's place. The TreeNode DataSet has also been removed. Some notable new features include a faster admin interface, and continuous integration. There is also a tool that tells developers where web parts, form controls, and widgets are used.